ITC Security Threat of the Week – Week 20: Audits, Compliance…SIEM

The compliance and audit controls expected by customers, governments and financial authorities are posing increasingly strict requirements for an organization to trade and stay in business. Requirements are becoming so overwhelming that manual efforts are becoming too difficult to keep up.

Why would we spend the expensive resources` time with manual data reviews, log collection and comparison, compiling reports when we can automate a large proportion of the work?

In today`s Information Technology world almost every single device is capable of some sort of logging and most of these can also export/forward the events to an external system via secure channels.

Security Information Event Management (SIEM) systems and solutions can leverage this log information and automatically generate alerts and reports to notify the executives of current compliance status together with a detailed history and the identification of areas for remediation.

Of course different content or tools are required to satisfy the different regulatory systems, however without a doubt the basis of all this is central log management for all regulated systems and an SIEM content package that can handle and fulfil the potential upcoming audit inspections.

For most standard compliance requirements, content packages exist already. Why reinvent the wheel?

HP ArcSight provides packages for the most common controls—SOX, PCI, NERC, HIPAA, FISMA, IT Governance. It is also extendable due to the customer use case development capabilities.

ITC can provide consultancy, proof-of-concept and tailored customer implementations using the HP ArcSight SIEM products with the augmentation of vulnerability management (QualysGuard) and Network Access reporting (Forescout), providing accurate state reporting with critical remediation advice.

If you would like to know more, please get in contact via phone: 020 7517 3900 or email: [email protected].