Overview
Logsign USO Platform is a comprehensive SIEM product that provides comprehensive visibility, investigation and detection of threats. Logsign USO Platform improve security in different use cases within an organization, or facilitate compliance with data protection regulations such as GDPR, PCI DSS, or any other regulation requires a SIEM that has automated and scheduled reports and continuously logs without loss. In this whitepaper, we will show how Logsign USO Platform can help facilitate compliance with the SAMA Cyber Security Framework by detecting threats both inside and outside your organization and making the compliance management easy and rapid in your organization with more than 1,200 comprehensive reports pre-prepared for global regulation and control frameworks.
In May 2017, The Saudi Arabian Monetary Authority (SAMA) introduced to us a cyber security framework that aims to make all financial institutions regulated by SAMA (the Member Organizations) have the ability to manage and withstand cyber security threats. These institutions have many types of frameworks that can handle their requirements in different fields. Still, this framework based on SAMA requirements and industry cyber security standards, such as NIST, ISF, ISO, BASEL etc. will effectively identify and address risks related to cyber security to maintain the protection of information assets and online services against unanticipated threats.
Applicability Of The Framework
This framework is applicable to all Member Organizations regulated by SAMA, including:
- All banks operating in Saudi Arabia.
- All insurance and/or reinsurance companies operating in Saudi Arabia.
- All financial services companies operating in Saudi Arabia.
- All credit bureaus operating in Saudi Arabia.
- The financial market infrastructure.
The Objectives Of The Framework
- Create a common approach to address cyber security within SAMA Member Organizations.
- Achieve an appropriate level of maturity of the cyber security controls for the Member Organizations.
- Ensure that cyber security risks are properly managed in all Member Organizations.
The Framework Structure and Features
The Framework is structured around four main domains as followed:
1- Cyber Security Leadership and Governance.
2- Cyber Security Risk Management and Compliance.
3- Cyber Security Operations and Technology.
4- Third Party Cyber Security.
For each domain, several subdomains are defined. A subdomain focusses on a specific cyber security topic. Per subdomain, the Framework states a principle, objective and control considerations.
The figure here will show you the overall structure of the Framework and indicates the cyber security
domains and subdomains.
SAMA Cyber Security Maturity Levels
SAMA CSF is using the Cyber Security Maturity Model to measure its maturity level. The cyber security maturity model distinguishes 6 maturity levels (0, 1, 2, 3, 4 and 5), where you can find a detailed information about each level in the figure below:
Note: For each Organization especially the SAMA Member Organizations, they must operate at least maturity level 3 or higher to achieve an appropriate level of maturity.
How Logsign USO Platform Solutions Can Help Organizations to adopt the SAMA framework
Logsign USO Platform can manage events data from any IT source at any time. Managing the volume of data is also available with the Data Policy Manager, eliminating the need to consider the storing volume. After normalization, Logsign USO Platform enriches the data with user identity and behavior techniques. It also indexes all data for security analytics and visualization. Logsign USO Platform detects security incidents in real-time via built-in alerts, correlation rules, and advanced investigation capabilities. Detecting internal and external threats, threat hunting, and behavior analysis enable security teams to see what is hidden and provide understandable, actionable outcomes. The most important feature that Logsign USO Platform also allows you to take your action against all these threats where these actions also can be automated.
Here, we will explain how Logsign USO Platform Capabilities can interact with SAMA CSF main domains and subdomains:
1- Cyber Security Leadership and Governance
- Cyber Security Policy (3.1.3)
Logsign USO Platform has 500+ built-in integrations and vendor-free integration capabilities where you can forward your data in any volume you want by controlling it with the Data Policy Manager meeting the subdomain CS Policy of SAMA CSF. Logsign USO Platform allows to automatically protect information on file servers, document managers, email, etc. reporting possible incidents.
- Cyber Security Roles and Responsibilities (3.1.4)
Using the 500+ Predefined Correlation Rules that Logsign USO Platform provide for you, you can judge and determine the threats easily and having the action after determining it will make you have a full control over your data. Doing this rapidly is also important because as we all know taking action after it is too late will not help, for that Logsign USO Platform has a HDFS Based Active-Active NoSQL Architecture that allows you to do all these actions in couple of seconds where you can achieve the other subdomains of the Leadership and Governance.
2- Cyber Security Risk Management and Compliance
- Cyber Security Risk Management (3.2.1)
Logsign USO Platform has a full option risk management tool that can let the organizations analyzes and visualizes their data. In addition, Logsign USO Platform offers many features that automate and facilitate incident response. It offers an incident management and response solution prepared with one-click fast response, ready-made analysis cards and MITRE Matrix approaches.
- Compliance with international standards (3.2.3)
Traceability and monitoring data using 100+ Predefined Dashboards and 1000+ comprehensive reports pre-prepared for global regulation, allows to help comply with international standards in the financial field where we can meet SAMA CSF in its 3.2.3 subdomain.
3- Cyber Security Operations and Technology.
- Human Resources (3.3.1)
Logsign USO Platform does not depends on persons because it has a system that can handle all organiztions issues without human touch. so, by using Logsign USO Platform you can have ability of accessing all data that persons where controling, even you can check and see if that people are trying to access the system or not because Logsign USO Platform makes the revokeing of the access rights to the data possible all the time.
- Identity and Access Management (3.3.5)
CS operations has many subdomains as we saw in the figure above. Asset Management and Identity and Access Management subdomains meeting Logsign USO Platform in many ways. By using Logsign USO Platform LDAP integration, access to data can be modified in real time by limiting access to information (only view, edit and copy etc.) and who can or cannot access the information. Access revocation can be done by document, by user, user group, access dates, access IP, etc. Access to the data is linked to the identity of the user, leaving a record of access attempts or blocked access at all times.
- Bring Your Own Device (3.3.10)
Using Logsign USO Platform is not limited for the corporate infrastructure or devices, you also can use it for your company devices (PCs, laptops, mobiles) of company users or third parties.
- Cyber Security Event Management (3.3.14)
Logsign USO Platform SIEM is a feature-rich Event Managment product provides comprehensive visibility and control of your data lake. The product allows unlimited log collection and storage, investigation and detection of threats, and response automatically. Blocked access attempts, use of information, access IPs, user identities, etc. they can be sent to Logsign USO Platform and managed from a well experienced SoC that can help all the time.
- Threat Management (3.3.16)
On the other hand, Logsign USO Platform rapidly investigates hidden threats, IoCs and suspicious attack vectors combining global threat intelligence data, it also uses internal threat source feeds to risk prioritization. 40+ Threat Intelligence Feed Lists support Logsign USO Platform SIEM Threat Intelligence Services.
4- Third Party Cyber Security.
- Cloud Computing (3.4.3):
Organizations can control security on their network, but sometimes we need to control also third party’s networks. Logsign USO Platform has many Third Party investigation tools integrations such as AbuseIPDB, VirusTotal and IBMXForce. Security Devices and Ldap integrations are available also to be used. For the Cloud Computing, Logsign USO Platform can provide many cloud secure integrations where the provider is being compromised. The data can only be accessed by the individuals designated in the security policy, regardless of where the data is stored.
Summary
Logsign USO Platform solution provides the most practical, complete, and scalable approach to make any Organization adopt the SAMA framework by implementing comprehensive layers of security, control, and monitoring services. Logsign USO Platform will help also effectively identify and address risks related to cyber security against different types of threats.