What Is Directive on Security of Network and Information Systems (NIS)
The NIS Directive (Directive on Security of Network and Information Systems) is a European Union directive that (broadly speaking) defines cybersecurity requirements for operators of essential services. The definition of “essential services” is broad and different member states include or exclude different types of companies and organizations. But certainly critical infrastructure (water utilities, heating, electricity providers, hospitals, pharmaceutical companies, telecommunications, and some parts of the public sector) falls into the essential services category.
What Kind of Software do You Need To Comply With NIS?
The NIS Directive allows EU member states to define the particular security requirements, and while they differ slightly between countries, the overall approach is very similar, and usually is comparable to ISO 27001.
Then comes the issue of cost and efficiency. Some of the operators of essential services are medium enterprises that can’t afford the most expensive security solutions out there in order to comply with the requirements coming from the NIS Directive. Many cybersecurity products and services have historically been priced for the large enterprise (SIEM being one example), which can be an issue for compliance.
This is why we decided to provide a (non-exhaustive) list of the types of software that’s typically needed to achieve NIS compliance. We have split it into three categories: Enterprise, mid-market, and open source. Open source solutions can be deployed in any organization, but they usually require a lot of expertise and resources for troubleshooting, which may not be available to medium enterprises. They are an option to possibly tick a box but should be viewed with care unless there’s a managed security service provider that handles the implementation and support.
We believe that the four types of software needed for NIS compliance are:
- Security information and event management (SIEM) – a must-have unified security center of any organization, giving full security visibility and automated threat detection and response
- Next-Generation Firewall – firewalls with extended capabilities beyond basic blocking and allowing functionality, like intrusion detection, malicious website filtering, SQL injection protection, and more. A general solution like that is needed to ensure standard levels of network security
- Antivirus/endpoint protection – the endpoint (whether it’s an employee computer, a server, or a mobile device) needs dedicated protection from malware, including ransomware. While antivirus and endpoint protection solutions differ, they solve the same core problem.
- Email Security Gateways – as email is the number one attack vector (through phishing and malicious attachments), it’s mandatory to have an email security solution
Below is the list of products/vendors for each of these product categories. Note that vendors nowadays may have different options for different customers (e.g. in the firewall category), so that fact that we’ve included a vendor in the “mid-market” column doesn’t mean it doesn’t have an enterprise offering.
| Product category | Mid-market products/vendors | Enterprise products/vendors | Open source products |
|---|---|---|---|
| SIEM | LogSentinel SIEM, Exabeam SMP, SolarWinds SEM, AlienVault USM | IBM QRadar, McAfee ESM, HP ArcSight, Splunk | Wazuh, AlienVault OSSIM, Elastic SIEM |
| Next-gen Firewall | WatchGuard, GlassWire, Fortinet 40F, Sophos, SonicWall | Cisco ASA NFGW, Palo Alto NGFW, Forcepoint, Barracuda | pfSense, Smoothwall, OPNsense, NG Firewall (Untangle) |
| Antivirus / Endpoint protection | ESET Endpoint Security, Malwarebytes, BitDefender, Norton 360, Avast, McAfee Total Protection | CrowdStrike Falcon, SentinelOne, Carbon Black, Symantec Endpoint Protection, Cisco AMP, FireEye Endpoint Security | ClamAV, OpenAntiVirus Project, Armadito Antivirus, ClamWin |
| Email Security Gateway | Sophos Email Gateway, Mimecast Email Security, SpamTitan, Barracuda Email Security Gateway, Microsoft Exchange Online, Area 1 Security | FireEye Enterprise Email Gateway, Cisco Email Security, McAfee Security for Email Servers, Proofpoint Email Protection | MailScanner, Proxmox Mail Gateway, Hermes Secure Email Gateway, OrangeAssasin |
We know how challenging it can be for operators of essential services to meet the cybersecurity requirements of the NIS Directive (and not only), especially when it comes to small and medium enterprises. However, all-in-one cybersecurity solutions are no longer targeted just at large corporations.
In case you are currently evaluating options for integrating a SIEM product to achieve regulatory compliance and improve your information security posture, you should consider LogSentinel. With LogSentinel Next-Gen SIEM you get a strong set of compliance features as as well a great cybersecurity solution, so you can demonstrate compliance at reduced operational costand minimize effort on audit, forensics and fraud detection.
Bozhidar Bozhanov is a senior software engineer and solution architect with 15 years of experience in the software industry. Bozhidar has been a speaker at numerous conferences and is among the popular bloggers and influencers in the technical field. He’s also a former government advisor on e-government, transparency, and information security.
