Resources
|
eIQnetworks Ensures Compliance and More for Health and Human Services Company through Unified Situational Awareness SecureVue from eIQnetworks delivers an unparalleled view into security and compliance - all from a single, unified enterprise console. |
|
ChallengeA leading health and human services administrator for government agencies needed a compliance automation solution that would ensure meeting stringent regulatory requirements including state privacy laws, the U.S.-based Sarbanes-Oxley (SOX) regulation and others. Because of these mandates, firewall logs and system logs needed to be reviewed on a continuous basis. The organization maintained many in-house log aggregator-type solutions, including some readily available tools that provide data collection; however they were missing a critical component to their compliance procedures – there was no correlation or analysis of the data being collected. Based on an internal audit, it was determined that compliance issues, specifically log correlation, needed to be addressed immediately. After an initial review of various security information and event management (SIEM) solutions, they determined they needed more than what SIEM capabilities allow. An extensive evaluation process followed involving the review of products from ArcSight, RSA and eIQnetworks. In the end, they selected SecureVue®, the unified situational awareness platform from eIQnetworks, to meet their compliance requirements, but actually got a whole lot more. Solution
The organization wanted a solution that delivered industry best practices for security monitoring, captured future compliance trends and had automated government, risk and compliance (GRC) functionality. The director of internal audit and compliance at the company had extensive experience in the field, was familiar with eIQnetworks from a previous MSSP company and understood their requirements. He also knew they didn’t want – or need multiple SIEM solutions to try to get the job done, since this would have resulted in tremendous hardware, software license and maintenance costs, and training expenditures. Initially, patching various SIEM solutions together seemed like the less expensive route, but ultimately, it would have been detrimental. “There are a myriad of compliance mandates, internal policies and industry regulations that we needed to meet. We knew we couldn’t get the job done with various SIEMs. These solutions may initially seem less expensive, but ultimately, we gained much better ROI by purchasing the solution that gets the job done through advanced analytics with GRC.” Why eIQ’s SecureVue? The company points to multiple reasons for selecting SecureVue, but one of the primary drivers was its ability to do software inventory analysis through asset and configuration collection. Additionally, its ability to check CIS benchmarks against their infrastructure through the click of a button was also key. SecureVue provides comprehensive configuration auditing across hosts, network and security devices, applications and databases to help organizations implement prescriptive configuration standards such as CIS benchmarks, DISA STIGs and customized minimum security requirements (MSRs). This helps improve overall security and proactively identify misconfigured systems, policy violations and unauthorized changes across the enterprise. The company licensed eIQ’s SecureVue for 650 nodes. The director of internal audit and compliance further commented, “The deployment of SecureVue is literally minutes when your IT environment is built on a standard architecture. The product is self-explanatory and very easy-to-use. We had a few questions, but our experience with eIQ’s technical support was top notch, and when we needed them, answers were instantaneous.”
SecureVue was purchased primarily for log correlation, but once the company had a chance to use and experience the platform, the power of many more capabilities were realized. The company has found ForensicVue to be a very valuable tool when they have unexplained issues on the network or don’t know what’s happening with a particular system. An integrated, out-of-box component of SecureVue, ForensicVue is a forensic search engine that provides enterprise security analysts with the ability to search every piece of security data – comprising hundreds of millions of records - on their network. It enables them to investigate complex security incidents in minutes or seconds, getting to the root cause of incidents up to 50% faster than any other product on the market. Although not initially familiar with SecureVue’s network behavioral analysis (NBA) capability, it has become a very valuable tool within their environment. NBA allows monitoring of current and historical network, user and application usage as well as alert on anomalous network traffic to detect outbreaks. This functionality has also become a valuable tool for utilization billing back to internal clients. “We didn’t think we would use all of the capabilities of SecureVue, but once we had the opportunity to understand the full functionality of the platform, many of them have become very valuable. With ForensicVue, we are much stronger from an analytical standpoint because we can see everything that has happened in our environment as opposed to looking at single, individual event logs. We have a much broader view of our environment via SecureVue’s console, and that’s powerful stuff.” One of SecureVue’s biggest assets is its single console that delivers an in-depth view of its threat, compliance and risk posture – all from a single pane of glass. But with so many locations, making the information available to IT personnel needed to be carefully determined and allocated. Since the organization didn’t want to open the firewall to so many networks and personnel, they chose to use SecureVue’s distributed reporting functionality to provide critical information to key stakeholders across their global network. Security executives find the distributed reports extremely intuitive and very valuable, alleviating the need to log in to the system on a daily basis to investigate. BenefitsUltimately, compliance was the chief motive for implementing SecureVue, but obtaining a continuous awareness of their IT network – including both compliance and security posture - has become their most valuable tool. SecureVue delivers the following benefits:
The company has reduced total cost of security and compliance operations by minimizing the need for point products as well as improving compliance and security operations. SummaryThe industry’s only security and compliance platform for unified situational awareness, SecureVue delivers unsurpassed real-time visibility and analytics as well as a unique proactive capability to cross-correlate all security and compliance data. SecureVue is a highly scalable platform that collects, analyzes, correlates and reports on far more security and compliance data than the log-only approach of SIEM. And, it works with investments already made in security and compliance technologies, reporting all data, even from existing solutions already in place – allowing organizations to gain a complete understanding of what’s going on in their environment. The director of internal audit and compliance further commented, “There were multiple drivers for selecting eIQ’s SecureVue, but its automated GRC (government, risk and compliance) capabilities tipped the scale for us. In the end, SecureVue delivers the continuous compliance automation that keeps us in check. Its forensic analysis capabilities, helping us to proactively protect against cyber attacks and other threats, have been the big bonus.” For more information on SecureVue, visit: http://www.eiqnetworks.com. Want to know how SecureVue from eIQnetworks can help you address compliance, security monitoring requirements, and so much more? Contact us at+1 877.564.7787 or email sales@eIQnetworks.com to learn more.
|
|
