Compliance with security standards has a direct impact on organizations of all sizes, and being non-compliant can result in serious consequences including security breaches, fines, failure of critical missions or projects, loss of revenue, and more. Join us for this webinar, in which we’ll discuss: the various compliance requirements, including PCI, HIPAA, SOX, FISMA, DISA STIGs and more, the ramifications of not being compliant, and how SolarWinds Log & Event Manager can help in your security and compliance efforts.

1. SolarWinds® Webinar
Becoming & Staying Compliant
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

2. Agenda
 Compliance Overview
 Repercussions of Non-Compliance
 Tips to Stay Compliant
 Demo
 Q&A
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

3. Which Organizations Face Compliance Regulations?
Large and small organizations alike face increasingly stringent industry and
government mandates that affect the IT infrastructure, and in turn, YOU. Moreover,
many organizations must adhere to multiple mandates.
Major Compliance Regulations: (this is not an exhaustive list; there are more!)
• PCI DSS (Payment Card Industry Data Security Standards) – applies to any organization that
stores, processes or transmits credit card data
• HIPAA (Health Insurance Portability & Accountability Act) – applies to healthcare, medical
records, insurance, and other medical related business
• SOX (Sarbanes Oxley) – applies to all publicly traded companies; corporate/financial accountability
• FISMA (Federal Information Security Act) – applies to governmental agencies, governmental
contractors and telecommunications providers who provide services to anything deemed related to
national security or organizations that operate an information system on behalf of a federal agency
• GLBA (Gramm-Leach Bliley Act) – applies to financial services industry (insurance, securities,
banking), and includes credit reporting agencies, ATM operators, appraisers, couriers, and tax preparers
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

4. Don’t Just Check a Box!
DON’T
IT compliance shouldn’t be the bare minimum you can get away with to satisfy
the auditors!
DO!
IT compliance should be seen as an opportunity to ensure the right controls
are in place to actually keep your network and sensitive data SECURE.
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

5. The Repercussions of Non-Compliance
NON-COMPLIANCE IS COSTLY IN MORE WAYS THAN ONE—WHETHER DIRECTLY OR INDIRECTLY.
Organizations that are found to be non-compliant can face serious consequences,
including:
 Hefty Fines
According to a Ponemon study of
46 multinational organizations,
 Criminal Penalties
on average, non-compliance
cost is 2.65 times the cost of
compliance.
 Lawsuits
 Brand Damage
 Loss of Customer Loyalty
 And More!
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

6. Compliance vs. Security
DON’T LOSE SIGHT OF THE FOREST FOR THE TREES!
The increasing frequency of data breaches in the news should serve as a harsh
reminder that “compliant” does not automatically equate to “secure”.
Instead of just focusing on passing an audit and avoiding a fine, compliance should
be seen first and foremost as a means to ensuring your IT infrastructure and the
critical assets it holds are indeed protected and secure.
Compliance
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
SECURE

7. 5 Tips to Maintaining Continuous Compliance AND Security
1. Define policies and establish your network security baseline
2. Collect, correlate, and securely store all relevant and required log data (don’t “over-log”)
3. Actively monitor and analyze what’s going on within the IT infrastructure at all times
4. Run regularly scheduled compliance reports
5. Leverage regulatory requirements and audits as an opportunity to truly assess
network risks and ensure the security of your entire IT infrastructure—from
perimeter to endpoint!
REMEMBER: Security and Compliance are NOT One-Time Projects, but rather Ongoing Processes.
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

8. How SolarWinds
Log & Event Manager (LEM)
Can Help
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

9. SolarWinds Log & Event Manager (LEM)
SolarWinds Log & Event Manager (LEM) can help you ensure the right measures are in
place to BE and STAY compliant—easily and affordably.
• Real-time log & event analysis to immediately identify
policy violations
• Built-in Active Responses for automated, “hands-free”
remediation
• Pre-defined, customizable compliance reports to
simplify audit process
• Advanced IT search & data visualization for fast & easy
forensics
• Secure, high-compression storage for efficient long-term
log retention
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

10. SolarWinds Log & Event Manager (LEM)
DEMO
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

11. Additional Resources
SolarWinds Log & Event Manager – Product Info and Online Demo
http://www.solarwinds.com/log-event-manager.aspx
SolarWinds Security Portfolio – Learn More about All of SolarWinds Security Products
http://www.solarwinds.com/security
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

12. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

13. Thank You!
The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of SolarWinds
Worldwide, LLC, are registered with the U.S. Patent and Trademark Office, and may be registered or
pending registration in other countries. All other SolarWinds trademarks, service marks, and logos
may be common law marks, registered or pending registration in the United States or in other
countries. All other trademarks mentioned herein are used for identification purposes only and
may be or are trademarks or registered trademarks of their respective companies.
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.