Security Information and Event Management. In summary, SIEM protects your organization from internal threats to your IT security with real-time aggregation and analysis of security log data across multiple network devices and applications. SIEM is far more valuable than traditional log archival tools and meets regulatory recommended best practices. By consolidating disparate system log messages across your network, sophisticated (but easily configured) rules correlate this information into understandable alerts and actions; an incredible volume of data is reduced to actionable “tickets” which are sent to users and trigger remediation of incidents.
Atris SIEM Service provides SIEM processing to support the operational needs of financial institutions. According to FFIEC IT guidelines, it is highly recommended log data be archived to a separate, isolated computer system and previously written data be protected from tampering/modification. Intruders will often attempt to conceal any unauthorized access by editing or deleting log files – Atris SIEM Service mitigates this risk by securely managing log data collection and normalization off-premise and fully secured.
GLBA & SOX Compliance.
Financial institutions are required to utilize security management processes to protect “non-public personal information” according to Gramm-Leach-Bliley Act (GLBA) regulations. Atris SIEM Service allows you to easily follow GLBA requirements with monitoring, alerting and reporting of insider threats to your confidential customer information.
Companies filing annual reports with the Securities Exchange Commission (SEC) must also comply with the requirements of the Sarbanes-Oxley (SOX) Act. Section 404 of SOX mandates internal control reports which outline management’s responsibilities for establishing and maintaining adequate internal controls, the framework used for evaluating the effectiveness of the company’s internal controls, and management’s assessment as to the effectiveness of the company’s internal controls. It is noteworthy that the regulations also mandate the company must disclose to the public any material weakness identified by management. Atris SIEM Service is a key component in your SOX compliance effort by providing effective oversight of your financial reporting controls.
Atris SIEM Service delivers audit reporting specific to the needs of GLBA and SOX compliance, including:
- Logon and Logoff Activity: User access to various systems are monitored and reported, not only for unauthorized access, but for unusual activity of authorized personnel.
- Failed Logon Activity: Access attempts resulting in a failed logon can serve as separate triggers for real-time alerts and reporting. All unsuccessful login attempts are correlated to include the username, date and time information.
- User Activity Reporting: Monitoring of individual activity, including access to a specific Directory or File and actions performed (Read, Write, Delete).
- Changes to Privileges Reporting: Report any changes to management access rights, such as increased privileges, modifying user accounts or adding/removing members from a user group.
- Access to Audit Logs Activity: Atris SIEM Services protects against audit log manipulation and provides automated, real-time monitoring of information system trace log data to generate alerts and reporting.
- System Event Changes Reporting: Monitor and report instances where local system processes have changed, such as system startup and shutdown, or edits attempted to scheduled processes.
Atris SIEM Service product sheet