Solutionary > Managed & Monitored Security Services> Log Monitoring & Management

Services and Solutions

Managed & Monitored Security Services

Event Correlation & Information Management

Device Monitoring & Management

Internal & Perimeter Vulnerability Management

Intrusion Prevention Services

PCI DSS 1.2 Monitoring

Unified Threat Management

Security Platform Services

In-the-Cloud Security

Compliance & Risk Management

Risk Assessment & Compliance Measurement

SNAPshot Security Assessment

ISO, PCI, SOX, CobiT, COSO, HIPAA Compliance Reporting

Security ROI Metrics

Benchmarking

Security Consulting Services

Application Security Assessment

Vulnerability Assessment

Certified PCI Audit Services

Policy Review & Development

Architecture Review & Development

External Penetration Assessments

Incident Response & Forensics

AT A GLANCE:
ActiveGuard log monitoring and management services streamline the audit process resulting in less effort for the security manager.
Solutionary not only provides the tools necessary for Operations and the auditors to do their jobs, but the internal resources get the tools they need to prepare for the auditors.
Solutionary log services reduce internal costs and improve the ability to respond to auditors which in turn reduces audit findings.

Solutionary provides comprehensive log monitoring and management services that are critical components of an effective security program. As with all Solutionary security services, logging isn't all or nothing. Organizations select the level of service required (monitoring and management, monitoring only, or on-demand) for only those platforms (applications, servers, endpoints) identified as critical.

For many, logging requirements are driven by compliance:

PCI DSS requires daily log monitoring and analysis:

1. Establish a process for linking all access to system components, especially
     access done with administrative privileges such as root, to each individual user;
2. Implement automated audit trails for all system components to reconstruct
     events;
3. Synchronize all critical system clocks and times;
4. Secure audit trails so they cannot be altered;
5. Review logs for all system components at least once a day;
6. Retain audit trail history for at least one year with a minimum of three months
     available online.

GLBA (Gramm-Leach-Bliley Act) Safeguard Rules are a little vague, but log monitoring is implied:

1. Detecting, preventing and responding to attacks, intrusions or other systems
     failures;
2. Design and implement information safeguards to control the risks you identify
     through risk and security assessments, and regularly test or otherwise monitor
     the effectiveness of your key controls, systems and procedures.

Sarbanes-Oxley 404 is even more vague, but again, monitoring is implied and assumed: State the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting.

HIPAA Security Rule requirements are very clear:
1. Implement procedures to regularly review records of information system activity,
     such as audit logs, access reports and security incident tracking reports;
2. Implement policies and procedures that, establish, document, review and modify a
     user's right of access to a workstation, transaction, program or process;
3. Identify and respond to suspected or known security
     incidents and document security incidents and their outcomes;
4. Implement hardware, software, and/or procedural mechanisms that record and
     examine activity in information systems that contain health information.

There is a lot to think about when considering outsourcing the vast amounts of proprietary security information logs produce. Solutionary has thought about it for you:

Product vendors cannot adequately address compliance requirements.
For example:

PCI 12.9.3 Designate specific personnel to be available on a 24/7 basis to respond to alerts
PCI 10.5.1 Limit viewing of assessment trails to those with a job-related need

24 x 7 monitoring and management or monitoring only including verification of alerts and real-time response by SOC security experts.
On-demand monitoring of critical devices as defined by the user.
Advanced threat detection achieved using multiple algorithms and non-filtered log analysis over multiple time windows to identify immediate threats and harder-to-detect slow attacks.
Trending and analysis enables organizations to review current security status, analyze trends, and improve security performance over time.
Global trending capabilities ensure advance knowledge of what others have experience that could ultimately be impacting.
Portal access for auditors to view reports created (including create date, review date, sign-off date) and ticketing audit trails. The audit activities themselves are tracked as part of the overall evidentiary process.
Forensic access for timely investigation in the event of a compromise
Report generation in real time for proof of compliance

Let them do their job! Demonstrate that you understand Audit's goals:
Prove compliance with applicable regulations
Prove effectiveness of security controls

ActiveGuard� Automated Evidence Repository:
A critical component of any solid log monitoring and management solution

Solutionary's automated evidence repository process is driven by rule-based automated workflow communications and tracking that provides evidence of appropriate controls. We store and retain logs for a minimum of one year; indexed log data for Google-like searches on terabytes of data.

Audit log of when docs are uploaded and downloaded
Assign and track documents via journal / ticketing system
Collect logs from multiple repositories on a single counsel; auditors pull from one location

Download Solutionary's Automated Evidence Repository Features & Benefits datasheet for more details.

The document repository provides a structured, centralized place for documentation

Remember, it's not just time WITH the auditors, it's the preparation.
Have your supporting documentation and evidence easily accessible by using the ActiveGuard Automated Evidence Repository.

Download our presentation on Log Monitoring & Management
Download our podcast on Log Monitoring & Management