Call a Specialist Today! 800-886-5369

Regulatory & Industry Compliance

Many organizations continue to struggle with regulatory compliance requirements such as PCI DSS, SOX, HIPAA and others. Industry regulations, federal regulations and privacy acts require implementation of audit and security controls to protect regulated data. The implementation of these controls presents a complex IT challenge and is a costly barrier to achieving compliance. The primary controls are:

An efficient implementation of these controls requires taking into consideration the network topology, application requirements and the specific aspects of data platforms like databases and file systems.

Key Drivers


Sensitive Data Access Auditing

Regulations requiring auditing of user access to sensitive data demand that an audit trail detailing data access events be available to support data breach investigations. Different regulations require auditing different events, for example:

Efficient audit solutions provide granular audit policies, automate the audit process, centrally manage audits across heterogeneous data systems, and scale to meet deployment requirements.

Privileged User Monitoring

Privileged user monitoring poses a specific audit and security challenge as these users require unrestricted access to perform their job. Most often, privileged activity is performed directly on data systems, thus it is not visible outside of the system itself. One of the biggest concerns around privileged user monitoring is separation of duties: privileged users should not have rights over the monitoring solution as they may use these rights to conceal irregular activities.

Development and Maintenance of Secure Web Applications

PCI DSS requirement 6 focuses on the establishment of controls that minimize the exposure to security vulnerabilities in systems and software. It specifies requirements for software patching, vulnerability identification, secure software development, change controls, and attack protection. While some of the requirements are relatively straightforward and easy to implement, the Web application, database and file security requirements present significant technical and business challenges.

Related Products:


Database Security
Product Name: Capabilities:
SecureSphere Database Activity Monitoring
or
SecureSphere Database Firewall
  • Compliance with database audit and security requirements mandated by:
    • PCI DSS
    • SOX
    • HIPAA
    • Other regulations
  • Audit all access to sensitive data
  • Monitor all privileged users and privileged activities
  • Maintain secure databases through vulnerability management, virtual patching and blocking database attacks
SecureSphere Discovery and Assessment Server
  • Discover newly created databases and database objects in scope for audit and security projects
  • Maintain secure databases through vulnerability and patch management
User Rights Management for Databases
  • Address PCI 7 and 8.5 which require management of user access rights based on business need to know

File Security
Product Name: Capabilities:
SecureSphere File Activity Monitoring
or
SecureSphere File Firewall
  • Compliance with database audit and security requirements mandated by:
    • PCI DSS
    • SOX
    • HIPAA
    • Other regulations
  • Audit all access to sensitive data
  • Maintain secure files by blocking unauthorized access
User Rights Management for Files
  • Address PCI 7 and 8.5 which require management of user access rights based on business need to know

Web Security
Product Name: Capabilities:
SecureSphere Web Application Firewall
  • Maintenance of Secure Applications (PCI requirement 6)