Continuous Monitoring

One of the most critical components of an effective risk management program is continuous monitoring. Whether an organization needs to ensure compliance, identify and respond to threats, or track and protect confidential and other critical data, an extensive continuous monitoring capability is a must in order to assess risk posture on a regular basis. Whether there is a need for a real-time purview into networks, applications, or end points; improved risk-based decision making; direct and positive impact on security; or a desire for higher security return on investment (ROI) Patriot is able to assist in an organization’s continuous monitoring initiative.

The importance of continuous monitoring has been highlighted in NIST Special Publication (SP) 800-37, Revision 1, which identified continuous monitoring as one of the six steps in the Risk Management Framework (RMF). NIST Draft SP 800-137 went further to outline a continuous monitoring process flow agencies need to follow:

  • Develop a monitoring strategy
  • Establish measures and metrics
  • Establish monitoring & assessment frequencies
  • Implement
  • Analyze data and report findings
  • Respond and mitigate
  • Review and update

In the private sector, continuous monitoring is taking hold in numerous organizations that are seeking to implement information governance, risk, and compliance (GRC) capabilities bolstered by continuous monitoring of key security controls.

Leveraging its deep relationships with a number of hardware and software vendors, the Patriot Continuous Monitoring service can provide the following benefits:

  • Maintain an accurate picture of an organization’s security risk posture
  • Provide visibility into assets
  • Leverage automated data feeds
  • Allow for quantification of risk
  • Ensure continued effectiveness of security controls
  • Provide automated remediation
  • Enable prioritization of remedies

In addition to assisting federal agencies in establishing the NIST Draft SP 800-137 work flows outlined above, Patriot is able to put into place an entire continuous monitoring program that can include any or all of the following components/phases:

  • Continuous Discovery: Discovering and maintaining near real-time inventory of all networks and information assets including hardware and software; identifying and tracking confidential and critical data stored on desktops, laptops, and servers
  • Continuous Assessment: Automatically scanning and comparing information assets against industry and data repositories to determine vulnerabilities; prioritizing findings and providing detailed reporting by department, platform, network, asset, and vulnerability type
  • Continuous Audit: Continuously evaluating client, server, and network device configurations and comparing with standards and policies; gaining insight into problematic controls, usage patterns, and access permissions of sensitive data
  • Continuous Patching: Automatically deploying and updating software to eliminate vulnerabilities and maintain compliance; correcting configuration settings including network access and provision software according to end-user’s role and policies
  • Continuous Reporting: Aggregating disparate scanning results from different departments, scan types, and organizations into one central repository; automatically analyzing and correlating unusual activities in compliance with regulations

From strategic planning of a continuous monitoring program to its deployment and operation, Patriot is able to assist in implementing a continuous monitoring program that improves risk posture and ensures compliance with regulations and other guidance.

Patriot’s deep experience in security risk software and hardware allows us to bring broad subject matter expertise across a number of vendor platforms. For example, we have current, extensive experience and certifications in the following solutions:

Skybox Security
Check Point