Professional Documents
Culture Documents
Security Roadmap
Where applicable, vendors are listed in (RED) below the control’s summary access, and utilize home-grown
backups on a regular basis.
to denote companies that have produced a tool to partly or fully automate an element of the scripts or third-party log analysis
critical security controls. In order to qualify for this distinction, vendors had to comply with the following requirements: tools to analyze information.
1) Turn in a written submission addressing how existing users of the tool employ it to automate part or all of a control.
SUMMER 2010 – 20TH EDITION 18 2) Supply contact information of an end-user from a major organization to attest and verify the tool’s capabilities. 12 Tool (Vendor):
18) Incident Response Security Blanket (Trusted Computer Solutions)
We verify that the client does use the tool to automate that control. Vendors are encouraged to apply, Security Manager (Trustwave)
Capability
and upon meeting the requirements will be added to to the ‘user vetted tools’ webpage at
Define detailed 12) Malware Defenses
www.sans.org/critical-security-controls/user-tools.php
incident response Use built-in administrative
procedures, and
engage in periodic 17 13 features of enterprise end-point
security suites to verify that