MSPKART SIEM Service provides SIEM processing to support the operational needs of financial institutions. According to FFIEC IT guidelines, it is highly recommended log data be archived to a separate, isolated computer system and previously written data be protected from tampering/modification. Intruders will often attempt to conceal any unauthorized access by editing or deleting log files – MSPKART SIEM Service mitigates this risk by securely managing log data collection and normalization off-premise and fully secured.
- IBM QRADAR
- CA Enterprise Log Manager
- HP ArcSight
- Log Rhythm
- Any other SIEM Software
- Data aggregation: Log management aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.
- Correlation: Looks for common attributes, and links events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information. Correlation is typically a function of the Security Event Management portion of a full SIEM solution
- Alerting: the automated analysis of correlated events and production of alerts, to notify recipients of immediate issues. Alerting can be to a dashboard, or sent via third party channels such as email.
- Dashboards: Tools can take event data and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern.
- Compliance: Applications can be employed to automate the gathering of compliance data, producing reports that adapt to existing security, governance and auditing processes
- Retention: employing long-term storage of historical data to facilitate correlation of data over time, and to provide the retention necessary for compliance requirements. Long term log data retention is critical in forensic investigations as it is unlikely that discovery of a network breach will be at the time of the breach occurring.
- Forensic analysis: The ability to search across logs on different nodes and time periods based on specific criteria. This mitigates having to aggregate log information in your head or having to search through thousands and thousands of logs
GLBA & SOX Compliance:
Financial institutions are required to utilize security management processes to protect “non-public personal information” according to Gramm-Leach-Bliley Act (GLBA) regulations. MSPKART SIEM Service allows you to easily follow GLBA requirements with monitoring, alerting and reporting of insider threats to your confidential customer information.
Companies filing annual reports with the Securities Exchange Commission (SEC) must also comply with the requirements of the Sarbanes-Oxley (SOX) Act. Section 404 of SOX mandates internal control reports which outline management’s responsibilities for establishing and maintaining adequate internal controls, the framework used for evaluating the effectiveness of the company’s internal controls, and management’s assessment as to the effectiveness of the company’s internal controls. It is noteworthy that the regulations also mandate the company must disclose to the public any material weakness identified by management. MSPKART’s SIEM Service is a key component in your SOX compliance effort by providing effective oversight of your financial reporting controls.
MSPKART SIEM Service delivers audit reporting specific to the needs of GLBA and SOX compliance, including:
- Logon and Logoff Activity: User access to various systems are monitored and reported, not only for unauthorized access, but for unusual activity of authorized personnel.
- Failed Logon Activity: Access attempts resulting in a failed logon can serve as separate triggers for real-time alerts and reporting. All unsuccessful login attempts are correlated to include the username, date and time information.
- User Activity Reporting: Monitoring of individual activity, including access to a specific Directory or File and actions performed (Read, Write, Delete).
- Changes to Privileges Reporting: Report any changes to management access rights, such as increased privileges, modifying user accounts or adding/removing members from a user group.
- Access to Audit Logs Activity: SIEM Services protects against audit log manipulation and provides automated, real-time monitoring of information system trace log data to generate alerts and reporting.
- System Event Changes Reporting: Monitor and report instances where local system processes have changed, such as system startup and shutdown, or edits attempted to schedule processes.
- Software Licenses and subscriptions are not included with the cost.
- Duration would be 6 weeks and limited to one Management console and 2 log controller and 50 agents. Any additional scope would be an extra cost.
- Travel Expenses would be extra during the architecture phase which would be 2 weeks.
- This scope is limited to implementation only in India and Please contact us SALES for SIEM projects outside India.