Uptycs for FedRAMP Compliance
We help you meet U.S. government-wide standards to assess cloud service security, control, and monitoring.
Case Study: FedRAMP Compliance for Linux
This major SaaS-based CRM service provider needed a security and compliance solution to support their FedRAMP certification . Within a three-month window, Uptycs Unified CNAPP and XDR provided the necessary functionality to meet the criteria established by the auditors for FedRAMP certification.
Read This Case Study
Attestation, Visibility and Reporting
- Hone in on any given asset’s security posture, provenance, and prevalence
- Gain live and historical access to processes, files, certificates, and other attributes
- Benefit from comprehensive live audit support
Measurable Compliance Posture
Gain detailed compliance posture information to make identifying non-compliant assets much simpler.
-
View customizable dashboard visualizations of compliance posture
-
Identify where you need to target your remediation efforts
-
Drill down into non-compliant assets to get associated evidence and remediation guidance
-
Instantly see the latest failed configuration checks, most non-compliant resources, time to resolve non-compliance, and much more.
-
Integrations with Splunk, ServiceNow and other ticketing & SOAR systems
Requirements & Controls
Set your security controls to meet compliance requirements while also making security-forward decisions to level-up your defense arsenal.
-
Leverage telemetry-powered behavioral detection, including IDS, to spot IoCs and IoBs and see them mapped to MITRE ATT&CK
-
Get multi-method malware detection including YARA scanning and integration with third-party file reputation databases
-
Utilize FIM for directories and files, with out-of-the-box sensitive folder and file detection
-
Establish policy baselines and receive comprehensive monitoring, alerting and reporting on anomalous events
-
Harness the power of lateral movement detection to see exactly how a threat attempts propagation within your network
FedRAMP Capabilities of
Uptycs Unified CNAPP and XDR
Explore the full list of capabilities that come together to support your FedRAMP compliance requirements:
Asset Inventory Audit
Instant visibility into security posture of an asset
Read More
Asset Inventory Audit
- Instant visibility into security posture of an asset
- Random asset selection at scale for auditing with comprehensive insight support
- Asset provenance: serial, h/w, configs, users, network, inventory, detections, certificates and compliance
- Asset prevalence: Rare startup, paths, packages, users, access and processes as % of cohort
- Asset prevalence: Comparison of asset vs cohort: users, shell access, compliance failures and more
- Live and historical access to: processes, files, certificates and attributes and artifacts
- Comprehensive Live Audit support
CIS Audit
OS distribution independent and distro dependent benchmarking and audit
Read More
CIS Audit
- OS distribution independent and distro dependent benchmarking and audit
- Over 200 comprehensive checks for rich audit
- Customizations for scoring, exclusion, parameterization of audit benchmark
- Inline CIS definitions and prescriptions
- Evidence capture from each run
- High fidelity and lightweight telemetry-based continuous compliance and monitoring
- Telemetry-based live and continuous audit and compliance support
- High-speed audits to support 24x7 monitoring
- Structured audit and results to find problems and improve security hygiene
Custom Audit & Compliance
Granular and customizable checks
Read More
Custom Audit & Compliance
- Granular and customizable checks
- Configuration support for scoring, parameterization of checks
- Composable checks that span multiple standards (PCI, SOC, etc.)
- Recomposable checks to create custom audit and compliance standards
- Captured structured evidence
- Established golden baselines
- Integrations with Splunk, ServiceNow and other ticketing and SOAR systems
- Customizable alerts, reports and dashboards
FedRamp Controls Audit
Over 200 controls with CIS-based baseline per FedRAMP recommendations
Read More
FedRamp Controls Audit
- FedRAMP support: Over 200 controls with CIS-based baseline per FedRAMP recommendations
- FedRAMP-specific controls for Linux workloads
- FedRAMP baseline checks for AC - Audit & Controls
- FedRAMP baseline checks for AU - Audit & Accountability
- FedRAMP baseline checks for CM - Config & Management
- FedRAMP baseline checks for IA - Identification & Authorization
- FedRAMP baseline checks for SC - System & Communication Protection
- FedRAMP baseline checks for SI - System & Information Integrity
- Flexible and re-composable checks
- Scoring, parameterization, evidence collection, prescriptions and other features and attribution per check
- Common checks from other standards such as CIS, SOC 2, PCI and HIPAA
Audit Support Services
Customer partnership to establish controls
Read More
Audit Support Services
- Customer partnership to establish controls
- Proactive, reactive and predictive controls
- Audit preparation by helping customer with their preparatory checklist
- Customer collaboration: Team extension
- Customer collaboration: Surface evidence
- Customer collaboration: Live visibility
- Customer collaboration: Established provenance and efficacy of controls
- Custom alerts, reports and dashboards as necessary
- Full and comprehensive report for customer engagement
Behavioral Detection (IDS)
Comprehensive system behavior-based detection
Read More
Behavioral Detection (IDS)
- Comprehensive system behavior-based detection
- Telemetry-powered Behavioral Detection functionality, including IDS
- Lambda Analytics correlation for event and alerts
- Login, Sessions, Process activity detection
- Commands, Sockets, DNS, Files and more
- Behavioral (Indicators Of Behavior - IOB) detection
- Compromise (Indicators Of Compromise - IOC) detection
- Configuration and customization capabilities
- IOB’s and IOC’s mapped to MITRE ATT&CK
Malware Detection
Multi-method malware detection
Read More
Malware Detection
- Multi-method malware detection
- VirusTotal integration and correlation
- 3 rd party File reputation database integration
- Live YARA scan for 100’s of signatures at process launch
- On-demand YARA scan of File and related carving
- On-demand YARA scan of Process/Memory and related carving
- YARA scan triggered by File Integrity Monitoring
- Process has baselining and correlation
File Integrity Monitoring
FIM for directories and file
Read More
File Integrity Monitoring
- FIM for directories and files
- Out-of-box sensitive folder and files detection
- Read, Write, Exec, Modify
- Multi-method correlation – system based and file system based
- Deep sys-call integration for change attribution and chaining
- Rapid inotify monitoring for micro-VM deployments
- Policy, baseline, monitoring, alerting, reporting
- Regulatory compliance such as PCI, SOC 2, HIPAA, NIST
- Comprehensive exclusion filters and policies to reduce noise
- Auto YARA scan based on FIM triggers
Network Detection
DNS capture and reputation correlation
Read More
Network Detection
- DNS capture and reputation correlation
- HTTP/HTTPS capture and correlation
- JA3 and JARM hash computation and reputation correlations
- JA3/JARM lookup alerts and baselining
- System socket API telemetry
- Lateral movement detection
- Logon activity and correlation with network
- Syslog capture and detection of network activity
Baseline & Outlier Detection
Collect and create baselines across multiple dimensions
Read More
Baseline & Outlier Detection
- Collect and create baselines across multiple dimensions
- Logins, Paths, Hash, Sockets and many more attributes
- Establish baseline based on 30,60,90, 180 days or more of historical telemetry
- Compare real-time activity against baseline
- Event and Alert correlation for process, logins, shell cmd’s, process hash, sockets and more
- Detect potential outliers based on historical baseline deviations
Vulnerability Detection
Continuous ingestion: Asset inventory and software packages
Read More
Vulnerability Detection
- Continuous ingestion: Asset inventory and software packages
- Continuous ingestion: Asset configuration and asset audits
- Continuous ingestion: Vendor provided security bulletins
- Continuous ingestion: CVE’s and other known sources of vulnerabilities
- Continuous ingestion: CIS and similar audit benchmarks
- Continuous Analytics: Correlation of software inventory with vendor provided security bulletins to surface software vulnerabilities
- Continuous Analytics: Correlation of asset audit and config checks to surface configuration vulnerabilities
- Standardized measurable outcomes based: CIS, CVE/CVSS/NVDB
- Customized measurable outcomes based on organizational needs
