log monitoring and file integrity monitoring
TRANSCRIPT
![Page 1: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/1.jpg)
Log Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA
By Kishor Vaswani, CEO - ControlCase
![Page 2: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/2.jpg)
Agenda
• ControlCase Overview• About PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA
• Components of a scalable solution
• Challenges
• Q&A
![Page 3: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/3.jpg)
ControlCase™ Corporate Overview
Products/Services include ‘Compliance as a Service (CaaS) – PCI, ISO, EI3PA, HIPAA’, ‘Data Discovery Product’ and ‘Certifications/Audits – PCI, ISO 27001, EI3PA, SIG/AUP, HIPAA, HITRUST, FISMA, FedRAMP, SOC1, SOC2 and SOC3’
Over 500 clients IN 40 COUNTRIES across US, CEMEA, Europe and Asia/Pacific regions
Headquartered out of Fairfax, VA - USA Offices & Personnel in Canada, Columbia, India, UK, Belgium, Indonesia, Philippines and Dubai
![Page 4: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/4.jpg)
Other
PCI DSSQualified Security
Assessor (QSA) Company
ISO 27001 & 27002International Organization
for Standardization
SOC 1, SOC 2 & SOC 3Service Organization
Controls (AICPA)
HITRUST CSFHealth Information Trust
Alliance Common Security Framework (CSF)
HIPAAHealth Insurance
Portability and Accountability Act
MARS-EMinimum Acceptable Risk Standards for Exchanges
Privacy ShieldEU-U.S. and Swiss-U.S.
Privacy Shield Frameworks
NIST 800-53National Institute of
Standards and Technology
EI3PAExperian Independent Third Party Assessment
PA-DSSPayment Application
Qualified Security Assessor (QSA)
Third Party Risk Assessor Licensed by the Shared Assessments Program
Shared Assessments Program
Certified product licensee for SIG and AUP
![Page 5: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/5.jpg)
About PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA
![Page 6: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/6.jpg)
What is PCI DSS?
Payment Card Industry Data Security Standard:
• Guidelines for securely processing, storing, or transmitting payment card account data
• Established by leading payment card issuers• Maintained by the PCI Security Standards Council
(PCI SSC)
![Page 7: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/7.jpg)
What is FISMA
• Federal Information Security Management Act (FISMA) of 2002› Requires federal agencies to implement a mandatory set of
processes, security controls and information security governance
• FISMA objectives:› Align security protections with risk and impact› Establish accountability and performance measures› Empower executives to make informed risk decisions
![Page 8: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/8.jpg)
What is EI3PA?
Experian Security Audit Requirements:
• Experian is one of the three major consumer credit bureaus in the United States
• Guidelines for securely processing, storing, or transmitting Experian Provided Data
• Established by Experian to protect consumer data/credit history data provided by them
![Page 9: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/9.jpg)
What is HIPAA• HIPAA is the acronym for the Health Insurance
Portability and Accountability Act that was passed by Congress in 1996. HIPAA does the following:› Provides the ability to transfer and continue health
insurance coverage for millions of American workers and their families when they change or lose their jobs;
› Reduces health care fraud and abuse;› Mandates industry-wide standards for health care
information on electronic billing and other processes; and › Requires the protection and confidential handling of
protected health information
![Page 10: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/10.jpg)
What is ISO 27001/ISO 27002
ISO Standard:
• ISO 27001 is the management framework for implementing information security within an organization
• ISO 27002 are the detailed controls from an implementation perspective
![Page 11: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/11.jpg)
Components of a solution
![Page 12: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/12.jpg)
Logging and MonitoringReg/Standard Coverage area
ISO 27001 A.7, A.12
PCI 6, 11
EI3PA 10, 11HIPAA 164.308a1iiDFISMA SI-4
Logging File Integrity Monitoring 24X7 monitoring Managing volumes of data
![Page 13: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/13.jpg)
Components of a Logging/FIM/Monitoring solution
List of Assets
Log Generation
FIM Alerts
Correlation using SIEM
Centralized Dashboard
24X7x365 monitoring
Change Management
Incident Management
![Page 14: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/14.jpg)
Assets
• Comprehensive asset list during deployment
• Continuous monitoring for new assets and assets dropping off
• Correlation with other sources such as scanning and asset management repositories
• Alerts in case of new assets and assets dropping off
![Page 15: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/15.jpg)
Log Generation
• Servers – syslog, Windows logs• Network devices – syslog, SNMP, SDEE • Security devices – syslog, SNMP, SDEE• Mainframes – SFTP, flat files• Databases – Localized logging, database logging
software in case local logging is resource intensive
• Applications – Database lookup, SFTP, custom plugins
![Page 16: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/16.jpg)
FIM Alerts
• Agents such as ossec
• Software such as ControlCase HIDS, Tripwire etc.
• Integration with log alerts
• Monitoring vs. expected changes
![Page 17: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/17.jpg)
Security Information and Event Management
• Consolidated alerts from› Syslog› Custom sources› FIM alerts› SFTP
• Correlation of data based on› Source/Destination IP addresses› Source of alerts› Vulnerabilities› Past history› User performing action
![Page 18: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/18.jpg)
Centralized Dashboard
![Page 19: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/19.jpg)
Example of 24X7X365 Monitoring
![Page 20: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/20.jpg)
Change Management and Monitoring
Escalation to incident for unexpected logs/alerts
Response/Resolution process for expected logs/alerts
Correlation of logs/alerts to change requests
Change Management ticketing System
Logging and Monitoring (SIEM/FIM etc.)
Reg/Standard Coverage area
ISO 27001 A.10
PCI 1, 6, 10
EI3PA 1, 9, 10FISMA SA-3
![Page 21: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/21.jpg)
Incident and Problem Management Monitoring Detection Reporting Responding Approving
Lost LaptopChanges to
firewall rulesets
Upgrades to
applications
Intrusion Alerting
Reg/Standard Coverage area
ISO 27001 A.13
PCI 12
EI3PA 12HIPAA 164.308a6iFISMA IR Series
![Page 22: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/22.jpg)
Challenges in Logging and Monitoring Space
![Page 23: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/23.jpg)
Challenges
• Long deployment cycles• Skills to manage the product(s)• Management of infrastructure• Disparate components – FIM, syslog etc.• 24X7X365 monitoring• Increased regulations• Reducing budgets (Do more with less)
![Page 24: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/24.jpg)
ControlCase Solution
![Page 25: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/25.jpg)
ControlCase Log Management Solution
•Agents are installed on each Workstation•Agents monitor File changes for the File Integrity Monitoring (FIM) requirement and also gather and transmit all logs relevant from a compliance perspective to the Log Collector/Sensor on our Appliance
• ControlCase appliance registers and tracks all agents in the field•The sensor/collector collects and compresses logs coming in from the various agents•The logs are finally transported securely to our SIEM console in our Security Operations Center (SOC)
•The SIEM console gathers all the logs, correlates them and identifies threats and anomalies as required by compliance regulations•SOC personnel monitor the SIEM console 24x7x365 and alert our clients and our Analyst teams about any potential issues related to compliance reporting
Customer Location Service Provider ControlCase SOC
![Page 26: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/26.jpg)
Why Choose ControlCase?
• Global Reach
› Serving more than 400 clients in 40 countries and rapidly growing
• Certified Resources
› PCI DSS Qualified Security Assessor (QSA)
› QSA for Point-to-Point Encryption (QSA P2PE)
› Certified ASV vendor
› Certified ISO 27001 Assessment Department
› EI3PA Assessor
› HIPAA Assessor
![Page 27: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/27.jpg)
To Learn More About PCI Compliance or Data Discovery…
• Visit www.ControlCase.com
• Call +1.703.483.6383 (US)
• Call +91.9820293399 (India)
• Kishor Vaswani (CEO) –
![Page 28: Log Monitoring and File Integrity Monitoring](https://reader035.vdocuments.net/reader035/viewer/2022062412/58ef441d1a28ab755d8b464b/html5/thumbnails/28.jpg)
Thank You for Your Time