Log Monitoring and File Integrity Monitoring

1. Logging Monitoring & File Integrity Monitoring Presented by ControlCase

2. ControlCase Introduction Relevance of logging About Certifications - PCI DSS - ISO 27001 - HIPAA Components of logging/FIM solution AGENDA Challenges Q&A 2

3. CORPORATE OVERVIEW ControlCase™ Making Compliance Effortless Over 500 clients across the US, CEMEA, Europe, Latin America and Asia/Pacific regions, Headquartered in the Washington, DC metro area (Fairfax, VA) ControlCase office or partnership locations include the US, Canada, Colombia, India, UK, KSA, Japan, Indonesia, Vietnam, Philippines, Kuwait, Malaysia, Brazil and Dubai Unique offerings brings Peace of Mind to Compliance 3

4. PCI DSS Qualified Security Assessor (QSA) Company ASV: Authorized Security Vendor ISO 27001 & 27002 International Organization for Standardization SOC 1, SOC 2, SOC 3, & SOC for Cybersecurity Service Organization Controls (AICPA) HITRUST CSF Health Information Trust Alliance Common Security Framework (CSF) HIPAA Health Insurance Portability and Accountability Act NIST 800-53 National Institute of Standards and Technology GDPR General Data Protection Regulation MARS-E Minimum Acceptable Risk Standards for Exchanges PCI PIN PIN Audit Microsoft SSPA Supplier Security and Privacy Assurance Third Party Risk Assessor Shared Assessments Program Certified product licensee for SIG and AUP PA-DSS Payment Application Qualified Security Assessor (QSA) CREDENTIALS 4

5. About PCI DSS, FISMA, HIPAA and ISO 27001

6. What is PCI DSS Payment Card Industry Data Security Standard: • Guidelines for securely processing, storing, or transmitting payment card account data • Established by leading payment card issuers • Maintained by the PCI Security Standards Council (PCI SSC) 6

7. What is FISMA • Federal Information Security Management Act (FISMA) of 2002 – Requires federal agencies to implement a mandatory set of processes, security controls and information security governance • FISMA objectives: – Align security protections with risk and impact – Establish accountability and performance measures – Empower executives to make informed risk decisions 7

8. What is HIPAA • HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. HIPAA does the following: – Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs; – Reduces health care fraud and abuse; – Mandates industry-wide standards for health care information on electronic billing and other processes; and – Requires the protection and confidential handling of protected health information 8

9. What is ISO 27001/ISO 27002 ISO Standard: • ISO 27001 is the management framework for implementing information security within an organization • ISO 27002 are the detailed controls from an implementation perspective 9

10. Compliance and Security Topics covered by log monitoring & File Integrity Monitoring (FIM)

11. Logging and Monitoring 11 Reg/Standard Coverage area ISO 27001 A.7, A.12 PCI 6, 11 EI3PA 10, 11 HIPAA 164.308a1iiD FISMA SI-4  Logging  File Integrity Monitoring  24X7 monitoring  Managing volumes of data

12. Change Management and Monitoring 12 Escalation to incident for unexpected logs/alerts Response/Resolution process for expected logs/alerts Correlation of logs/alerts to change requests Change Management ticketing System Logging and Monitoring (SIEM/FIM etc.) Reg/Standard Coverage area ISO 27001 A.10 PCI 1, 6, 10 EI3PA 1, 9, 10 FISMA SA-3

13. Incident and Problem Management 13  Monitoring  Detection  Reporting  Responding  Approving Lost Laptop Changes to firewall rulesets Upgrades to applications Intrusion Alerting Reg/Standard Coverage area ISO 27001 A.13 PCI 12 EI3PA 12 HIPAA 164.308a6i FISMA IR Series

14. Logging Monitoring & FIM solution components

15. Components of a Solution 15 In Scope Asset List Status of Reporting Logging & Monitoring Matrix Alarms Daily Reports Dashboards Triangulation Discrepancy Updating Asset List

16. In Scope Asset List 16

17. Status of Reporting 17 Reporting assets Not reporting assets Sample reasons why assets stop reporting - FIM agent disconnection - Misconfigured firewall ruleset - Loss in network connectivity - Change is server or device configuration - Change in log settings

18. Logging and Monitoring Matrix 18 - PCI 10.2.x - PCI 12.10.5 - PCI 10.7 - PCI 10.8 - PCI 11.5 - PCI 1.3.x - PCI 8.1.5 - Other compliance use cases - Disconnected Systems - Surge in traffic - Other Business as Usual cases Use Cases - Servers - IDS/IPS - Databases - Antivirus - Firewalls Source of Log - Individual Access to PII - Actions by root/admin - Failed login attempts - Monitor IDS/IPS events - Malware Events - Disconnected Systems - File Integrity Monitoring - User Access Trigger Points

19. Alarms – Security Use Cases 19 Monitor IDS/IPS events Customer IDS/IPS 12.10.5 List of malware infected systems Customer Antivirus Solution 10.7 List of systems not within baseline of log volume Customer Servers and Databases, Firewalls Monitor surge in log traffic Customer Servers and Databases, Firewalls

20. Daily Reports – Compliance Use Cases 20 Trigger points Source of log PCI Requirement Individual user access to card data Customer Servers and Databases 10.2.1 Actions taken by root or admin access Customer Servers and Databases, Firewalls, IDS/IPS 10.2.2 Failed login attempts Customer Servers and Databases, Firewalls, IDS/IPS 10.2.3

21. Centralized Dashboard 21

22. Updating Asset List using Triangulation 22 Updated Asset List Identity and Access Management Data Asset List Vulnerability Data

23. Challenges in Logging and Monitoring Space

24. #ALLMYDATA 24 #ALLMYDATA • Long deployment cycles • Skills to manage the product(s) • Management of infrastructure • Disparate components – FIM, syslog etc. • 24X7X365 monitoring • Increased regulations • Reducing budgets (Do more with less) Challenges

25. ControlCase Solution

26. YOU SEE IT IN NEW REGULATIONS ControlCase Solution ISO •Agents are installed on each Workstation •Agents monitor File changes for the File Integrity Monitoring (FIM) requirement and also gather and transmit all logs relevant from a compliance perspective to the Log Collector/Sensor on our Appliance • ControlCase appliance registers and tracks all agents in the field •The sensor/collector collects and compresses logs coming in from the various agents •The logs are finally transported securely to our SIEM console in our Security Operations Center (SOC) •The SIEM console gathers all the logs, correlates them and identifies threats and anomalies as required by compliance regulations •SOC personnel monitor the SIEM console 24x7x365 and alert our clients and our Analyst teams about any potential issues related to compliance reporting Customer Location Service Provider ControlCase SOC

27. THANK YOU Q&A ControlCase: Making Compliance Effortless

Log Monitoring and File Integrity Monitoring

Log Monitoring and File Integrity Monitoring

Recommandé

Contenu connexe

Tendances

Tendances(20)

Similaire à Log Monitoring and File Integrity Monitoring

Similaire à Log Monitoring and File Integrity Monitoring(20)

Plus de ControlCase

Plus de ControlCase(15)

Dernier

Dernier(20)

Log Monitoring and File Integrity Monitoring