In an effort to support the United Arab Emirates’ cybersecurity outlook and show commitment to the country and the region as a whole, LogRhythm, integrated the UAE National Electronic Security Authority cybersecurity compliance standards and guidelines into its NextGen, Security Information and Event Management Platform. These standards were developed by NESA for government entities in critical sectors in order to protect the UAE’s critical data and information infrastructure.
“Cybersecurity is one of the biggest economic and national security challenges countries face in the twenty-first century,” said His Excellency Jassem Bu Ataba Al Zaabi, Director General, NESA. “The National Electronic Security Authority was established in line with this modern reality and as soon as the Authority was in place, we immediately initiated a thorough review of federal efforts to defend and protect the nation’s information and communication technology infrastructure. The announcement falls in line with the process we are currently engaged in which puts all necessary policies and standards in place to ensure a comprehensive approach to securing the nation’s digital infrastructure.”
Compliance with these standards is mandatory for all government organisations, semi-government organisations, and business organisations that are identified as critical infrastructure to the UAE. Not only were the regulations created to keep critical data safe, but also to strengthen the security of UAE cyber assets and reduce corresponding risk levels, protect critical infrastructure, improve cybersecurity threat awareness and foster collaboration at national and sector levels in the UAE.
These regulations are based off the controls and criteria of several existing security standards such as NIST and ISO 27001, but NESA’s regulations uniquely identify the control requirements and priorities for providing information assurance to distinct business sectors. The UAE-NESA standards consists of 188 security controls which are divided into two families, management and technical security controls.
“LogRhythm’s technology will enable NESA to enhance security workflow with robust case management and automation playbooks, save time with prebuilt artificial intelligence rules and alerts mapped to UAE-NESA controls and fast and granular customisation capabilities to fit your organisation’s unique IT environment and policies,” explained Mazen A Dohaji, Regional Director for the MENA region at LogRhythm.
The LogRhythm NextGenSecurity Information and Event Management Platform helps organisations covered by the UAE-NESA comply with the regulation. LogRhythm’s UAE-NESA Compliance Automation Suite provides prebuilt content — all automatically associated with the correct UAE-NESA asset categories, namely correlation rules and alarms, investigations that dive deep into data for review and analysis and summarised as well as more detailed reports.
“This suite enables NESA to identify areas of non-compliance in real time with prebuilt investigations and alarms that allow for immediate analysis of activities that impact an organisation’s critical systems,” continued Dohaji. “Proving compliance is easy with reports that can be scheduled or run on-demand.”
Incident response is a core aspect of this suite. The correlation rules and investigations are specifically designed to work with LogRhythm’s case management capabilities to expedite your response to threats and compliance violations. Additionally, dashboards can be created and customised according to the needs of your UAE-NESA compliance programme.