Overview of Cybersecurity Controls
Businesses and organizations in the Kingdom of Saudi Arabia must comply with national security regulations. In this document, we will examine the following regulations and how Lucidum can help you comply with those regulations:
The Critical Systems Cybersecurity Controls ('CSCC') prescribes the minimum cybersecurity requirements for critical systems in organizations. Critical systems are systems where failure, unauthorized change, or unauthorized access to the system or its data could negatively impact an organization’s businesses or cause negative economic, financial, security or social impacts on the national level.
Saudi Arabian Monetary Authority Cyber Security Framework (SAMA CSF) applies to Saudi Arabian Banking, Insurance, and Financing Companies.
Essential Cybersecurity Controls ('ECC') applies to government entities and private sector entities that own or operate critical national infrastructure.
Category | Requirement | CSCC | SAMA CSF | ECC-1 |
|---|---|---|---|---|
Asset Management | Accurately Inventory and Identify IT Assets to implement and manage asset security controls. | 2-1 | 3.3.3 | 2-1-1 |
Business Continuity & Disaster Recovery | Show mechanisms that facilitate contingency planning controls to help ensure resilient assets and services. | 2-8 |
| 2-4-4 |
Cloud Security | Accurately inventory and identify cloud assets to ensure cloud instances are secure and follow industry best practices. | 4-2 | 3.3.4 | 4-2-1 |
Compliance | Provide visibility into the technology assets and information governance processes | 1-4-2 | 3.2.5 | 1-8-1 |
Configuration Management | Maintain secure baseline configurations that are hardened and follow industry-accepted standards. | 1-3-2-3 |
| 1-3-3 |
Continuous Monitoring | Continuous inventory of IT assets and continuous monitoring of security posture and controls | 2-11 | 3.3.14 | 2-3-4 |
Data Classification & Handling | All data assets and all IT assets are categorized in accordance with applicable statutory, regulatory, and contractual requirements | 2-6-1-2 |
| 2-1-5 |
Endpoint Security | All new and existing assets have active endpoint security and data protection | 2-3-1-2 |
| 2-3-4 |
Identification & Authentication | Identify users and the assets and data to which they have access | 2-2 | 3.3.5 | 2-2-1 |
Incident Response | Provide detailed reports on assets associated with incidents, prioritize incidents for mitigation, and automate mitigation tasks such as analysis, containment, patching, and changes to configuration.
|
| 3.3.15 | 2-13-1 |
Threat Management | Threat intelligence that includes cross-organization visibility and information-sharing to inform the development of system and security architectures, selection of security solutions, monitoring, threat hunting, and response and recovery activities. |
| 3.3.16 | 2-10-4 |
Connectors
Connectors enable Lucidum to ingest data from your environment and discover, identify, and classify assets, data, and users.
Lucidum includes pre-built connectors for the most commonly used solutions for security, vulnerability scanning, cloud, data warehouse, identity management, logs, network, endpoint management, IP management, file sharing, and devops.
To configure a connector, you provide credentials that allow Lucidum secure, read-only access to the deployed solution. Lucidum then makes read-only API calls to ingest data from the solution.
The current list of Connectors reflects all the Connectors currently in production at customer sites. With over 300 connectors, we’re sure we have yours. And if we don’t have your connector, we guarantee a 2-day turnaround for new connectors.
Lucidum recommends you configure Lucidum connectors for:
The Endpoint Management solutions in your environment (for example, Jamf, Intune, Citrix Endpoint Management, Symantec Endpoint Management, Hexnode)
The Endpoint Protection solutions in your environment (for example, Trellix Endpoint Security, Symantec Endpoint Protection, SentinelOne, Crowdstrike Falcon, Microsoft Defender for Endpoint )
The Endpoint Detection and Response solutions in your environment (for example, SentinelOne, Falcon Crowdstrike, Trend Micro XDR, Check Point Harmony Endpoint, Cortex XDR)
The cloud solutions in your environment (for example, AWS, Azure, Google Cloud, Oracle Cloud)
The cloud security solutions in your environment for cloud assets (for example, Netskope, Illumio Core, Orca, Tenable.io, Trend Micro Cloud One, Sophos Central)
The anti-virus solutions or vulnerability management solutions in your environment (for example, Burp Suite, Cycognito, Greenbone, Kenna, MS Defender, Qualys, Rapid7, Tenable, Vulcan)
The Mobile Device Management solutions in your environment (for example, Addigy, Citrix Endpoint, Jamf Pro, Kandji)
The directory solutions in your environment (For example, Azure AD, Microsoft AD, Jump Cloud, PingOne, OpenLDAP,)
The SSO solutions and identify and access management solutions in your environment (for example, Okta, AWS IAM, PingOne, OneLogic, SecurAuth)
The DHCP solutions in your environment (For example, Infoblox, Efficient IP, BlueCat)
The VPN solutions in your environment (For example, Cisco AnyConnect, FortiClient, Palo Alto VPN, Citrix Gateway, Zscaler Private Access)
After Lucidum ingests data from these systems, Lucidum uses graph data, machine learning, and predictive analytics to detect and classify all assets and users, even those not detected by the solutions in your environment.
You can then view prebuilt dashboards, query Lucidum databases, export query results, or create custom dashboards.
Lucidum’s Machine Learning
Lucidum fills the gaps between security solutions. After ingesting data from connectors, Lucidum enriches that data through machine learning to fill gaps in security solutions. After ingestion, Lucidum:
Deduplicates records. For example, suppose an asset uses DHCP. Suppose Lucidum ingests different information about that asset each day. However, each day, that asset will lease a new IP address. Instead of creating multiple asset records (one for each IP address), Lucidum creates a single record for that asset. The single record includes all the IP addresses associated with the asset over time.
Triangulates records. Suppose a single user appears in multiple solutions with multiple versions of a user name. For example, suppose Lucidum ingests a different name from Azure AD, GitHub, and Intune. Suppose Lucidum ingests that names “John.Smith”, “SmithJ”, and “john.smith@lucidum.io”. Lucidum creates a single entry for that user with a single user name and enriches the user record with information from Azure AD, GitHut, and Intune.
Aggregates records. Suppose Lucidum ingests data about an asset from CarbonBlack, Tenable, Intune, VMware, and InfoBlox. Each data source provides some information. Some of these data sources provide unique information. For example, one solution might provide OS and version, another solution might provide vulnerabilties, another solution might provide hardware information, another solution might provide application data, and another solution might provide cloud information. Lucidum creates a single asset record that aggregates all the data from the multiple solutions.
Creating Your Own Dashboards
For detailed steps on creating custom dashboard, see the manual on Report Center and the manual on Value-Oriented Dashboards.