SIEM and Compliance

The first generation of SIEM systems was born back in the ’90s, in the XXth century. Primarily they were designed to monitor compliance with the new legal regulations emitted by governments like HIPAA, Sarbanes Oxley, and mainly The Payment Card Industry Data Security Standard (PCI DSS). The organizations needed to find a way to comply with the new requirements:  ensure the confidentiality, integrity, and availability of all electronic information they created, received, maintained, or transmitted, and identify the threats to the security and protect the integrity of the data. The SIEMs made that possible to implement the collection and analysis of all data generated by an organization.

The Log files analysis provided reports about non-compliance activities and policy violations; these reports showed how effective was the management of the information held by an entity.  Luckily the SIEM system evolved and added other tools to monitor the network, discover assets, detect threats, and assess the vulnerabilities. However, compliance reports are still vital, and the newly added tools help reach that goal.

Nowadays, the SIEM solutions in the Market like UTMSTACK® supply compliance with a multitude of regulations based on industry standards such as GDPR, HIPAA, ISO 27001, PCI DSS, SOC 2. UTMSTACK® is a full suite of monitoring, analysis, and reporting tools that ensure the security controls’ effectiveness. It delivers a comprehensive compliance report through which the organizations have the documentation suited to satisfy auditors’ demands, demonstrating their system management’s efficacy.

An essential aspect that any entity must consider before adopt SIEM software is the organization framework: size, complexity, environment, and purposes. They need to identify how the SIEM will help to reach their goals. UTMSTACK® is a solution adjustable to the organization’s requirements, reduces costs, and improves efficiency. For example, the PCI DSS certification requirement for any business that processes credit or debit card transactions. The bigger the annual number of transactions, the harder to get the compliance divided into four levels according to the volume of transactions. The classification level determines what an enterprise needs to do to remain compliant. To comply with level one, an enterprise must undergo an internal audit once a year; on the other side the level four only requires a yearly vulnerability assessment without audits. It means that the smaller organizations should focus on controlling specific log files, taking into account their limited resources. Unlike PCI DSS, which has very rigid requirements, SOC 2 is an auditing procedure that ensures that the service providers securely manage data to protect the interests of an organization and its clients’ privacy. The reports are unique to each organization, which designs its controls to comply with one or more requirements.

SOC 2 defines five norms for managing customer data: security, availability, processing integrity, confidentiality, and privacy. UTMSTACK® utilizes tools like Network and Host IDS, Threat Detection, and Vulnerability Assessment to contribute to achieving the SOC 2 certification, which outside auditors issue. Similarly, the General Data Protection Regulation (GDPR) is applied to organizations that collect or process data from European residents or have a residence in the UE. If an organization sells products or services, has facilities, or runs an EU website, the GDPR is applied. The non-compliance with the GDPR might be penalized with up to 20 million euros or four percent of the annual incomes. The Organizations shall report to the regulatory Authorities within 72 Hours after a security infraction has been detected. UTMSTACK automates the security, implementing an Intruder detection System capable of detecting an infraction as soon as it occurs and creating customized reports of all the alerts, breaches, and vulnerabilities.