Cybersecurity Risks of Hardware Supply Chain Attacks on Mobile Devices: The Invisible Threat
ISEC7 SPHERE
A customizable and versatile technology agnostic platform for all your digital workspace and security needs.
ISEC7 Sphere enables organizations to manage and monitor their entire digital workplace infrastructure and network, and quickly identify and resolve issues — from one web-based, central console. With support for over 200,000 endpoints, ISEC7 SPHERE streamlines the administration of even the most complex infrastructure, regardless of the diversity of UEM systems, servers, networks, and applications. The solution retrieves data from all the company’s systems and presents them on one dashboard. With only one system to manage, issues are identified and resolved faster, requiring less IT staff with a significant impact on the operational cost.
ISEC7 SPHERE – STIG Compliant
ISEC7 SPHERE is often compared with security information and event management (SIEM) solutions. Event log monitoring and management is only one integral component of ISEC7 SPHERE, which is used to collect, aggregate, correlate, and analyze security event data from CSfC components. Data is sent to (Syslog) or collected (SNMP, API, WMI, PowerShell, etc.) from ISEC7 SPHERE from the following sources: hardware devices, virtual machines, security appliances, and software and services running within the solution network(s).
KEY BENEFITS
-
Cross network monitoring
-
Increased data confidentiality, integrity, and availability
-
Greater visibility of security-related network events
-
Improved network resilience, despite the ever-changing cyber threat landscape
-
Easier tracking of hardware and software information technology assets throughout the enterprise
-
Enhanced support for organizational change management processes
-
Immediate notifications
-
Incident triage handling & Optimization
-
Compliance Management
-
Flexibility & Future-proofing
ISEC7 SPHERE – STIG Compliant
An Enterprise Technology Intelligence Platform (ETIP) for Digital Workplace Monitoring and Management to Reduce the Cost of Downtime and Improve Operational Efficiencies
The ISEC7 SPHERE enables organizations to monitor their entire mobile infrastructure and network, and quickly identify and resolve issues—from one web-based, central console.
-
Centralized control provides large time-savings & reduction in operational costs
-
Get early detection of point-of-failures to reduce the cost for downtime & increases productivity
-
End-to-end visibility results in a better user experience & less helpdesk calls
-
Mitigate security risks & monitor compliance to avoid expensive fines
-
Detect weak network connections to plan future investments
ISEC7 EMM Suite/ISEC7 SPHERE STIG Version 2 Release 1 (STIG detail)
Department of Defense (DoD) Instruction 8500.01 directs that the Defense Information Systems Agency (DISA) “develops and maintains control correlation identifiers (CCIs), security requirements guides (SRGs), security technical implementation guides (STIGs), and mobile code risk categories and usage guides that implement and are consistent with DoD cybersecurity policies, standards, architectures, security controls, and validation procedures, with the support of the NSA/CSS, using input from stakeholders” and DoD Component heads “ensure that all DoD IT under their purview complies with applicable STIGs, security configuration guides, and SRGs.”
STIG supported versions:
ISEC7 SPHERE v20.x - latest release 20.5.0
Remark: Apache Tomcat 8.5.x changed to version 9.0.x in latest release 20.5.x - review Apache Tomcat 9.0.x STIG
ISEC7 CLASSIFY an ISEC7 SPHERE Enhanced Email Client & Classification Marking Solution
- Microsoft Outlook Desktop and Online Add-in v1.x - current release 1.0.11
- Microsoft Word Desktop and Online Add-in v1.x - currently in BETA
- ISEC7 MAIL (previously ISEC7 Mobile Exchange Delegate)
for Android v1.x - latest release 1.9.9
for IOS v1.x - latest release 1.9.8
Receive alerts within ISEC7 SPHERE and disseminate notifications on Common Vulnerabilities and Exposures for impacted software versions in your environment. SPHERE will provide information on the relevant CVE and mitigation details and update once a patch has been applied, ensuring that your infrastructure is up to date with the latest compliant software versions.
Example of CVE monitoring results for an affected Ivanti EPMM server under ISEC7 SPHERE.