Analytics-Driven Compliance Automation
Transcript of Analytics-Driven Compliance Automation
Analytics-Driven Compliance Automation – ICS 500-27 Enterprise Audit Compliance ©2016 Qmulos, LLC. All rights reserved.
Q-AUDIT Analytics-Driven Compliance Automation
QmuloshascreatedthefirstandonlySplunkappthatautomatesauditcontrolmonitoringandcompliancebasedonthe“goldstandard”forauditing(IntelligenceCommunityStandard500-27).Customerscansavethousandsoflabor-intensivehoursandautomaticallygenerateup-to-dateregulatorycompliancereportsatthetouchofabutton.
OurEnterpriseAuditSolution:
Instantly shows auditors exactlywhat theywantto see, out of the box, for ICS 500-27 aswell asNISTandDoDauditstandards
Uses data from all your Windows and Linuxsystems; information is collected fromMicrosoftWindows, Microsoft Active Directory, and Linuxauditlogs
Eliminates risk by using your existing Splunkinfrastructure; theapp installs in Splunkand canquickly integrate compliance data withinformation from an organization's existingsecuritystack
Keeps the auditors from shutting your networkdown;therearenumerousconsequencesofnon-compliance including financial, operational, andregulatoryrisks
In addition to its compliance functionality, theapphelps analystsmake senseof the currententerprisesecurityposture throughaseriesofdetailedcontextualdashboards.Eachauditableeventhasacustomdashboardthatprovidesadeepdiveintothecurrentstatusandhelpsmakesuspiciousactivitiesevident.
ICS 500-27 Auditable Events • Authentication Events • File and Object Events • Writes to External
Devices/Media • Reads from External
Devices/Media • User Management Events • Group Management Events • Use of Privileged/Special
Rights • Admin or Root-Level Access • Privilege/Role Escalation • Audit and Log Data Accesses • System Reboot and
Shutdown • Print to a Device • Print to a File • Application Initialization • Export of Information • Import of Information
Analytics-Driven Compliance Automation – ICS 500-27 Enterprise Audit Compliance ©2016 Qmulos, LLC. All rights reserved.
SUMMARY DASHBOARD Provides summary counts of all audit-relatedeventsthatoccurredthepreviousday
When reviewing this dashboard, analysts look forunusually high numbers that may indicateabnormalactivity.Clickingonanyof thenumbershere will take you to amore detailed dashboardwhereyoucangetmoreinformation.
COMPLIANCE REPORT DASHBOARD Providestabulardatacorrespondingtothesummaryvaluesonthesummarypage
Eachtableshowsrecenteventsforauditcategories.Clickingonanyofthetabsatthetopbringsuptablesforeachauditcategory.
Onthisdashboard,youcanfurtherinvestigateanyvaluesfromthesummarydashboard.Example:Visitingthefiletabprovidesalistoffileswhosepermissionshaverecentlybeenchanged.
EVENT TYPE DASHBOARDS Similarly, each event type has its owndashboardthatusesinnovativevisualizationtoenable auditors and analysts to quicklyunderstandtheunderlyingdata
Our app is based on Splunk® Enterprise andscales to environments generating tens ofterabytesperday.
Our accelerated data models provide rapidquery and visualization customization for moreadvanceduserswhowish to strikeout on theirown. An award winner at the 2015 “SplunkApptitude” Insider Threat competition, Qmuloscontinues to provide thought leadership andinnovation to solve our customers’most vexingsecurityproblems.
Securityishard;complianceshouldn’[email protected],visitwww.qmulos.com,orcall1-844-476-8567formoreinformationortoscheduleanon-sitedemo.