Analytics-Driven Compliance Automation – ICS 500-27 Enterprise Audit Compliance ©2016 Qmulos, LLC. All rights reserved.

Q-AUDIT Analytics-Driven Compliance Automation

QmuloshascreatedthefirstandonlySplunkappthatautomatesauditcontrolmonitoringandcompliancebasedonthe“goldstandard”forauditing(IntelligenceCommunityStandard500-27).Customerscansavethousandsoflabor-intensivehoursandautomaticallygenerateup-to-dateregulatorycompliancereportsatthetouchofabutton.

OurEnterpriseAuditSolution:

Instantly shows auditors exactlywhat theywantto see, out of the box, for ICS 500-27 aswell asNISTandDoDauditstandards

Uses data from all your Windows and Linuxsystems; information is collected fromMicrosoftWindows, Microsoft Active Directory, and Linuxauditlogs

Eliminates risk by using your existing Splunkinfrastructure; theapp installs in Splunkand canquickly integrate compliance data withinformation from an organization's existingsecuritystack

Keeps the auditors from shutting your networkdown;therearenumerousconsequencesofnon-compliance including financial, operational, andregulatoryrisks

In addition to its compliance functionality, theapphelps analystsmake senseof the currententerprisesecurityposture throughaseriesofdetailedcontextualdashboards.Eachauditableeventhasacustomdashboardthatprovidesadeepdiveintothecurrentstatusandhelpsmakesuspiciousactivitiesevident.

ICS 500-27 Auditable Events • Authentication Events • File and Object Events • Writes to External

Devices/Media • Reads from External

Devices/Media • User Management Events • Group Management Events • Use of Privileged/Special

Rights • Admin or Root-Level Access • Privilege/Role Escalation • Audit and Log Data Accesses • System Reboot and

Shutdown • Print to a Device • Print to a File • Application Initialization • Export of Information • Import of Information

Analytics-Driven Compliance Automation – ICS 500-27 Enterprise Audit Compliance ©2016 Qmulos, LLC. All rights reserved.

SUMMARY DASHBOARD Provides summary counts of all audit-relatedeventsthatoccurredthepreviousday

When reviewing this dashboard, analysts look forunusually high numbers that may indicateabnormalactivity.Clickingonanyof thenumbershere will take you to amore detailed dashboardwhereyoucangetmoreinformation.

COMPLIANCE REPORT DASHBOARD Providestabulardatacorrespondingtothesummaryvaluesonthesummarypage

Eachtableshowsrecenteventsforauditcategories.Clickingonanyofthetabsatthetopbringsuptablesforeachauditcategory.

Onthisdashboard,youcanfurtherinvestigateanyvaluesfromthesummarydashboard.Example:Visitingthefiletabprovidesalistoffileswhosepermissionshaverecentlybeenchanged.

EVENT TYPE DASHBOARDS Similarly, each event type has its owndashboardthatusesinnovativevisualizationtoenable auditors and analysts to quicklyunderstandtheunderlyingdata

Our app is based on Splunk® Enterprise andscales to environments generating tens ofterabytesperday.

Our accelerated data models provide rapidquery and visualization customization for moreadvanceduserswhowish to strikeout on theirown. An award winner at the 2015 “SplunkApptitude” Insider Threat competition, Qmuloscontinues to provide thought leadership andinnovation to solve our customers’most vexingsecurityproblems.

Securityishard;complianceshouldn’tbe.Pleasecontactsales@qmulos.com,visitwww.qmulos.com,orcall1-844-476-8567formoreinformationortoscheduleanon-sitedemo.