Network Management Automation

 

 

 

Sooth Helps Customers with Compliance

 

Sooth, Inc.

 

Firms that process credit card transactions, manage healthcare information, and personal identification information are subject to regulations and accepted standards including: PCI/DSS, Sarbanes-Oxley (SOX), SAS70, ISO, and HIPAA.   Nearly all organizations must comply with one or more of these regulations/standards.  Their computer networks are quickly becoming a focal point of the regulations/standards and face tight scrutiny during compliance audits.  While PCI DSS security standards are the most stringent for non-military organizations, aiding compliance to PCI DSS will directly benefit the process for FIPS, other US DoD and MILSPEC standards in addition to those above.

 

For specific PCI/DSS compliance benefits, see page 3 of this document.

 

Compliance requirements are increasing, primarily because enforcement is increasing.  This year HIPAA enforcement increases on a schedule set forth in the original legislation.  Also, PCI/DSS compliance is now more stringently enforced by the credit card companies, which are revoking the processing privileges of those that do not comply, with devastating financial affects.


Sooth's product, SEER™, collects the technical information from network devices that is necessary to demonstrate compliance.  This can be done in short order, less than two hours for average sized networks.  It can also be done at any time, with no more effort than a click of a mouse.

 

Customers that do not currently have a fast, safe and accurate way of gathering this information have to rely on manual methods that can take weeks to complete each time.  Traditional network management software tools can only reduce that effort, not eliminate it. Sooth’s products reduce the effort to near zero, and make the information continually available, updated on-demand, and without any IT staff effort to generate it.  Moreover, Sooth’s products can help to more easily demonstrate network segmentation, which can reduce the scope, and therefore the cost, of an audit.  Sooth's product SUPERVISOR™ performs on a regular basis technical tasks necessary to comply with regulations and best practices.

Customers that are required to change passwords quarterly under SOX can now reduce the level of effort required from weeks to hours.  Demonstrating enforcement of change and configuration management policies and other best practices is also less costly when changes affecting Cisco® infrastructure devices are controlled by automation, rather than by multiple IT technicians. Sooth products can enforce encryption policies, reduce the number of people required to have secure access, and improve the ability to separate duties appropriately for compliance.

Sooth’s products complete these tasks at machine speed, quality and accuracy – repeatedly.

  

Sooth’s products, without intervention:  

  • enforce firewall configuration, as well as access lists, run-state, and configuration for all Cisco® IOS devices
  • securely conduct federally mandated password resets
  • provide supportequivalent to a team of technicians, 24x7x365, performing the majority of required Cisco® network management tasks
  • improve the speed, quality and accuracy of data gathering to levels unattainable by traditional methods
  • enable organizations to allocate more time and effort to improvements and service, instead of operations and compliance
  • safely provide current Cisco® IOS device information multiple times daily (if desired), without risk to the running network.

 

More specifically, Sooth products greatly simplify compliance in the following ways:

PCI DSS:  Sooth’s products reduce the needed scope of the audit required by demonstrating proper network segmentation (see Page 3).

Sarbanes-Oxley:  Sooth provides information required for quarterly statements and automates actions mandated quarterly, such as password resets

HIPAA:  Sooth not only helps to demonstrate direct control, but also automates the management of interaction with the myriad of third-party provider networks, and enables its customers to ensure enforcement of their standards for interaction with third-party networks, one of the greatest risk points for these widely connected and distributed networks

ISO:  Sooth provides information and automated actions to eliminate IT staff effort for the management of network infrastructure (specifically including routers, firewalls, switches, load balancers, voice and video gateways, and others). ISO is the standard from which most other standards are derived; for ISO27001/27002, or the older 17999 standard.

                                                                                                                                      

The table below shows how Sooth Automation aids compliance with PCI/DSS requirements.  

 

                                                                                                   

©Sooth, Inc.
2009 All Rights Reserved


Sooth, Inc. has developed sophisticated automation technology to automate tier 1 and tier 2 network management tasks for Cisco® networks while applying best practice standards, methods and procedures to take control of most aspects of network management.  Sooth’s products SEER™ and SUPERVISOR™ are patent pending.  For more information, please see www.sooth.us.

 

SOOTH PCI DSS DASHBBOARD

PCI DSS Requirement How Sooth Technology Helps Sooth Product(s) Some Help Great Help Comments
Requirement 1: Install and Maintain a firewall configuration to protect data SUPERVISOR™ provides a firewall template consistent with best-practice from Cisco. Customers may also use their own template. Supervisor applies and enforces configuration consistently with automation. Supervisor prevents most un-authorized configuration  SEER™ makes gathering audit data a snap SUPERVISOR makes demonstrating enforcement easy     SUPERVISOR™ provides not only the template, but a visible testing and demonstration process for auditors. 1.1.1 The formal process terminates with an approved person submitting the approved job to SUPERVISOR, after which it is scheduled according to the a
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters For Cisco® IOS devices, SUPERVISOR™ can automatically reset passwords, saving days or weeks of time for staff each quarter. Also, Seer is fast enough to make quarterly scans practical several times daily, improving the value of the data from 'compliance'  SEER™ helps demonstrate compliance to an auditor. SUPERVISOR™ automates enforcement for Cisco IOS devices.      2.2.4 The initial 'baselining' of a device by SUPERVISOR™ is the first opportunity to eliminate extraneous configuration, but there is always the chance to run a job to 'clean up' configs via SUPERVISOR across the network, at any point desired. 
Requirement 3: Protect stored cardholder data Sooth technology protects all the Cisco® IOS devices that provide access to cardholder data. SEER™ and SUPERVISOR™      
Requirement 4: Encrypt transmission of cardholder data across open, public networks Sooth technology helps to ensure the consistent application of encryption configurations to all Cisco IOS devices. SEER™ and SUPERVISOR™     4.1 SUPERVISOR provides a means of demonstrating enforcement.
Requirement 5: Use and regularly update anti-virus software Not applicable. However, Sooth technology makes it far less likely that an attacker will ever get that close to users, unless users infect themselves. SEER™ and SUPERVISOR™      
Requirement 6: Develop and maintain secure systems and applications SUPERVISOR™ keeps the Cisco® IOS network as safe as the configurations developed by the human administrators. SUPERVISOR™     Sooth provides templates for multiple device roles and types that are compliant in all aspects to all governance requirements, up to the date of publish.  Customers may choose to receive updates to these templates.
Requirement 7: Restrict access to cardholder data by business need to know SUPERVISOR™ can restrict and provide information about Cisco IOS devices only to those people with proper credentials. SUPERVISOR™     7.2 SUPERVISOR™ provides a means of demonstrating enforcement
Requirement 8: Assign a unique ID to each person with computer access SUPERVISOR™ can consistently enforce ID and other credential procedures on all Cisco IOS devices SUPERVISOR™     8.5.8 SEER™ scans prove this 8.5.9-16. SUPERVISOR™ provides a means of demonstrating enforcement.
Requirement 9: Restrict physical access to cardholder data SUPERVISOR™ locks down the Cisco IOS network to protect cardholder data SUPERVISOR™      
Requirement 10: Track and monitor all access to network resources and cardholder data All approved configuration changes go through SUPERVISOR™ and are fully logged SEER™ and SUPERVISOR™     10.1 SEER™ and SUPERVISOR™ provide  a means of demonstrating compliance and enforcement.
Requirement 11: Regularly test security systems and processes Sooth technology provides up-to-date data for test planning to minimize cost and impact on production systems SEER™ and SUPERVISOR™     SEER™ and SUPERVISOR™ make it cost-effective to gather date daily, or multiple-times daily, to test for compliance and enforcement. 
Requirement 12: Maintain a policy that addresses information security Sooth technology represents policy for information security, and enforces that policy automatically for Cisco® IOS devices SEER™ and SUPERVISOR™      

  

Sooth, Inc., 3 Commerce Park Square, Suite 900, Beachwood, OH 44122, ph. (216)862-8637

Copyright ©2009 Sooth, Inc. Sooth - A Network Management Automation Company. All rights reserved.
www.sooth.us is powered by Website Builder © 2003-2009