Security intelligence company LogRhythm has integrated standards from the UAE's National Electronic Security Authority (NESA) into its NextGen SIEM Platform.
LogRhythm has included prebuilt content into its SIEM UAENESA Compliance Automation Suite, to provide real time reporting and alerts to monitor NESA asset categories.
The standards were developed by NESA for government entities in critical sectors in order to protect the UAE's critical data and information infrastructure.
"Cybersecurity is one of the biggest economic and national security challenges countries face in the twenty-first century," said His Excellency Jassem Bu Ataba Al Zaabi, director general, NESA. "The National Electronic Security Authority was established in line with this modern reality and as soon as the Authority was in place, we immediately initiated a thorough review of federal efforts to defend and protect the nation's information and communication technology (ICT) infrastructure. The announcement falls in line with the process we are currently engaged in which puts all necessary policies and standards in place to ensure a comprehensive approach to securing the nation's digital infrastructure.
Compliance with these standards is mandatory for all government organisations, semi-government organisations, and business organisations that are identified as critical infrastructure to the UAE. Not only were the regulations created to keep critical data safe, but also to strengthen the security of UAE cyber assets and reduce corresponding risk levels, protect critical infrastructure, improve cybersecurity threat awareness and foster collaboration at national and sector levels in the UAE.
These regulations are based on the controls and criteria of several existing security standards such as NIST and ISO 27001, but NESA's regulations uniquely identify the control requirements and priorities for providing information assurance to distinct business sectors. The UAE-NESA standards consists of 188 security controls which are divided into two families, management and technical security controls.
"LogRhythm's technology will enable NESA to enhance security workflow with robust case management and automation playbooks, save time with prebuilt artificial intelligence (AI) Engine rules and alerts mapped to UAE-NESA controls and fast and granular customization capabilities to fit your organization's unique IT environment and policies," explained Mazen A. Dohaji, regional director for the MENA region at LogRhythm.
LogRhythm's UAE-NESA Compliance Automation Suite provides prebuilt content - all automatically associated with the correct UAE-NESA asset categories, namely correlation rules and alarms, investigations that dive deep into data for review and analysis and summarized as well as more detailed reports.
"This suite enables NESA to identify areas of non-compliance in real time with prebuilt investigations and alarms that allow for immediate analysis of activities that impact an organisation's critical systems," continued Dohaji. "Proving compliance is easy with reports that can be scheduled or run on-demand."
Incident response is a core aspect of this suite. The correlation rules and investigations are specifically designed to work with LogRhythm's case management capabilities to expedite user's response to threats and compliance violations. Users can easily add forensic evidence to cases and centralize evidence for authorities to review. Additionally, dashboards can be created and customized according to the needs of the organisation's own UAE-NESA compliance program.