Compliance mandates such as PCI, HIPAA and FISMA require businesses to protect, track, and control access to and usage of sensitive information. Each requirement has its own set of complicated, costly, and time consuming demands. Addressing these strains IT resources and creates redundant processes and expenditures within an organization.
For example, compliance audits result in a lot of manual data requests, creating a huge distraction for IT. Companies are required to retain data for long periods, driving the purchase of expensive log management software, appliances and related storage, just to comply in this one area, but with little operational value. Compliance requirements to monitor logs and changes drive costly investments in SIEM, change monitoring and other technologies to implement specific monitoring and controls. Compliance also impacts day-to-day operations with segregation of duties keeping developers and operational teams off production systems, which in turn affects troubleshooting and system availability.
- SEC Compliance
All public companies must file an annual report as required by the Securities and Exchange Commission (SEC) giving a comprehensive summary of a company’s performance. This document, called the 10-K includes information such as company history, organizational structure, executive compensation, equity, subsidiaries, and audited financial statements, among other information. Investors who may decide to purchase equity in the company as stock use this information.
On October 13, 2011, In recognition of the fact that nearly all public companies interact with customers or suppliers on-line, store digital documents and rely heavily on information technology, the SEC issued new guidance for completing the risk factors section of the 10-K.
“For a number of years, registrants have migrated toward increasing dependence on digital technologies to conduct their operations. As this dependence has increased, the risks to registrants associated with cybersecurity have also increased, resulting in more frequent and severe cyber incidents. As a result, we determined that it would be beneficial to provide guidance that assists registrants in assessing what, if any, disclosures should be provided about cybersecurity matters in light of each registrant’s specific facts and circumstances.”
The SEC also mentions that cyber attacks can be in the form of a denial-of-service or may be carried out through highly sophisticated efforts to electronically circumvent network security using social engineering to gain access sensitive data.
- PCI Compliance
Log Management for PCI audits is daunting and implementing integrity controls is a significant technical challenge. For most PCI solutions, getting the wide variety of operational and security data types with a myriad of formats into a PCI solution requires data normalization. This activity can require constant maintenance and can quickly become someone’s full-time job. This is particularly problematic when custom applications that may be running in a virtualized infrastructure are in-scope for PCI. TBG BASIC’s ability to index any machine generated data lets you focus more on analysis and less on data collection and normalization.
This solution is for the business that needs to demonstrate ad-hoc search capabilities, reporting flexibility, and mature processes for remediation of PCI issues in addition to PCI’s prescribed requirements. Businesses of all sizes will benefit from the solution’s ability to operationalize PCI and make it an integral part of their security strategy.
- Out-of-the-box content for real-time continuous monitoring of enterprise PCI DSS posture
- High-level scorecards and reports for each PCI requirement
- Simple visualizations indicating PCI compliance issues
- Prioritization of in-scope assets
- Addresses operational, security, and incident review and workflow capabilities
- Audit trail for log review and report accesses
- HIPAA Compliance
Healthcare data is generated by numerous systems and in a wide variety of formats–syslog, custom application logs, XML, HL7 and myriad other formats. Add to this business vertical an IT vendor technology landscape that is influenced by mergers, acquisitions and disparate and conflicting development processes. It’s no surprise that most healthcare applications do not conform to a single data format. With so many off-the-shelf and customer applications providing information in unique formats to contend with, managing this data and deriving value from it represents an ongoing struggle for healthcare industry IT professionals.
Most healthcare providers are concerned about three things:
- Profitability and Efficiency – making sure service is optimized for every dollar spent;
- Better Patient Outcomes – improving the quality of service delivered to the patient and;
- HIPAA Compliance – making sure we protect patient (and employee data) while giving access to the right persons at the right times to do their jobs.
ome of the many business questions TBG BASIC is able to answer are:
- Are the third shift nurses more efficient than first shift when administering prescribed treatments?
- How much drug diversion is taking place in the hospital?
- Are off-shift hospital personnel viewing patient data records and what’s the potential fine amount to the hospital?
- Are there multiple claims from the same doctor for reimbursement for services from many difference cities for more patients than humanly possible?
- What are the anomalies in the numbers of specific kinds of treatments provided against a rolling 30 day average from a particular location?
TBG BASIC can be used to measure the amount of time spent with a patient at each phase of service to support a Time-Driven-Activity-Based-Costing model in lieu of a payment for services model. Splunk was founded specifically to focus on the challenges and opportunity of effectively managing massive amounts of machine data. As well as context from other databases. Over 4,800 customers in 85+ countries use TBG BASIC to harness the power of their machine data for application management, IT operations, cyber-security, compliance, web intelligence, and business analytics. With TBG BASIC they achieve new levels of visibility and insights that benefit IT and the business.
TBG BASIC can collect and index any data without regard to format and perform Google-like searches across petabytes of data. Splunk’s verbose flexible analytics command language allows you to ask questions of your data that when translated into automated search queries can answer specific business questions.
- FISMA Compliance
The Federal Information Security Management Act of 2002 (FISMA) and the associated NIST standards are driving all federal agencies to adopt a security risk management approach. Specific IT controls from NIST’s 800-53 become the IT controls grail for Federal Agencies and NIST’s 800-37 document drives a risk-based approach to prioritization of work to be performed modeled on the principals of confidentiality, integrity and availability (CIA). The Office of Management and Budget (OMB) is charged with overseeing FISMA compliance using an audit process that prescribed grades to agencies indicating their level of FISMA compliance.
FISMA compliance and the underlying NIST documentation required each agency to:
- Inventory agency information systems
- Categorize information systems
- Define minimum security controls
- Establish an on-going risk assessment process
- Develop system security plans (SSP) for each information system
- Conduct regular certification and accreditation of the systems
- Provide on-going monitoring of information systems
The goal of FISMA is to verify through annual audit that agencies can respond to changes in the IT architecture both foreseen and unforeseen in an efficient, consistent, and prioritized manner based on asset information and information risk.
TBG BASIC Provides Continuous Monitoring of FISMA Risk-Based Controls
- TBG BASIC can monitor data-streams in real-time and search terabytes of historical data to continuously monitor data coming in ASCII text from any data source. Splunk can monitor changes to files that can indicate system ‘configuration drift’ against a baseline.
- TBG BASIC’s search language lets you search for what you’re looking for across terabytes of data and includes statistical functions that allow you to create statistical averages, look for outliers, and continuously monitor and measure your state of compliance.
- TBG BASIC’s ability to accept and store knowledge from users as metadata tags means that data and system classifications can be used to drive reports and dashboards supporting metrics for KPIs relating to 800-53 v3 controls.
- TBG BASIC’s ‘look-up’ feature allows you to pull data from an asset management database that may contain contextual information about hosts such as security classifications, system owner information, and up-time requirements. Part or all of this information in reports and dashboards presented to users.
- TBG BASIC can be tailored to scale, while supporting role-based access to dashboards, reports, and allowing direct drill-down into the supporting data. Dashboards and visualizations update in real-time making Splunk ideal for NOC or SOC operations.