Log Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA

By Kishor Vaswani, CEO - ControlCase

Agenda

• ControlCase Overview• About PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA

• Components of a scalable solution

• Challenges

• Q&A

ControlCase Overview

• More than 400 customers in more than 40 countries.

• Recognized as a Inc 500/5000 company.

• Continued focus on PCI DSS and Compliance as a Service (CAAS).

• Continued update and use of technology based on feedback from customers (including many in this room)

About PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA

What is PCI DSS?

Payment Card Industry Data Security Standard:

• Guidelines for securely processing, storing, or transmitting payment card account data

• Established by leading payment card issuers• Maintained by the PCI Security Standards Council

(PCI SSC)

What is FISMA

• Federal Information Security Management Act (FISMA) of 2002› Requires federal agencies to implement a mandatory set of

processes, security controls and information security governance

• FISMA objectives:› Align security protections with risk and impact› Establish accountability and performance measures› Empower executives to make informed risk decisions

What is EI3PA?

Experian Security Audit Requirements:

• Experian is one of the three major consumer credit bureaus in the United States

• Guidelines for securely processing, storing, or transmitting Experian Provided Data

• Established by Experian to protect consumer data/credit history data provided by them

What is HIPAA

• HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. HIPAA does the following:› Provides the ability to transfer and continue health

insurance coverage for millions of American workers and their families when they change or lose their jobs;

› Reduces health care fraud and abuse;› Mandates industry-wide standards for health care

information on electronic billing and other processes; and › Requires the protection and confidential handling of

protected health information

What is ISO 27001/ISO 27002

ISO Standard:

• ISO 27001 is the management framework for implementing information security within an organization

• ISO 27002 are the detailed controls from an implementation perspective

Components of a solution

Logging and MonitoringReg/Standard Coverage area

ISO 27001 A.7, A.12

PCI 6, 11

EI3PA 10, 11HIPAA 164.308a1iiDFISMA SI-4

Logging File Integrity Monitoring 24X7 monitoring Managing volumes of data

Components of a Logging/FIM/Monitoring solution

List of Assets

Log Generation

FIM Alerts

Correlation using SIEM

Centralized Dashboard

24X7x365 monitoring

Change Management

Incident Manageme

nt

Assets

• Comprehensive asset list during deployment

• Continuous monitoring for new assets and assets dropping off

• Correlation with other sources such as scanning and asset management repositories

• Alerts in case of new assets and assets dropping off

Log Generation

• Servers – syslog, Windows logs• Network devices – syslog, SNMP, SDEE • Security devices – syslog, SNMP, SDEE• Mainframes – SFTP, flat files• Databases – Localized logging, database logging

software in case local logging is resource intensive

• Applications – Database lookup, SFTP, custom plugins

FIM Alerts

• Agents such as ossec

• Software such as ControlCase HIDS, Tripwire etc.

• Integration with log alerts

• Monitoring vs. expected changes

Security Information and Event Management

• Consolidated alerts from› Syslog› Custom sources› FIM alerts› SFTP

• Correlation of data based on› Source/Destination IP addresses› Source of alerts› Vulnerabilities› Past history› User performing action

Centralized Dashboard

Example of 24X7X365 Monitoring

Change Management and Monitoring

Escalation to incident for unexpected logs/alerts

Response/Resolution process for expected logs/alerts

Correlation of logs/alerts to change requests

Change Management ticketing System

Logging and Monitoring (SIEM/FIM etc.)

Reg/Standard Coverage area

ISO 27001 A.10

PCI 1, 6, 10

EI3PA 1, 9, 10FISMA SA-3

Incident and Problem Management

Monitoring Detection Reporting Responding Approving

Lost LaptopChanges to

firewall rulesets

Upgrades to applications

Intrusion Alerting

Reg/Standard Coverage area

ISO 27001 A.13

PCI 12

EI3PA 12HIPAA 164.308a6iFISMA IR Series

Challenges in Logging and Monitoring Space

Challenges

• Long deployment cycles• Skills to manage the product(s)• Management of infrastructure• Disparate components – FIM, syslog etc.• 24X7X365 monitoring• Increased regulations• Reducing budgets (Do more with less)

ControlCase Solution

Learn more about continual compliance ….

Complianceas a Service

(Caas)

ControlCase Log Management Solution

•Agents are installed on each Workstation•Agents monitor File changes for the File Integrity Monitoring (FIM) requirement and also gather and transmit all logs relevant from a compliance perspective to the Log Collector/Sensor on our Appliance

• ControlCase appliance registers and tracks all agents in the field•The sensor/collector collects and compresses logs coming in from the various agents•The logs are finally transported securely to our SIEM console in our Security Operations Center (SOC)

•The SIEM console gathers all the logs, correlates them and identifies threats and anomalies as required by compliance regulations•SOC personnel monitor the SIEM console 24x7x365 and alert our clients and our Analyst teams about any potential issues

Customer Location Service Provider ControlCase SOC

Why Choose ControlCase?

• Global Reach

› Serving more than 400 clients in 40 countries and rapidly growing

• Certified Resources

› PCI DSS Qualified Security Assessor (QSA)

› QSA for Point-to-Point Encryption (QSA P2PE)

› Certified ASV vendor

› Certified ISO 27001 Assessment Department

› EI3PA Assessor

› HIPAA Assessor

Contact us for more information

• Visit www.controlcase.com

• Call +1 703 483 6383 (North America)

• Call +57 1 678 3716 (South America)

• Call +44 1276 686 048 (Europe)

• Call +971 4440 5958 (Middle East & Africa)

• Call +91 982 029 3399 (Asia Pacific)

• Email– contact@controlcase.com

Thank You for Your Time