Dallas, Texas, February 4, 2008 – Global DataGuard, the premier provider of Enterprise Unified Threat Management for small and medium business to large enterprise environments today announced that it is offering an end-to-end security solution to help electric utility providers achieve compliance with the North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP) Cyber Security Standards. Based on its sophisticated family of Enterprise UTM security products and services, Global DataGuard’s NERC CIP compliance offering includes managed security and consulting services for risk-based network assessment and auditing, as well as a predictive and adaptive compliance architecture to help utility companies improve and maintain their security and compliance posture while significantly reducing their network security infrastructure’s total cost of ownership.
As the federally designated Electric Reliability Organization (ERO) in North America, NERC maintains comprehensive reliability standards that define requirements for planning and operating the collective bulk power system, as well as ensuring that it is reliable, adequate and secure. Having been approved by the Federal Energy Regulatory Commission (FERC), the CIP Cyber Security Standards will be mandatory in March, 2008 and enforceable across all users, owners and operators of the bulk-power system. These standards will require that users, owners and operators of bulk power systems in the U.S. identify and document cyber risks and vulnerabilities; establish controls to secure critical cyber assets from physical and cyber sabotage; report security incidents; and establish plans for recovery in the event of an emergency.
“Our Managed Security Services and Professional Services align directly with all eight of the CIP Cyber Security Standards, enabling users to easily meet and/or exceed these standards requirements,” stated Dean A. Trumbull, vice president and chief operating officer for Global DataGuard. “In addition, we can map our unrivaled suite of actionable, predictive Enterprise UTM products against the NERC CIP standards – enabling customers in LME, SME and SMB markets to not only cost-effectively meet their unique business needs, but also avoid significant sanctions and penalties for non-compliance.”
The NERC CIP Cyber Security Standards establish minimum requirements to determine compliance across each of the following standards: Critical Cyber Asset Identification; Security Management Controls; Personnel and Training; Electronic Security Protection; Physical Security Program; Systems Security Management; Incident Response and Reporting; and Disaster Recovery.
Superior Technology for Unparalleled Network Security Compliance
Global DataGuard’s extensive experience in supporting organizations working toward improving their compliance posture extends to all aspects of internal and external IT security. It includes behavioral analysis and correlation, security monitoring, vulnerability management, network access control, assessment, training, project management, policies and procedures, and regulatory compliance and audits. The company’s expertise is evident in its advanced Enterprise UTM product family, which utilizes patented behavioral analysis and correlation technology to enable intelligent, adaptive information sharing and correlation of detected threats and alerts with detected vulnerabilities between all security applications and appliances. This technological leap-forward provides organizations with actionable, root-cause information and long-term context to threats, enabling IT departments to obtain early warnings of threats that other products cannot see.
Enterprise-class technology, combined with the company’s world-class Managed Security Services and Professional Services, enables Global DataGuard to address each unique aspect of the NERC CIP Cyber Security Standards. Further, this comprehensive approach allows Global DataGuard to:
- Utilize a risk-based methodology to help customers regularly audit IT systems and identify Critical Cyber Assets;
- Evaluate security management controls and identify gaps in security management programs;
- Review physical security controls and perform assessments, making recommendations for areas in need of improvement;
- Provide full lifecycle device management, including change and configuration management;
- Identify areas of weakness with, and audit the practice of personnel and training policies;
- Perform required annual vulnerability assessments and evaluate a company’s electronic security perimeter to determine CIP compliance;
- Perform ongoing rule-set changes and monitor firewalls for signs of attack;
- Provide detailed web-based reporting through the Global DataGuard Portal;
- Monitor network access points and detect, prevent, deter, and mitigate the introduction, exposure and propagation of malware;
- Help customers develop and implement an Incident Response Plan and ensure that it exceeds minimum CIP requirements for classification, response, reporting, and documentation; and
- Audit recovery plans to identify gaps that should be addressed in order to successfully backup and restore Critical Cyber Assets.
With Global DataGuard’s Enterprise UTM++ security suite and All-n-One Security Module, organizations realize far better network security performance and can achieve full compliance at a substantially reduced cost of ownership. From auditing to technology, process and policy, Global DataGuard takes a holistic approach to ensuring that customers can efficiently achieve and maintain ongoing regulatory compliance within each unique vertical market.