
AlienVault IT Compliance Management
Achieve IT Compliance Management and Security Goals Faster with One Unified Solution
Complete IT Compliance & Security Management in a Single Pane of Glass
IT compliance management is often a manual process that requires you to deploy and monitor multiple IT security point products to satisfy regulatory or industry requirements. You also must aggregate data from multiple IT systems into a single view or set of reports to prove to management and auditors that your IT controls are in place and working. While a SIEM or log management tool can help automate that effort, it’s not enough to meet the stringent requirements of today’s widely-accepted regulatory compliance standards, such as PCI DSS, HIPAA, GDPR, and others.
AlienVault Unified Security Management (USM) is a unified solution for complete security and IT compliance management. It combines the essential security technologies needed to demonstrate compliance against today’s most challenging regulatory standards and to continuously monitor your networks, cloud environments, and endpoints—all in a single pane of glass. It combines asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, endpoint detection and response, file integrity monitoring, orchestrated incident response, SIEM, log management, compliance reporting, and continuous threat intelligence updates.
AlienVault USM breaks through the complexity and expense of having to manage multiple point security solutions, giving today’s resource-limited IT security teams a centralized security and IT compliance solution that’s affordable, easy to use, and can be deployed in as quickly as one day.
Discover how the AlienVault USM platform helps to accelerate and simplify security and IT compliance management:
- Automates log collection, analysis, and event correlation in a single console, alerting you to suspicious and anomalous activities
- Continuously discovers your assets and vulnerabilities in dynamic environments
- Centralizes threat detection across all your environments: AWS, Azure, on-premises, as well as cloud apps like Office 365 and G Suite
- Detects and reports on changes to your critical files and registries with built-in file integrity monitoring (FIM)
- Enables faster incident investigation and response with proactive endpoint queries, automated response actions, and advanced security orchestration
- Simplifies compliance reporting with out-of-the-box, predefined compliance reports, and highly customizable data search and analytics
- Securely stores your log data in the AlienVault Secure Cloud for up to 90 days online, and 12 months or more in cost-effective cold storage
- Certified compliant with PCI DSS, HIPAA, and SOC 2, giving you assurance and alleviating the burden of log storage in your own compliance certification process
AlienVault Is Trusted & Verified
AlienVault makes compliance a top priority for your organization and for ours. We have adopted the NIST Cybersecurity Framework (CSF), aligning our security controls and processes with industry-proven security best practices. We use our own USM platform to demonstrate and maintain compliance, working with third-party auditors to regularly test our systems, controls, and processes.
Maintain IT Compliance with Continuous Monitoring
Compliance is never done. Even after the auditors leave, you must continuously maintain your compliance practices, which if performed manually, can consume an overwhelming amount of resources, especially for small IT security teams. Still, failure to stay in compliance can result in substantial fines, along with damage to your company’s reputation or brand.
AlienVault USM makes it simple and automatic to maintain your IT compliance practices between audits, so you can focus on what really matters—keeping your organization secure from the latest threats.
Continuous Asset Discovery & Vulnerability Scanning
To satisfy most regulatory standards, you must maintain visibility of all of your in-scope assets and their vulnerabilities. The AlienVault USM platform continuously scans your environment to dynamically discover all of your cloud and on-premises assets. Internal vulnerability scans run regularly, and you can run an on-demand vulnerability scan of any asset group, for example a PCI CDE asset group.
Automated Log Collection, Analysis, & Event Correlation
AlienVault USM automatically collects, aggregates, and correlates log data from systems, devices, and applications in your cloud and on-premises environments. And, with our lightweight, adaptable AlienVault Agent, you can collect in-depth endpoint data, even as your endpoints move on and off the corporate network. As such, you get full-environment correlation across your cloud, on-premises networks, and endpoints for the most comprehensive security visibility. You’ll automatically be alerted to suspicious and anomalous activities, and very importantly, have full context of the threat, so you can speed investigation.
Continuous Threat Intelligence Updates from AlienVault Labs
To protect your organization from the latest malware-based threats and vulnerabilities, as mandated by many regulatory compliance standards, you need the up-to-date threat intelligence in your IT compliance management solution. Yet, most organizations simply don’t have the resources to stay ahead of emerging threats. With AlienVault USM, that’s okay. The platform receives continuous threat intelligence updates automatically from the AlienVault Labs Security Research Team. This team scours the global threat landscape and delivers ready-to-use threat intelligence in the form of continually updated correlation rules, new intrusion detection and vulnerability signatures, optimized endpoint queries, up-to-date remediation guidance, and more, in order to combat the latest threats. The platform also receives crowd-sourced threat intelligence from the AlienVault Open Threat Exchange (OTX), a worldwide community of security practitioners and researchers who openly contribute threat data on new attacks as they unfold in real-time in the wild.
Automated Incident Response & Orchestration
Next-generation compliance standards not only mandate that you prevent and detect intrusions in your environment, but also that you respond to incidents quickly and efficiently. AlienVault USM empowers you with proactive endpoint queries, automated response actions, and advanced security orchestration so that when an incident occurs, you can work to immediately contain or otherwise respond to the threat. This orchestration extends to third-party security tools like Palo Alto Networks and Cisco Umbrella, so you can centralize your threat detection and incident response activities in the USM platform.
Compliance-Ready Log Storage
AlienVault USM stores your log data in the AlienVault Secure Cloud. Up to your most recent 90 days of events are searchable in the USM platform, and logs are stored in cold storage for up to one year. And because the USM platform is certified compliant to widely-accepted compliance standards, including PCI DSS, HIPAA, and SOC 2, you can rely on our secure log storage as you pursue your own certification efforts.
Audit-Ready Compliance Reporting
To meet compliance mandates of PCI DSS, HIPAA, and other regulatory standards, you must demonstrate that you regularly monitor your IT environments and that your IT controls are working. This demands rigorous reporting on your assets, vulnerabilities, and potential threats, which can be very time-consuming if done manually and can slow down or jeopardize your audit process.
Predefined Compliance Reports
AlienVault USM delivers a vast library of “audit-ready” predefined reports for PCI DSS, HIPAA, and NIST CSF, helping you to accelerate your compliance process and be ready faster for your next audit. Also available are reports that facilitate regular review of events from key data sources such as your firewalls, or by key event types such as authentication events. The USM platform gives you centralized visibility of all your cloud and on-premises assets, vulnerabilities, threats, and log data from your firewalls and other security tools, so you always have the most complete and contextual data set at your fingertips.
Save & Export Custom Reports
In addition to predefined reports, AlienVault USM makes it incredibly simple to create custom reports, so you can satisfy the reporting needs of your compliance auditor, your executives, and your board. It provides a highly efficient and fast way to search, filter, and analyze your security-related data. You can save and export any custom search as an HTML or CSV report and add visual data elements, perfect for analyzing trends or presenting an executive-level summary.
Create & Save Custom Data Views
Complementing the predefined and custom reports, the USM platform also gives you the ability to easily create and save custom views on events and alarms, so you can quickly and regularly review data related to a specific threat, user, or system that you want to focus on. You simply select the search terms and data fields you want presented in the view and save it for quick reference at any time.
GDPR Compliance:
Simplify GDPR Compliance Monitoring With A Complete Set of Essential Security Capabilities in a Single Solution
The General Data Protection Regulation (GDPR) requires organizations handling the personal data of European Union citizens to keep that data secure, and it levies big penalties to organizations that fail to comply. Unfortunately, traditional security monitoring solutions may fall short of helping organizations meet GDPR requirements.
AlienVault Unified Security Management® (USM) provides a unified security monitoring and compliance management platform to accelerate GDPR compliance readiness. By integrating multiple capabilities into a single platform, AlienVault USM gives you visibility into your entire security posture and simplifies the compliance process.
GDPR requires organizations to maintain a plan to detect a data breach, regularly evaluate the effectiveness of security practices, and document evidence of compliance. Instead of specific technical direction, the regulation puts the onus on organizations to maintain best practices for data security.
Starting on Day One, AlienVault USM supports GDPR compliance readiness by helping you detect data breaches, monitor data security, and document your compliance readiness. The unified platform centralizes essential capabilities like asset discovery, vulnerability scanning, intrusion detection, behavioral monitoring, SIEM, log management, and threat intelligence updates.
USM Anywhere includes pre-built reporting templates to help you prove compliance with regulatory requirements and adhere to IT security frameworks like ISO 27001 and NIST CSF. While GDPR does not define or prescribe specific reporting requirements, following ISO 27001 can be an effective way to demonstrate that your technical security controls are aligned with globally recognized best practices. Using the ISO 27001 compliance reporting templates in USM Anywhere as a foundation can help you add structure to your GDPR readiness efforts.
AlienVault USM delivers the essential security capabilities you need from GDPR compliance software:
Simplify Security and GDPR Compliance Management with a Unified Platform
- Shrink your attack surface with asset discovery and vulnerability scanning
- Detect intrusions and potential data breaches with built-in intrusion detection
- Prepare for forensic investigation with log retention and management
Detect, Investigate, and Report on Data Breaches
- Detect breaches quickly with network intrusion detection (NIDS), host intrusion detection (HIDS), and cloud intrusion detection (CIDS)
- Identify anomalous activity with behavioral monitoring
- Document compliance readiness with pre-built report templates along with fully customizable reports
Reduce Your Incident Response Time to Minimize Data Exposure
- Respond to incidents quickly with automated response actions
- Limit potential data exposure by shortening total time to response
Keep Your Security Plan Up-to-Date with Continuous Threat Intelligence Updates
- Get the latest threat intelligence, curated by the AlienVault Labs Security Research Team
- Stay up-to-date with threat intelligence updates continuously delivered to your USM deployment
Simplify Security and GDPR Compliance Management with a Unified Platform
Unlike point solutions that address one aspect of GDPR compliance at a time, AlienVault USM supports a range of compliance functions by integrating five essential security capabilities into one unified solution:
- Asset Discovery
- Vulnerability Scanning
- Behavioral Monitoring
- Intrusion Detection
- SIEM & Log Management
AlienVault USM's unified approach gives you complete visibility of your security posture within a single pane of glass, making it simple to demonstrate GDPR security compliance.
With AlienVault USM's asset discovery capabilities, you can create and maintain a complete inventory of the critical assets you need to monitor to comply with GDPR requirements, giving you security visibility of your data protection efforts.
Article 32 requires organizations to take technical steps to ensure data protection, including constantly monitoring the effectiveness of your security plan.
Using AlienVault USM, you can schedule regular vulnerability scans of your critical assets to stay on top of essential patches and minimize your attack surface. In the case of the vulnerability exploited by WannaCry ransomware, for example, vulnerability scans within AlienVault USM would help you identify unpatched systems so you could apply patches or isolate them from essential data.
Built-in intrusion detection capabilities for network-, host-, and cloud-based systems allow you to monitor your entire critical infrastructure for data breaches. Behavioral monitoring helps you identify anomalous activity that could affect your stored data.
In case a breach does occur, AlienVault USM's secure log management capabilities ensure you have the event logs you need to meet the level of forensic investigation GDPR regulation requires.
Efficiently Detect, Investigate, and Report on Data Breaches
To achieve GDPR compliance, you need to demonstrate that you have a plan in place to monitor the critical infrastructure housing the personal data of EU citizens. AlienVault USM provides essential security monitoring capabilities to help you detect, investigate, and report on data breaches within your environments.
Network intrusion detection (NIDS) identifies threats using signature-based anomaly detection, collecting data from your on-premises environments to spot malicious attacks, malware intrusions, and other potential threats to your data.
AlienVault USM Anywhere delivers native cloud intrusion detection capabilities for Azure and AWS, allowing you to detect intrusions within your public cloud environments. USM Anywhere provides visibility into your security posture across your on-premises, public cloud, and private cloud environments, as well as cloud applications like Microsoft Office 365 and Google G Suite.
Host intrusion detection (HIDS) and file integrity monitoring (FIM) provide security visibility at the application layer, allowing you to detect activity such as potential system compromise, rogue processes, and changes to critical configuration files.
When AlienVault USM detects a threat within your environments, it creates an alarm to direct your attention to it, allowing you to respond quickly and limit the scope of a potential intrusion. USM intelligently prioritizes alarms based on the severity of threat, so you know which incidents to respond to first.
You can easily search and filter the log data within AlienVault USM to investigate potential intrusions and access all the information you might need for detailed investigation in the wake of a data breach. Granular search and filtering functions allow you to pivot around selected data for deeper analysis.
Reduce Your Incident Response Time to Minimize Data Exposure
To comply with GDPR regulations, organizations should have a plan in place to detect and respond to a potential data breach to minimize its impact on EU citizens. In the case of an attack or intrusion, a streamlined incident response process can help you respond quickly and effectively to limit the scope of the exposure.
AlienVault USM helps security teams respond to threats quickly by delivering a unified view of each organization's security posture. Instead of wasting time piecing together information from multiple systems, you can take swift, confident action with a centralized view of all your assets, their vulnerabilities, any intrusions or attempts to exploit those vulnerabilities, as well as contextual threat intelligence and remediation guidance.
When an incident occurs, prioritized alarms help you focus on the most important threats first. With detailed event data and incident response templates at your fingertips, it's easy to move quickly from detection to response rather than losing time on basic research.
With USM Anywhere, you can receive alerts via email or Amazon SNS to help you respond immediately to threats affecting your sensitive data.
When a potential intrusion occurs, USM Anywhere allows you to automate incident response actions within USM Anywhere as well as with leading third-party security tools like Cisco Umbrella, Palo Alto Networks, and Carbon Black. For example, if USM Anywhere detects evidence of ransomware like WannaCry, you can shut down or isolate the system and pull in additional data to help you investigate.
With USM Anywhere's automated incident response capabilities, you can eliminate time-consuming manual tasks and move swiftly from detection to response. Shortening your total time to respond limits the potential impact of intrusions, helping you minimize data exposure and meet protection requirements.
Discover How AlienVault USM Supports GDPR Compliance
GDRP Article(s) | AlienVault USM Capability | Examples of How AlienVault USM Helps |
---|---|---|
Article 24 (Responsibility of the controller) Article 25 (Data protection by design and by default) Article 28 (Processor) |
Continuous Monitoring |
|
Personal Data Security |
|
|
Incident Detection |
|
|
Incident Response |
|
|
Articles 33, 34 (Notification of a personal data breach) | SIEM Log Management & Reporting |
|
Article 35 (Data protection impact assessment) | Asset Discovery |
|
Vulnerability Assessment |
|
HIPAA Compliance:
Simplify and Accelerate HIPAA Compliance and Reporting with One Complete Solution
Any organization that transmits any health information in electronic form, including health plans, healthcare clearing houses, healthcare providers, and business associates of a covered entity, must comply with HIPAA.
Yet, according to the US Department of Health and Human Services, one of the top issues that organizations have is failure to sufficiently safeguard electronic protected health information. One of the big challenges is the number of security controls that organizations need to deploy, often requiring numerous security point products that are costly to procure and difficult to deploy and manage.
To help you achieve HIPAA compliance, including satisfying the HIPAA Security Rule, you need a HIPAA compliance software solution that is easy to deploy and monitors your critical infrastructure.
AlienVault Unified Security management (USM) delivers a comprehensive threat detection, incident response, and HIPAA compliance management solution for your cloud and on-premises environments that costs less and delivers results in significantly less time than traditional SIEM products.
The AlienVault USM platform delivers multiple security essentials to help you prepare for your next HIPAA audit faster and more easily, and in a single, unified platform:
- Discover all IP-enabled assets, including OS details, across your on-premises and cloud environments
- Identify systems with vulnerabilities, understand which assets are high-, medium-, and low risk, and identify any available patches or workarounds
- Intrusion detection detects threats, including malware and ransomware, that are active in your network with advanced, automatic correlation
- Identify both successful and failed logon attempts, and monitor user and administrator activities
- Accelerate incident response with built-in remediation guidance for every alarm, and integrated orchestrated responses that can be manually or automatically executed
- Collect events from across your on-premises and cloud environments and cloud applications for analysis, and store them for at least 12 months
- Be assured that you’re protected with continuously updated threat intelligence delivered automatically to the USM platform, including the latest correlation directives, vulnerability assessment signatures, IDS rules, guided threat responses and more
- Easily report on security controls required for HIPAA requirements with the built-in HIPAA reports, and the ability to create new custom reports and views to meet reporting requirements specific to your organization
Threat Detection for Healthcare Organizations
According to the Identity Theft Resource Center, healthcare organizations suffered 34.5% of breaches identified in 2016. It’s nearly impossible to stop a persistent attacker from penetrating even the most secure environment. Therefore, it’s essential to not only focus on preventing attacks, but also on detecting and responding to attacks as quickly as possible.
AlienVault USM has helped healthcare organizations like Shriners Hospitals, Kaiser Permanente and Novo Nordisk accomplish these key tasks:
- Identify vulnerabilities on assets that store electronic protected health information (ePHI)
- Maintain an audit log of who has accessed ePHI, helping meet audit management requirements
- Identify systems communicating with malicious IPs, a sign of possible compromise
- Identify and respond to security incidents, including remediation advice for every alert
Comprehensive Reporting and Log Management for HIPAA Compliance
HIPAA Part § 164.312 (B) “Audit Controls” states that you must “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.” AlienVault USM is updated regularly with new compliance reports as these regulatory standards evolve, greatly reducing the time required to assess HIPAA compliance.
HIPAA Part § 164.312 (C) (2) deals with data integrity and requires that any covered organization “Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.”
The AlienVault USM platform helps entities satisfy this requirement by providing File Integrity Monitoring (FIM) on files as well as Windows registry entries and digitally signed audit logs. The USM platform’s FIM feature performs regular audits on files (ePHI, security configuration, or other sensitive files) to identify any unanticipated or unauthorized changes that could be an attack or create a misconfiguration that opens new vulnerabilities.
To ensure that the logs themselves have not been tampered with, the AlienVault USM platform implements multiple levels of protection of your security data in transit and at rest. This ensures the integrity and confidentiality of your security data, which allows for your logs to be admissible in a court of law.
Discover How AlienVault USM Supports HIPAA Requirements
HIPAA Standard | HIPAA Requirement | Examples of How AlienVault USM Helps |
---|---|---|
§164.308(a)(1) - Security Management Process Implement policies and procedures to prevent, detect, contain, and correct security violations. |
§164.308(a)(1)(ii)(A) - Risk Analysis
§164.308(a)(1)(ii)(D) - Information System Activity Review |
|
§164.308(a)(3) - Workforce Security Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information ..., and to prevent those workforce members who do not have access ... from obtaining access to electronic protected health information. |
§164.308(a)(3)(ii)(A) - Authorization and/or Supervision §164.308(a)(3)(ii)(C) - Termination Procedures |
|
§164.308(a)(4) - Information Access Management Implement policies and procedures to prevent, detect, contain, and correct security violations. |
§164.308(a)(4)(ii)(C) - Access Establishment and Modification |
|
§164.308(a)(5) - Security Awareness and Training Procedures for monitoring log-in attempts and reporting discrepancies |
§164.308(a)(5)(ii)(A) - Security Reminders §164.308(a)(5)(ii)(B) - Protection from Malicious Software §164.308(a)(5)(ii)(C) - Log-in Monitoring §164.308(a)(5)(ii)(D) - Password Management |
|
§1164.308(a)(6) - Security Incident Procedures Implement policies and procedures to prevent, detect, contain, and correct security violations. |
§164.308(a)(6)(ii) - Response and Reporting |
|
§164.308(a)(7) - Contingency Plan Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information. |
§164.308(a)(7)(ii)(E) - Applications and Data Criticality Analysis |
|
§164.312(a) - Access Control Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights. |
§164.312(a)(2)(iii) - Automated Logoff §164.312(a)(2)(iv) - Encryption and Decryption |
|
§164.312(b) - Audit Controls Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. |
|
|
§164.312(c)(1) - Integrity Implement policies and procedures to protect electronic protected health information from improper alteration or destruction. |
§164.312(c)(2) - Audit Controls |
|
§164.312(e)(1) - Transmission Security Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. |
§164.312(e)(2)(i) - Integrity Controls §164.312(e)(2)(ii) - Encryption |
|
ISO 27001 Compliance:
Quickly Gain Essential Security Controls You Expect from ISO 27001 Compliance Software in One Powerful Product
ISO/IEC 27001 provides guidance for implementing information security controls to achieve a consistent and reliable security program. The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) developed 27001 to provide a worldwide standard for information security.
Achieving ISO 27001 compliance can be challenging for many organizations because of its broad scope, especially for organizations with limited resources. Yet, you can accelerate ISO 27001 information security compliance by simplifying, consolidating, and automating essential security controls for threat detection and incident response.
AlienVault Unified Security Management (USM) does just that. The unified platform delivers multiple essential security capabilities needed to demonstrate ISO 27001 security compliance as well as out-of-the-box reporting templates specifically for ISO 27001. With AlienVault USM, you can be ready for your compliance audit sooner and with greater confidence.
The AlienVault USM platform delivers the essential security management you need for ISO 27001 security compliance, including
Unified Asset Discovery & Vulnerability Assessment
- Asset discovery & inventory
- Vulnerability assessment
Continuous Security Monitoring
- Automated log collection and storage
- IDS and file integrity monitoring
- SIEM event correlation
Flexible Security Analytics Dashboards & Reports
- Pre-built reporting templates for ISO 27001
- Flexible, customizable data views accelerate audit responses
Unified Asset Discovery and Vulnerability Assessment
A fundamental component of ISO 27001 compliance is creating and maintaining a comprehensive asset inventory. AlienVault USM includes automated asset discovery capabilities that give you full and always up-to-date visibility of the devices that are on your cloud and on-premises environments.
Using this asset inventory, AlienVault USM performs vulnerability assessment and alerts you to the vulnerabilities on those assets that could be exploited by an attacker. With a unified view of your assets and vulnerabilities prioritize by risk severity, you can prioritize your remediation activities to deal with the most severe vulnerabilities or most business‑critical assets first.
In addition, AlienVault USM correlates intrusion detection data from its built‑in IDS capabilities with asset and vulnerability information, so you know which of your vulnerabilities are actively being exploited in your environment.
Continuous Security Monitoring with AlienVault USM
ISO 27001 compliance requires the aggregation of event data from multiple systems into a single view. AlienVault USM delivers the security visibility you need in a single platform – saving you the time and expense of manually aggregating this data.
Because the AlienVault USM platform combines multiple essential security controls, it provides a consolidated view of the information you need to detect policy violations and to reduce time to compliance.
- Automated log collection and storage consolidates security events from across your cloud and on-premises environments
- Built-in Intrusion Detection Systems (IDS) detect malicious activity targeting your assets
- File Integrity Monitoring (FIM) detects changes in critical files on-premises
- SIEM event correlation alerts you to the active threats against your critical infrastructure
This unified approach allows you to quickly answer the critical questions that are required for ISO 27001 compliance:
- What are my critical assets and how are they configured?
- Where are my critical assets located?
- How is my environment segmented to limit access to these assets?
- Who (users and machines) has access to these resources?
- What are the vulnerabilities that affect my compliance status?
- What constitutes baseline or “normal” activity in my network?
- Which users are violating policies?
- What are my privileged users doing?
Demonstrate ISO 27001 Compliance with Pre-Built Reports & Dashboards
Whether to manage the daily monitoring of your environment, to present the state of your security to your management, or to demonstrate to your auditor that your security controls are in place and fully functional, having reporting and data visualization capabilities can save you significant time and effort.
The rich reporting and data visualization features in AlienVault USM make it simple and fast to get the security visibility you need. The platform delivers pre-built reports that map directly to ISO 27001 requirements. You can easily customize and export any of the compliance reports to satisfy an auditor’s specific request.
AlienVault USM includes the following ISO 27001 reports:
ISO 27001 A.6.1.4 Contact with special interest groups
Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained.
ISO 27001 A.8.1.1 Inventory of assets
Assets associated with information and information processing facilities shall be identified and an inventory of these assets shall be drawn up and maintained.
ISO 27001 A.8.1.2 Ownership of assets
Assets maintained in the inventory shall be owned.
ISO 27001 A.8.2.1 Classification of information
Information shall be classified in terms of legal requirements, value, criticality and sensitivity to unauthorised disclosure or modification.
ISO 27001 A.8.2.2 Labeling of information
An appropriate set of procedures for information labelling shall be developed and implemented in accordance with the information classification scheme adopted by the organization
ISO 27001 A.11.2.6 Security of equipment and assets off‑premises
Security shall be applied to off-site assets taking into account the different risks of working outside the organization’s premises.
ISO 27001 A.12.2.1 Controls against malware
Detection, prevention and recovery controls to protect against malware shall be implemented, combined with appropriate user awareness.
ISO 27001 A.12.4.1 Event logging
Event logs recording user activities, exceptions, faults and information security events shall be produced, kept and regularly reviewed.
ISO 27001 A.12.4.2 Linux: Protection of log information
Logging facilities and log information shall be protected against tampering and unauthorized access.
ISO 27001 A.12.4.2 Windows: Protection of log information
Logging facilities and log information shall be protected against tampering and unauthorized access.
ISO 27001 A.12.7.1 Information systems audit controls
Audit requirements and activities involving verification of operational systems shall be carefully planned and agreed to minimize disruptions to business processes.
ISO 27001 A.16.1.2 Reporting information security events
Information security events shall be reported through appropriate management channels as quickly as possible.
ISO 27001 A.16.1.4 Assessment of and decision on information security events
Information security events shall be assessed and it shall be decided if they are to be classified as information security incidents.
ISO 27001 A.18.2.2 Compliance with security policies and standards
Managers shall regularly review the compliance of information processing and procedures within their area of responsibility with the appropriate security policies, standards and any other security requirements.
ISO 27001 A.18.2.3 Technical compliance review
Information systems shall be regularly reviewed for compliance with the organization’s information security policies and standards.
Areas Where AlienVault USM Can Support Adoption of ISO 27001
ISO 27001 Control Objective | ISO 27001 Control | Examples of How the USM Platform Helps |
---|---|---|
A.8 - Asset Management | ||
A.8.1 - Responsibility for assets | A.8.1.1 - Inventory of Assets |
|
A.9 - Access Control | ||
A.9.2 - User Access Management | A.9.2.2 - User access provisioning |
|
A.9.2.3 - Management of privileged access rights |
|
|
A.12 - Operations Security | ||
A.12.2 - Protection from malware | A.12.2.1 - Controls against malware |
|
A.12.4 - Logging and monitoring | A.12.4.1 - Event logging |
|
A.12.4.2 - Protection of log information |
|
|
A.12.4.3 - Administrator and operator logs |
|
|
A.12.4.4 - Clock synchronization |
|
|
A.12.6 - Technical Vulnerability Management | A.12.6.1 - Management of technical vulnerabilities |
|
A.13 - Communications Security | ||
A.13.1 - Network security management | A.13.1.1 - Network controls |
|
A.13.2 - Information transfer | A.13.2.3 - Electronic messaging |
|
A.14 - System acquisition, development and maintenance | ||
A.14.1 - Security requirements of information systems | A.14.1.2 - Security application services on public networks |
|
A.14.1.3 - Protection application services transactions |
|
|
A.16 - Information security incident management | ||
A.16.1 - Management of information security incidents and improvements | A.16.1.2 - Reporting information security events |
|
A.16.1.4 - Assessment of and decision on information security events |
|
|
A.16.1.5 - Response to information security incidents |
|
|
A.16.1.6 - Learning from information security incidents |
|
|
A.16.1.7 - Collection of evidence |
|
|
A.17 - Information security assets of business continuity management | ||
A.17.1 - Information security continuity | A.17.1.2 - Implementing information security continuity |
|
A.18 - Complianc | ||
A.18.1 - Compliance with legal and contractual requirements | A.18.1.3 - Protection of records |
|
PCI DSS Compliance:
Simplify and Accelerate PCI DSS Compliance with One Powerful Product
PCI DSS compliance software is a must-have for any organization that handles credit card data or other types of payment card data. Failure to comply can result in PCI DSS penalties and fines imposed daily, and a data breach resulting from non-compliance could cost millions in settlements, legal fees, and loss of reputation.
Yet, many IT security teams struggle to meet the many security technology requirements defined by PCI DSS 3.2. It can be difficult to know which security tools you need to achieve PCI DSS compliance. It doesn’t help that organizations are often racing to get ready for their next, fast-approaching PCI audit.
AlienVault Unified Security Management (USM) delivers everything you need to get ready for your next PCI DSS audit in one affordable, easy-to-use solution. It combines the essential security technologies you need to demonstrate compliance, including asset discovery, vulnerability assessment, log management, file integrity monitoring, and others. It also provides predefined compliance reports out of the box and automatic threat intelligence updates, helping you to stay in compliance with continuous security monitoring.
Unlike other PCI compliance software, it can take as little as one day to fully deploy the AlienVault USM platform for compliance management. You can centralize monitoring of all your on-premises, AWS or Azure cloud, and cloud applications, helping you to achieve PCI DSS compliance faster and ensure continuous security and compliance monitoring of all your environments. The AlienVault USM platform is also certified as PCI DSS compliant, giving you the assurance you need in a security monitoring platform for cloud, on-premises, and hybrid environments.
The AlienVault USM platform delivers multiple security essentials to help you to prepare for your next PCI audit faster and more easily.
Multiple PCI DSS Compliance Must-Haves in One Solution
- Asset Discovery and Inventory
- Vulnerability Assessment
- Intrusion Detection (IDS)
- File Integrity Monitoring (FIM)
- SIEM Event Correlation
- Log Management & Monitoring
- PCI DSS Compliance Reporting
Address the Most Challenging PCI DSS Requirements
- PCI Requirement 5: Protect all systems against malware
- PCI Requirement 6: Develop and maintain secure systems and applications
- PCI Requirement 10: Track and monitor all access to network resources and cardholder data
- PCI Requirement 11: Run vulnerability scans at least quarterly, and after any significant change in your network
- PCI Requirement 12: Implement an Incident Response Plan
Everything You Need to Demonstrate PCI DSS Compliance in One Solution
The AlienVault USM platform delivers all of the following essential security capabilities in one unified solution for security and compliance management.
Asset Discovery & Inventory
PCI DSS requires you to identify all systems that are in scope of your cardholder data environment (CDE). The AlienVault USM platform automatically discovers and inventories all your critical on-premises and cloud assets. You can define custom PCI asset groups that you can use to run vulnerability scans and reports.
Vulnerability Assessment
A key PCI DSS Control Objective is to 'Maintain a Vulnerability Management Program,' and vulnerability scans are called out in several PCI DSS requirements. The AlienVault USM platform provides internal PCI compliance vulnerability scan capabilities, so you can readily detect vulnerabilities as part of your compliance and security program.
Intrusion Detection
Another PCI requirement is to implement an intrusion detection system (IDS) to monitor traffic at the perimeter of your CDE and at critical points within the CDE. AlienVault takes a multi-layered approach to intrusion detection, providing out-of-the-box network intrusion detection (NIDS), host intrusion detection (HIDS), and cloud intrusion detection.
File Integrity Monitoring
File Integrity Monitoring is called out as a best practice control across several PCI DSS requirements, and is deemed necessary to pass your audit. That’s because changes on critical servers often signal a breach, or a change that could open your system to compromise. The AlienVault USM platform includes file integrity monitoring software (FIM) as part of the unified solution.
SIEM Event Correlation
SIEM event correlation in USM captures all user activities on critical systems, as well as collection and correlation of valid and invalid authentication attempts, so you always know who is trying to access your CDE.
Log Management & Monitoring
Log management, monitoring, and retention are pillars of the AlienVault USM platform. It collects, parses, and analyzes log data from your PCI systems, alerting you to any threats facing your environment and helping you to demonstrate compliance of PCI Requirement 10.
PCI DSS Compliance Reporting
The reporting features in the AlienVault USM platform make it simple and fast to get the visibility you need to demonstrate compliance to an auditor and to maintain continuous security monitoring afterwards. The platform delivers predefined PCI DSS reports out of the box that map directly to common PCI DSS requirements. You can easily customize any of the predefined compliance reports to tailor it to an auditor’s specific request.
Support for Even the Most Challenging PCI DSS Requirements
Malware Protection: PCI DSS Requirement 5
The AlienVault USM platform helps you identify systems susceptible to known vulnerabilities, or that may not have antivirus software installed or operational. Its network, host, and cloud intrusion detection capabilities monitor for indicators of malware-based compromise. When malware is detected, the AlienVault USM platform enables the orchestration of manual or automated responses to isolate infected systems and block malicious domains.
Vulnerability Assessment: PCI DSS Requirements 6 and 11
Out of the box, the AlienVault USM platform provides vulnerability assessment that enables you to find and fix weak spots in your cloud and on-premises environments. Together, AlienVault USM’s asset discovery and vulnerability scanning tools simplify security visibility by unifying the data gathered in asset and vulnerability scans with known vulnerability information. Built-in file integrity monitoring alerts users to changes to critical files that may indicate a breach.
Incident Response Planning: PCI DSS Requirement 12
When an incident happens, make sure the correct response actions happen and that the right people get notified quickly and efficiently. The AlienVault USM platform provides the alerting and notifications you need to stay informed of your security posture 24 x 7 as well as all the relevant security data you need in one location to respond quickly and to mitigate the potential damage of a breach.
In addition, it delivers advanced security orchestration and automated incident response capabilities as a first line of defense. When an incident occurs, orchestration rules can be automatically triggered to take some action to gather additional data to help expedite your investigation and response activities.
Logging and Reporting: PCI DSS Requirement 10
The AlienVault USM platform helps you collect and protect your log records, as well as prove that you’ve done so.
PCI Requirements 10.1 - 10.4 deal with collecting audit logs, tracking access to cardholder systems and data (including failed logon attempts), monitoring actions taken by admins, and identifying any manipulation of audit logs.
The AlienVault USM platform collects log data from your applications, systems, devices, and cloud accounts. The data is parsed and immediately available to search on and run reports to evaluate what actions individual users are taking in your CDE. The AlienVault USM platform timestamps the data, which addresses section 10.4.
Requirement 10.5 requires that audit trails be secured so they cannot be altered.
The AlienVault USM platform supports a “write once, read many” (WORM) approach to prevent raw log data from being modified once they’re written to cold storage.
Requirement 10.6 mandates that you review logs and security events to identify anomalies or suspicious activity.
The AlienVault USM platform aggregates events from your applications, servers, and devices from across your on-premises and cloud environments. Customizable views, built-in and customizable PCI DSS reports, and advanced correlation capabilities simplify the ability to review data, and enable you to regularly monitor for and report out on threats and anomalies.
Requirement 10.7 mandates that you retain audit history for at least one year, with a minimum of three months immediately available for analysis.
The AlienVault USM platform stores data online for 90 days, so you can easily search and report on it per PCI compliance needs. It provides 12 months of cold storage with the ability to extend your long-term storage capacity.
Discover How AlienVault USM Supports PCI DSS Requirements
PCI Requirement | PCI Sections AlienVault USM Addresses | How AlienVault USM Helps |
---|---|---|
1. Install and maintain a firewall configuration to protect cardholder data. | 1.1, 1.2, 1.3 |
|
2. Do not use vendor-supplied defaults for system password and other security parameters. | 2.1, 2.2, 2.3, 2.4, 2.6 |
|
3. Protect stored cardholder data | 3.6, 3.7 |
|
4. Encrypt transmission of cardholder data across open, public networks | 4.1, 4.3 |
|
5. Protect all systems against malware and regularly update antivirus software or programs | 5.1, 5.2, 5.3, 5.4 |
|
6. Develop and maintain secure systems and applications | 6.1, 6.2 |
|
7. Restrict access to cardholder data by business need to know | 7.1, 7.3 |
|
8. Identify and authenticate access to system components | 8.1, 8.2, 8.5 |
|
9. Restrict pysical access to cardholder data | N/A |
|
10. Track and monitor all access to network resources and cardholder data | 10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8 |
|
11. Regularly test security systems and processes | 11.1, 11.2, 11.4, 11.5, 11.6 |
|
12. Maintain a policy that addresses information security for all personnel | 12.1, 12.5, 12.8 |
|
SOC 2 Compliance:
Streamline Your Audit with One Unified Solution for SOC 2 Compliance
The Service Organization Controls 2 (SOC 2) is a highly-desired certification for any organization that delivers services, including SaaS-delivered solutions. The certification attests that an organization has implemented security controls in line with one or more of the following principles: security, availability, processing integrity, confidentiality, and privacy.
Many IT security teams find it difficult to successfully implement the many IT security controls required to comply with the SOC 2 Security Principle. Procuring each technology can be costly, and then successfully deploying, configuring, and then performing the daily management and monitoring of all the security controls can overwhelm even large security teams. This results in SOC 2 certification being out of reach for many organizations or a very long road (and time) to satisfy each of the Common Criteria.
AlienVault Unified Security Management (USM) is a SOC 2 certified solution that helps you check many of the SOC 2 compliance requirements off your list as you work towards your next SOC 2 audit. In one affordable, easy-to-use solution, AlienVault USM combines the essential security controls you need to demonstrate compliance, including asset discovery, vulnerability assessment, log management, file integrity monitoring, and others. It also provides predefined compliance reports out of the box and automatic threat intelligence updates, helping you to stay in compliance with continuous security monitoring.
Unlike the effort to deploy and manage multiple other security controls solutions, it can take as little as one day to fully deploy the AlienVault USM platform for compliance management. You can centralize monitoring of all your on-premises, AWS or Azure cloud, and cloud applications, helping you to satisfy the common criteria required for SOC 2 compliance faster and ensure continuous security and compliance monitoring of all your environments. In addition to SOC 2, the AlienVault USM platform is also certified as PCI DSS and HIPAA compliant, giving you the assurance you need in a security monitoring platform for cloud, on-premises, and hybrid environments.
AlienVault USM delivers multiple SOC 2 compliance must-have security essentials in one unified solution, to help you to prepare for your next SOC 2 audit faster and more easily.
- Asset Discovery and Inventory
- Vulnerability Assessment
- Threat and Intrusion Detection (IDS) across host, network, and cloud environments
- File Integrity Monitoring (FIM)
- Orchestrated Incident Response
- Log Management
- Security & Compliance Reports & Views
- Integrated Threat Intelligence
Everything You Need to Demonstrate SOC 2 Compliance in One Solution
The AlienVault USM platform delivers all of the following essential security capabilities in one unified solution for security and compliance management.
Asset Discovery & Inventory
Understanding what physical and virtual assets exist across your on-premises and cloud environments (including Azure, AWS, VMware and Hyper-V) is the first step to understanding your risk and is recommended to achieve compliance with Common Criteria Controls 3.2 and 4.1 of the SOC 2 Security Principle. The AlienVault USM platform automatically discovers and inventories all your critical on-premises and cloud assets. You can define custom asset groups that you can use to run vulnerability scans and reports.
Vulnerability Assessment
The ability to run quarterly (or more) vulnerability assessments is called out across Common Criteria Controls 3.2, 4.1, 5.8, 6.1 and 7.3 of the SOC 2 Security Principle. The AlienVault USM platform provides internal compliance vulnerability scan capabilities, so you can readily and regularly detect vulnerabilities as part of your compliance and security program.
Threat Detection
Knowing the presence of threats across your infrastructure is a requirement across several Common Criteria Controls. AlienVault takes a multi-layered approach to intrusion detection, providing out-of-the-box network intrusion detection (NIDS), host intrusion detection (HIDS), and cloud intrusion detection. Advanced event correlation compares anomalies and detected threats against the known state of your environment to generate relevant alarms while reducing false positives.
File Integrity Monitoring
File Integrity Monitoring is a best practice control to identify changes that are unauthorized or that may introduce vulnerabilities and risk to your organization. FIM is a best practice to meet Common Criteria Controls CC5.1, CC6.1, and CC7.4. As part of its host-intrusion detection system, the AlienVault USM platform includes file integrity monitoring (FIM) capabilities that can monitor changes to files, directories, and the Windows Registry.
Orchestrated Incident Response
With cybersecurity, time is not on your side, and with the proliferation of single-point security solutions in the marketplace today, it’s no surprise that IT teams struggle to efficiently monitor the security of their environments and to effectively respond to incidents. The need for an efficient incident response process is outlined in Common Criteria controls CC3.2, CC5.4 and CC6.2 to expedite the mitigation of identified threats and risks to your organization. The AlienVault USM platform integrates orchestrated security response across both internal and external IT security and management tools, such as isolating a system infected by malware from the network. These responses can be initiated manually or automatically in response to detected threats, dramatically reducing the time to respond and minimizing any risk exposure.
Log Management
The ability to collect events and logs from across your servers, services, and applications, and to consolidate them centrally for storage and analysis is a security best practice and is central to the log management capability of the AlienVault USM platform. It collects, parses, and analyzes log data from your on-premises and cloud environments, facilitates analysis and correlation to detect threats, and dramatically simplifies trend analysis and forensics investigations.
Security & Compliance Reports & Views
Reports, dashboards, and views are key components to performing day-to-day monitoring of your environment, presenting status to your management, and demonstrating to an auditor that your security controls are implemented and working. The AlienVault USM platform provides numerous security event, compliance, and security framework reports to support your efforts. Available reports include those for the NIST Cybersecurity Framework (NIST CSF), to which the AICPA has published a mapping that demonstrates how you can adopt NIST CSF to demonstrate SOC 2 Compliance.
Integrated Threat Intelligence
The SOC 2 Security Principle focuses on risk identification and remediation. Yet, to successfully identify and mitigate the risks from cybersecurity threats and vulnerabilities, any security tool (or security professional) needs to know what to look for and then how to mitigate that risk. The AlienVault USM platform is continuously updated with threat intelligence, including correlation directives, threat and vulnerability assessment signatures, report updates, and incident response templates, from AlienVault Labs Security Research Team, backed by the AlienVault Open Threat Exchange (OTX). This ensures that you can detect the latest cybersecurity threats and vulnerabilities quickly, and that the guidance on how to contain and remediate the risk is available to you automatically so that you don’t have to do the research yourself.
Discover How AlienVault USM Supports SOC 2 Compliance
Control ID and Description | Relevant AlienVault Capabilities | Examples of How AlienVault USM Helps |
---|---|---|
CC3.2 The entity designs, develops, and implements controls, including policies and procedures, to implement its risk mitigation strategy |
|
|
CC4.1 The design and operating effectiveness of controls are periodically evaluated against the Security Principle commitments and requirements, corrections and other necessary actions relating to identified deficiencies are taken in a timely manner |
|
|
CC5.1 Logical access security software, infrastructure, and architecture have been implemented to support (1) identification and authentication of authorized users; (2) restriction of authorized user access to system components, or portions thereof, authorized by management, including hardware, data, software, mobile devices, output, and offline elements; and (3) prevention and detection of unauthorized access |
|
|
CC5.3 Internal and external system users are identified and authenticated when accessing the system components (for example, infrastructure, software, and data) |
|
|
CC5.6 Logical access security measures have been implemented to protect against Security Principle threats from sources outside the boundaries of the system |
|
|
CC5.8 Controls have been implemented to prevent or detect and act upon the introduction of unauthorized or malicious software |
|
|
CC6.1 Vulnerabilities of system components to security breaches and incidents due to malicious acts, natural disasters, or errors are monitored and evaluated and countermeasures are implemented to compensate for known and new vulnerabilities |
|
|
CC6.2 Security incidents, including logical and physical security breaches, failures, concerns, and other complaints, are identified, reported to appropriate personnel, and acted on in accordance with established incident response procedures |
|
|
CC7.3 Change management processes are initiated when deficiencies in the design or operating effectiveness of controls are identified during system operation and monitoring |
|
|
CC7.4 Changes to system components are authorized, designed, developed, configured, documented, tested, approved, and implemented in accordance with Security Principle commitments and requirements |
|
|