ISO 27001 Manufacturing Compliance

Protection from Malware; Logging and Monitoring: A.12.2 & A12.4 

A.12.2.1 Controls against malware – Detection, prevention and recovery controls to protect against malware shall be implemented, combined with appropriate user awareness.

A.12.4.1 Event logging – Event logs recording user activities, exceptions, faults and information security events shall be produced, kept and regularly reviewed.

A.12.4.2 Protection of log information – Logging facilities and log information shall be protected against tampering and unauthorized access.

A.12.4.3 Administrator and operator logs – System administrator and system operator activities shall be logged and the logs protected and regularly reviewed.

A.12.4.4 Clock synchronization – The clocks of all relevant information processing systems within an organization or security domain shall be synchronized to a single reference time source.

The Blumira platform detects malware and other malicious activity. Blumira Agent monitors the security of remote endpoints, and can be used to isolate hosts in the event a critical priority issue associated with those endpoints is detected. This helps prevent the spread of malware. including ransomware, until an organization can further investigate and remediate.

The Blumira platform integrates with systems and services to collect, centralize, and analyze event logs, including those that record user activities and information security events. These logs are retained for up to one year, with additional options available for longer periods, to help with forensic investigation and historical log analysis.

Blumira protects log data both in transit and at rest, ensuring that attackers cannot gain access to log archives to read data without the appropriate keys. The Blumira log database is only accessible to internal Blumira services and parties that require access. Blumira maintains raw log data while tracking and identifying log messages to ensure data integrity and validation.

Through periodic review and internal processes, Blumira validates that incoming logs have not been tampered with, while alerting customers if any audit logs are cleared. Blumira can also provide alerting for FIM (file integrity monitoring) technologies when changes are determined.

Blumira also offers  an authoritative time source by attaching our own time of parse to every log entry. This allows us to know the correct UTC time provided by Google Cloud Platform NTP (network time protocol) servers. Blumira moves times to UTC, validates times found in log files against known current UTC time, and converts time from local to UTC. If this is not possible, we mark the log as an outlier, helping analysts and organizations query for any logs that don’t meet expected times.

Communications Security: A.13 

A.13.1.1 Network controls – Networks shall be managed and controlled to protect information in systems and applications.

A.13.2.1 Information transfer policies and procedures – Formal transfer policies, procedures and controls shall be in place to protect the transfer of information through the use of all types of communication facilities.

A.13.2.3 Electronic messaging – Information involved in electronic messaging shall be appropriately protected.

Blumira monitors access to networks and data where relevant and possible, based on incoming data from integrations with other security solutions such as firewalls, identity and access management, endpoint protection, servers, and cloud infrastructure.

Blumira also monitors traffic coming in and out of networks; detecting, alerting and helping organizations respond to suspicious events like anonymous network traffic on a corporate network that could indicate data exfiltration or malicious activity.

Blumira detects patterns of attacker behavior and techniques used in brute-force and advanced ransomware attacks, alerting and helping organizations respond in a timely manner. Blumira alerts organizations to any insecure protocols being used to transfer information like File Transfer Protocol (FTP) and Telnet.

Information Security Incident Management: A.16 

A.16.1.1 Responsibilities and Procedures – Management responsibilities and procedures shall be established to ensure a quick, effective and orderly response to information security incidents.

A.16.1.2 Reporting information security events – Information security events shall be reported through appropriate management channels as quickly as possible.

A.16.1.5 Response to information security incidents — Information security incidents shall be responded to in accordance with the documented procedures.

A.16.1.6 Learning from information security incidents – Knowledge gained from analyzing and resolving information security incidents shall be responded to in accordance with the documented procedures.

A.16.1.7 Collection of evidence – The organization shall define and apply procedures for the identification, collection, acquisition, and preservation of information, which can serve as evidence.

The Blumira platform analyzes, detects, and sends alerts to IT teams on information security events, incidents, and potential weaknesses, providing all of the relevant data needed to help them investigate, manage, and improve information security for their organization. These alerts or findings are prioritized by criticality to ensure IT teams know what to focus on first.

To enable quick, effective, and orderly responses to information security incidents, findings include pre-written response playbooks that instruct IT teams on next steps toward remediation. Blumira Agent,a lightweight endpoint agent, facilitates the immediate containment of endpoint-related threats by isolating the endpoint from communicating with the network.

The Blumia platform also provides pre-built reports of security events that can be scheduled to send to responders/managers periodically to report on security trends. Notifications can be configured to alert IT teams by email, voice, and/or text. Blumira detection rules send alerts within a minute of initial event detection to help IT teams respond to incidents faster and help prevent a breach.

Reporting and log data retention on Blumira keeps a history of security events for an organization to help them learn from information security incidents, as well as provide a way for them to collect and preserve information that can be used as evidence to help with the incident response and recovery process.

Compliance: A.18 

A.18.1 Compliance with legal and contractual requirements – Objective: To avoid breaches of legal, statutory, regulatory, or contractual obligations related to information security and of any security requirements.

A.18.1.3 Protection of records – Records shall be protected from loss, destruction, falsification, unauthorized access, and unauthorized release, in accordance with legislatory, regulatory, contractual, and business requirements.

The Blumira platform protects log data records from tampering to ensure they cannot be altered and to preserve their integrity and confidentiality.

All Blumira data is encrypted and accessible only through role-based access controls. Blumira maintains raw log data while tracking and identifying log messages to ensure data integrity and validation.

Through periodic review and internal processes, Blumira validates that incoming logs have not been tampered with, while alerting customers if any audit logs are cleared to help protect them from modification by attackers or insiders that may want to hide their activity.