Compliance
Organizations need to stay ahead of ever-evolving regulations, policies, and business risks while reducing time, errors, and costs with an analytics-driven, proactive approach to compliance. The correlation capabilities and content libraries included in Splunk Security Essentials and Splunk Enterprise Security let you access out-of-the-box insights into commonalities and anomalies, with a specific focus on security and compliance issues. These products help organizations move past reactive mode with:
- Real-time collection, search, monitoring and analysis of data for compliance in a centralized solution
- Fast report generation to meet collection and retention requirements for audit trails
- Identification of organizational gaps against regulations such as HIPAA, PCI, SOX and GDPR using machine data
- Automation of compliance tasks and mapping of customizable reports to compliance frameworks
What are the benefits of effective compliance?
Typically an organization gains long-lasting benefits to be compliant with most regulations applicable to Government and Industry standards. Their risk and compliance posture benefits through:
- Tracking events critical to the business. Stay ahead of compliance mandates with an analytics-driven approach to identifying risk and addressing gaps before they are called out.
- Evaluating the risk of data breach event for any of your processes. Quickly gain real-time risk posture and insights across all IT resources and security controls to measure compliance against common frameworks.
- Defining which events are considered the highest threats. Gain a real-time picture of the state of risk and deliver actionable alerts when compliance posture changes.
- Keeping records of security events. Track what happened, the exact timing, and how was it handled. Pass audits with minimal effort, regardless of mandate or regulatory framework.
What are compliance best practices?
Many customers have concerns over sensitive data being breached and resulting in the failure of compliance standards. Scenarios such as transmitting user credentials or credit card numbers across network environments that have tighter restrictions on data handling creates risk for the business. Often, sensitive information can make its way into log events without the business knowing and these logs get sent, which in turn exposes the information.
Splunk Security Essentials, Splunk Enterprise Security, and Splunk SOAR users have a variety of compliance-based content and playbooks no matter where they are in their customer journey. Utilizing analytics-driven content collections as a foundation to compliance helps businesses gain confidence that they are meeting compliance requirements, are able to protect their most sensitive data, and can establish repeatable proof they are doing so.
Common compliance frameworks
Some of the most common security compliance frameworks are:
GDPR
GDPR concerns all organizations that process personal data, with fines up to 20 million Euro, or 4 percent of the company turnover (whichever is higher). GDPR compliance covers a wide range of data security issues, including data protection, accountability, data processing, consent from subjects, and privacy.
The capabilities you'll need to ensure compliance with this framework are:
- Detecting malware
- Detecting brute force behavior
- Detecting and auditing geographic user authentications
PCI-DSS
PCI-DSS concerns financial organizations, with fines between $5,000 and $100,000 per month. Compliance is required by the contract for those handling and processing cardholder data. Whether you are a start-up or a global financial enterprise your business must always be compliant, and your compliance must be validated annually.
The capabilities you'll need to ensure compliance with this framework are:
- Detecting credit card numbers
- Detecting data exfiltration
- Detecting account takeover
HIPAA
HIPAA concerns healthcare organizations, with fines ranging from $100 to $50,000 per violation, with a maximum penalty of $1.5 million annually. Compliance covers standards for protected health information (PHI), and the HIPAA Security Rule established the national standards for electronic protected health information (e-PHI).
The capabilities you'll need to ensure compliance with this framework are:
- Ensuring connections are encrypted
- Detecting PII and PHI
NIST 800-53
NIST 800-53 concerns federal agencies and contractors. This critical standard provides a set of guidelines designed to make it easier for federal agencies and contractors to meet the requirements imposed by the Federal Information Security Management Act (FISMA).
The capabilities you'll need to ensure compliance with this framework are:
- Detecting anomalous account changes
- Detecting and auditing geographic user authentications
How does Splunk for Security help with compliance?
What compliance processes can I put in place?
- Analyzing AWS service action errors
- You want to use errors found in CloudTrail logs for alerting and proactive security hunting.
- Auditing with the Splunk App for PCI Compliance
- The Splunk App for PCI Compliance is designed to solve the challenges surrounding the PCI audit.
- Automating Know Your Customer continuous monitoring requirements
- Know Your Customer (KYC) standards require organizations to continuously monitoring their customers. Behavioral profiling can make compliance easy.
- Complying with the Markets in Financial Instruments Directive II
- Run these searches to help ensure compliance and identify any MiFID II violations so they can be investigated and prevented in the future.
- De-identifying PII consistently with hashing in Edge Processor
- How to de-identify PII, ensuring it remains useful for data analytics and business processes while reducing the risk of exposure and compliance breaches.
- Defining and detecting personally identifiable information (PII) in log data
- You need to be able to identify the types of PII that are meaningful to you, and provide feedback to your devs and ops teams on where it's turning up so they can secure it.
- Detecting non-privileged user accounts conducting privileged actions
- Detect all the actions taken by any individual with root or administrative privileges or when user non-privileged accounts attempt to conduct escalated actions.
- Detecting Personally Identifiable Information (PII) in log data for GDPR compliance
- Splunk ES provides threat management with a granular and centralized view of enterprise security - a need for organizations that need to ensure PCI DSS compliance.
- Detecting unencrypted web communications
- How to use Splunk software to find and correct unencrypted web communications.
- Identifying new Windows local admin accounts
- How to use Splunk software to find new Windows local admin accounts so that you can take action, if needed.
- Knowing your financial services customer
- "Know Your Customer" is an important financial services regulation to ensure controls, processes, and procedures are in place to identify bad actors and protect legitimate customers.
- Monitoring consumer bank accounts to maintain compliance
- Monitoring customer accounts also helps banks to adhere to compliance regulations.
- Monitoring NIST SP 800-53 rev5 control families
- You need to monitor the control families listed in NIST SP 800-53 rev5.
- Processing DMCA notices
- You want to use Splunk software to speed up the processing of DMCA notices.
- Recognizing improper use of system administration tools
- How to use Splunk software to examine Windows security logs for unusual authentication events and then investigate events taken by those logged-in users.
- Running common General Data Protection Regulation (GDPR) compliance searches
- How to set up searches to monitor GDPR compliance in Splunk, with tips and tricks from Splunk experts.
- Access to unencrypted resources
- Activity from expired user identity
- Device with outdated anti-malware
- Expected host not reporting events
- Geographically improbable access detected
- New connection to device
- Systems with the update service disabled
- Unauthorized access to Splunk indexes
- Unauthorized access to systems
- Unauthorized connection through firewall
- Using Cross-Region Disaster Recovery for OCC and DORA compliance
- Cross-Region Disaster Recovery is a service for Cloud Platform that ensures continuity during disasters by maintaining an environment replica in a different cloud service provider (CSP) region.
- Using Edge Processor to filter out cardholder data for PCI DSS compliance
- Ensure that all data ingested into Splunk Cloud Platform complies with PCI DSS regulations by filtering out data that should not be stored.
- Using Edge Processor to mask or truncate cardholder data for PCI DSS compliance
- Ensure that all data ingested into Splunk Cloud Platform complies with PCI DSS regulations by implementing data masking and truncation.
- Using Splunk Enterprise Security to ensure PCI compliance
- Splunk ES provides threat management with a granular and centralized view of enterprise security - an essential need for organizations that need to ensure PCI DSS compliance.
- Using the OT Security add-on for Splunk to ensure NERC CIP compliance
- CIP scorecards and reports included in the OT Security Add-On for Splunk help automate and streamline NERC CIP compliance activities.
- Using the Splunk App for PCI Compliance
- This article provides an introduction to the Splunk App for PCI Compliance, showing you how to use it to monitor and assess PCI DSS requirements while continuously validating technical security controls.