SIEM and Compliancecesmng
The first generation of SIEM systems was born back in the ’90s, in the XXth century. Primarily they were designed to monitor compliance with the new legal regulations emitted by governments like HIPAA, Sarbanes Oxley, and mainly The Payment Card Industry Data Security Standard (PCI DSS). The organizations needed to find a way to comply with the new requirements: ensure the confidentiality, integrity, and availability of all electronic information they created, received, maintained, or transmitted as well as to identify the threats to the security and protect the integrity of the data. The SIEMs made that possible implementing the collection and analysis of all data generated by an organization.
The Log files analysis provided reports about non-compliance activities and policy violations; these reports showed how effective was the management of the information held by an entity. Luckily the SIEM system evolved and added other tools to monitor the network, discover assets, detect threats, and assess the vulnerabilities, among others. However, compliance reports are still a vital function, and the newly added tools help to reach that goal.
Nowadays, the SIEM solutions in the Market like UTMSTACK® supply compliance with a multitude of regulations based on industry standards such as GDPR, HIPAA, ISO 27001, PCI DSS, SOC 2. UTMSTACK® is a full suite of monitoring, analysis, and reporting tools that ensure the effectiveness of the security controls. It delivers a comprehensive compliance report through which the organizations have the documentation suited to satisfy auditors’ demands, demonstrating the efficacy of their system management.
An essential aspect that any entity must consider before adopt a SIEM software is the organization framework: size, complexity, environment, and purposes. They need to identify how the SIEM will help to reach their goals. UTMSTACK® is a solution adjustable to the organization’s requirements, reduces the costs, and improves efficiency. For example, the PCI DSS certification it is a requirement for any business that processes credit or debit card transactions. The bigger the annual number of transactions, the harder to get the compliance which is divided into four levels according to the volume of transactions. The classification level determines what an enterprise needs to do to remain compliant. On one side, to comply with level one, an enterprise must undergo an internal audit once a year, on the other side the level four only requires a yearly vulnerability assessment, without audits. It means that the smaller organizations should focus on the control of specific log files, taking into account their limited resources. Unlike PCI DSS, which has very rigid requirements, SOC 2 is an auditing procedure that ensures that the service providers securely manage data to protect the interests of an organization and the privacy of its clients. The reports are unique to each organization, which designs its controls to comply with one or more requirements.
SOC 2 defines five norms for managing customer data: security, availability, processing integrity, confidentiality, and privacy. UTMSTACK® utilizes tools like Network and Host IDS, Threat Detection, and Vulnerability Assessment to contribute to achieve the SOC 2 certification, which is issued by outside auditors. In the same way, the General Data Protection Regulation (GDPR) is applied to organizations that collect or process data from European residents or have a residence in the UE. If an organization selling products or services, has facilities, or runs a web site in the EU, the GDPR is applied. The non-compliance of the GDPR might be penalized with fines of up to 20 million euro or the four percent of the annual incomes, and the Organizations shall make a report to the regulatory Authorities within 72 Hours after a security infraction has been detected. UTMSTACK automates the security, implementing an Intruder detection System capable of detecting an infraction as soon as it occurs and creating customized reports of all the alerts, breaches, and vulnerabilities.