NNT SecureOps and the ECC: Saudi Arabia’s Essential Cybersecurity Controls

Saudi Arabia’s National Cybersecurity Authority introduced the Essential Cybersecurity Controls (ECC) in 2018. The objective was to establish best practice in cyber security at a national level, covering critical infrastructure, high priority sectors and government services. The ECC is a comprehensive but ‘one size fits all’ security framework and as such is a minimum requirement, with the expectation that each organization seeking to demonstrate compliance should also undertake their own risk assessment.

Put simply, risk levels are different for each organization, determined by industry sector, confidential data being processed and the exposure represented by their IT systems/architecture. Domain 5 focuses on Industrial Control Systems/Operational Technology, which will only be relevant to those organizations with a dependency on manufacturing/production facilities or those in energy generation/distribution.

Download the Essential Cybersecurity Controls (ECC)

Download NNT's ECC Solution Brief

Download The Complete Hardened Services Guide

Benchmark Hardening/Vulnerability Checklists

NNT’s Vulnerability Tracker™ identifies known vulnerabilities within software and configuration settings before they can be exploited by a cyber-attack.

• Directly addresses ECC 2-1 Asset Management, 2-10 Vulnerabilities Management, 2-11 Penetration Testing, 2-15 Web Application Security and 5-1 Industrial Control Systems (ICS) Protection
• Unique, fully meshed, distributed scanning solution providing UNLIMITED scanning, not restricted by device counts. This makes Vulnerability Tracker the most scalable, flexible and cost-effective enterprise-class scanner.

NNT Change Tracker Gen 7 R2 provides fundamental cyber security prevention and detection. It does this by leveraging the required security best practice disciplines of system configuration and integrity assurance combined with the most comprehensive and intelligent change control solution available. Change Tracker from NNT will ensure that your IT systems remain in a known, secure and compliant state at all times.

• Directly addresses ECC 2-3 Information System and Information Processing Facilities Protection, 2-5 Networks Security Management, 2-7 Data and Information Protection and 5-1 Industrial Control Systems (ICS) Protection
• Provides context-based File Integrity Monitoring and File Whitelisting to assure all change activity is automatically analyzed and validated.
• Certified CIS configuration hardening ensures all systems remain securely configured at all times
• Intelligent change control technology, provides unparalleled change noise reduction along with the ultimate reassurance that the changes occurring within your production environment are consistent, safe and as required.

NNT Log Tracker records full audit trails of all user and system activity then correlates events to provide early-warning of hacker behavior.

• Directly addresses ECC 2-12 Cybersecurity Event Logs and Monitoring Management and 2-13 Cybersecurity Incident and Threat Management
• Securely protects all logs and audit trails
• Correlates logs from all devices including network devices, Unix and Windows servers, applications and databases, ICS and OT infrastructure, analyzing them for unusual or suspicious activity
• Pre-built compliance reports and scorecards
• Alert Rules and Tickets can be used to build escalation logic, prioritizing more serious threats with Severity Ratings
• Ideal as an Event Aggregator and feed for a ServiceDesk or External Security Response Teams.