Skip to main content
Splunk Lantern

Compliance

Today's threats keep organizations on their toes. It's difficult to defend against changing daily cybersecurity attacks while meeting the evolving and complex demands of government and industry regulations. Implementing Splunk Enterprise Security best practices can assist organizations in providing a comprehensive view of compliance and risk by normalizing data across many disparate sources. Splunk Enterprise Security's correlation capabilities and vast content library means you can access out-of-the-box insights into commonalities and anomalies, with a specific focus on security and compliance issues.

What are the benefits of effective compliance? 

Typically an organization gains long-lasting benefits to be compliant with most regulations applicable to Government and Industry standards. Their risk and compliance posture benefits through:

  • Tracking events critical to the business. Stay ahead of compliance mandates with an analytics-driven approach to identifying risk and addressing gaps before they are called out.
  • Evaluating the risk of data breach event for any of your processes. Quickly gain real-time risk posture and insights across all IT resources and security controls to measure compliance against common frameworks.
  • Defining which events are considered the highest threats. Gain a real-time picture of the state of risk and deliver actionable alerts when compliance posture changes.
  • Keeping records of security events. Track what happened, the exact timing, and how was it handled. Pass audits with minimal effort, regardless of mandate or regulatory framework.

What are compliance best practices?

Many customers have concerns over sensitive data being breached and resulting in the failure of compliance standards. Scenarios such as transmitting user credentials or credit card numbers across network environments that have tighter restrictions on data handling creates risk for the business. Often, sensitive information can make its way into log events without the business knowing and these logs get sent, which in turn exposes the information.

Splunk Security Essentials offers Splunk Enterprise Security and Splunk SOAR users a variety of compliance based content and playbooks no matter where you are in your customer journey. Utilizing analytics-driven content collections as a foundation to compliance helps businesses to gain confidence they are meeting compliance requirements, are able to protect their most sensitive data, and establish repeatable proof they are doing so.

Common compliance frameworks

Some of the most common security compliance frameworks are:

GDPR concerns all organizations that process personal data, with fines up to 20 million Euro, or 4 percent of the company turnover (whichever is higher). GDPR compliance covers a wide range of data security issues, including data protection, accountability, data processing, consent from subjects, and privacy. 

The capabilities you'll need to ensure compliance with this framework are:

  • Detecting malware
  • Detecting brute force behavior
  • Detecting and auditing geographic user authentications

PCI-DSS concerns financial organizations, with fines between $5,000 and $100,000 per month. Compliance is required by the contract for those handling and processing cardholder data. Whether you are a start-up or a global financial enterprise your business must always be compliant, and your compliance must be validated annually.

The capabilities you'll need to ensure compliance with this framework are:

  • Detecting credit card numbers
  • Detecting data exfiltration
  • Detecting account takeover

HIPAA concerns healthcare organizations, with fines ranging from $100 to $50,000 per violation, with a maximum penalty of $1.5 million annually. Compliance covers standards for protected health information (PHI), and the HIPAA Security Rule established the national standards for electronic protected health information (e-PHI).

The capabilities you'll need to ensure compliance with this framework are:

  • Ensuring connections are encrypted
  • Detecting PII and PHI

NIST 800-53 concerns federal agencies and contractors. This critical standard provides a set of guidelines designed to make it easier for federal agencies and contractors to meet the requirements imposed by the Federal Information Security Management Act (FISMA).

The capabilities you'll need to ensure compliance with this framework are:

  • Detecting anomalous account changes
  • Detecting and auditing geographic user authentications

What compliance processes can I put in place?   

These resources will help you implement this guidance: