Security and Auditing Operations Management for HIPAA, PCI, SOX and More
Many of our managed hosting customers have compliance needs and security requirements that go beyond the standard network and hardware monitoring, intrusion detection and prevention systems, managed firewalls and password policies.
For environments that must comply with HIPAA, PCI DSS, SOX, and other regulations that require access to security management and change auditing tools to help stay ahead of black hat practices and the expensive impact of unblocked or (even scarier) undetected breaches, SolarWinds Log and Event Manager is an attractive option.
SolarWinds LEM provides an easy to deploy unix-based virtual appliance that provides an all-in-one Security Information and Event Management (SIEM) system with fully customized reporting and a web-based dashboard. Besides its main functionality of collecting log and security data from many different servers, devices and applications, LEM can also take automatic action to protect your environment.
These actions are based on customized rules that help isolate and remediate any compromised systems or user accounts. SolarWinds LEM should be considered for any managed environment that must be in compliance and requires the ability to have eyes on specific environmental trends that may indicate vulnerabilities and compromised access.
SolarWinds Log & Event Manager Web Console
The SolarWinds Ops Center dashboard provides a completely customizable “widget gallery” so you can easily identify trends, node health and alerts in one place. By clicking on any of the graphs items, you are taken to the detailed monitor view for the item.
SolarWinds Log & Event Manager File Integrity Monitoring
File Integrity Monitoring or FIM features let you configure auditing on all changes, additions and deletions of files on one or more server file systems. For web applications like Sitecore and SharePoint, you can specifically monitor a web.config file and host file changes that may impact the desired functionality for example.
While SharePoint has some built in auditing tools for files stored in the database, it does not monitor server file system changes. LEM helps round out the scope of audit reports and reduces the risk of unidentified configuration changes and security threats at the operating system level.
SolarWinds Log & Event Manager Reports
Just like the Network performance monitor, LEM provides a console-based application with hundreds of pre-built reports that you can use and customize to generate on demand or scheduled reports on specific events, systems or users.
SolarWinds Log & Event Manager Alerting
You can quickly set up rules to alert system administrators on specific types of predefined events. The add rules wizard below walks you through a step by step process of creating alerts so your security teams are immediately notified of incidents.
If your environment has a specific compliance requirement, SolarWinds provides pre-grouped events to make alerting for compliance-specific events extremely easy.
Here are some examples of what events are included in the HIPAA compliance rule for monitoring and alerts.
SolarWinds Log & Event Manager Custom Rules and Automatic Actions
Having a deeper view of what is happening in the environment is great, but if actual security breaches or unauthorized changes occur in the system, your team still needs to take action to remediate the risk.
The delay in analyzing the issue and making changes can be very costly for your business. SolarWinds provides the custom rules and automatic actions feature to automate the isolation of compromised systems and user accounts which act as an intrusion detection and prevention system at the operating system level.
You can block IPs, disable all networking, kill processes, delete user accounts, and more!
Monitoring Domain Controllers, Firewalls and SQL Server
Some other great features of LEM out of the box are the ability to monitor active directory changes and failed login attempts. You now have an easy way to audit user permission changes, group association changes and potential brute force login attacks.
You can configure a connector to your firewalls to detect things like port scans, malformed packets, web traffic and other network events that may indicate an attack. All modern firewalls and networking gear are supported such as Cisco, Juniper, Check Point and more.
Not only can you monitor Active Directory and network devices, but you can also audit SQL Server! Interesting events such as failed login attempts or changes to tables and schemas can be monitored with the MSSQL Auditor feature of the LEM agent.
What are you waiting for? Protect your environment!
SolarWinds Log and Event Manager is a very powerful security and compliance operations and reporting system.
As security breaches and attacks are increasing on a daily basis, make sure your infrastructure systems are protected and your risk minimized. If you have security and compliance requirements for your sensitive data, make the investment to protect your business, customers and the bottom line.
Contact Fpweb.net to learn more before it’s too late!