Compliance
Gramm-Leach Bliley (GLBA)
Regulation Summary
The Financial Services Modernization Act of 1999, more commonly known for its authors, Gramm-Leach-Bliley, includes provisions to protect consumers' personal financial information held by financial institutions. As part of its implementation of the GLB Act, the Federal Trade Commission (FTC) issued the Safeguards Rule under section 501(b), requiring financial institutions under FTC jurisdiction to secure customer records and information. The three main objectives of GLBA 501(b) are to:
- Ensure the security and confidentiality of customer records and information
- Protect against any anticipated threats or hazards to the security or integrity of such records
- Protect against unauthorized access or use of such records or information which could result in substantial harm or inconvenience to any customer.
The Federal Financial Institutions Examination Council (FFIEC), comprised of examiners from many different regulatory bodies tasked with GLBA enforcement, has created an Information Security Handbook and an exhaustive set of tests to assess compliance with the Safeguards Rule, including over 20 specifically related to intrusion prevention and detection. The security process recommended by the FFIEC comprises five key areas:
- Information security risk assessment
- Information security strategy
- Implement security controls
- Security testing
- Monitoring and updating
Meeting the Compliance Challenge
The Sourcefire 3D System™ is ideal for helping organizations comply with GLBA. Sourcefire® is the most effective and efficient way to implement the best-practice security guidelines from the FFIEC. With Sourcefire, you can establish, enforce, monitor, and manage the security policies you need to ensure compliance and protect your organization from attack.
Sourcefire Supports FFIEC Security Best Practices
As the enterprise security system for your company, Sourcefire provides the following capabilities critical to network security best practices as described by the FFIEC, and necessary for GLBA compliance:
| FFIEC Guideline |
The Sourcefire 3D Approach |
| Information Security Assessment: Gather data on assets and threats to those assets |
RNA real time passive discovery provides a real time view of what's on the network and maps those hosts against 12,000 known vulnerabilities |
| Security Strategy that includes - prevention, detection, and response |
Sourcefire 3D integrates IPS, NBA, NAC and vulnerability assessment technologies to provide best of breed technical controls satisfying all 3 desired control types |
| Monitor access for policy violations and anomalous activity |
Sourcefire 3D delivers continuous monitoring for security events, anomalous behavior, configuration changes & policy violations, and vulnerability exposure |
| IDS/IPS monitoring of incoming and outgoing traffic |
The 3D System delivers industry leading IPS technology satisfying FFIEC guidelines |
| Hardening: minimum system requirements - disallowing non-compliant activity |
The 3D System enables users to implement baseline configuration policies for endpoints, subnets and networks. The system automates monitoring and enforcement of configuration policy. |
| Security Monitoring: policy violations, anomalous activity, security events |
Sourcefire 3D delivers continuous monitoring for security events, anomalous behavior, configuration changes & policy violations, and vulnerability exposure |
|
