30 Days of IT Compliance Q&A #9: How Do You Monitor External Connections?

This is a question that you may hear during a typical compliance audit. This question applies to many types of IT audits: PCI DSS, HIPAA, SOX, ISO, FERC, NERC, and more.

Why the auditor is asking this question: 

Properly monitoring your network perimeter is a fundamental approach to network monitoring and security. If only network connection is to be monitored then that should be the perimeter as this is where your ingress and egress traffic points are along with exposed services such as business applications like e-commerce, email and extranets. Without monitoring these external connections or remote working VPNs, you cannot properly manage the security of the network and the risk the organisation is exposed to.

How to answer this question:

Monitoring remote connections such as Internet connections, remote site network connections and remote working helps fulfill management of the network security and compliance requirements. But how can this be achieved? With a single external connection you may be able to perform some fundamental monitoring using tools that came with you firewall or gateway. However, in practice these tools rarely have the capability to allow for reporting and trending of information over any reasonable period of time, say the last month. The sometimes very limited reporting they provide is unlikely to be sufficient for audit requirements, further they do not tend to have any real time alerting or anomaly detection that could detect events such as VPN logins from different countries within a few hours.

A better solution is to use long-term reporting found in log management products, and real-time alerting and log management found in Security Information Event Management (SIEM) solutions. This will enable you to have timely access to your audit information so that it can be presented in such a manner that value can be extracted for the auditor. The example below is from a custom dashboard within AccelOps that is showing VPN logons and firewall traffic, presenting similar dashboards and reports to an auditor will provide evidence of in depth monitoring.

 

Let us show you how the AccelOps dashboard can provide you with long-term reporting, real-time alerting, and log management all in a single product. Request a live demo here.

Authors


Marta Stone


Marta Stone


Marta Stone


Marta Stone


Marta Stone


Marta Stone


Marta Stone


Marta Stone


Marta Stone


Marta Stone


Marta Stone


Marta Stone


Marta Stone

Try AccelOps FREE for 30 Days

 

Get a Live Product Demo

 

Tags

cloud
security
big data
RSA
analytics
compliance
Q&A
PCI DSS
HIPAA
Sarbanes Oxley (SOX)
Target breach

About Accelops

AccelOps provides the leading IT operations analytics platform for the modern data center. The virtual appliance software monitors security, performance and compliance in cloud and virtualized infrastructures – all from a single screen.

 

AccelOps automatically discovers, analyzes and automates IT issues in machine and big data across organizations’ data centers and cloud resources, spanning servers, storage, networks, security, applications and users. AccelOps’ patented analytics engine with cross-correlation and statistical anomaly detection sends real-time alerts when deviations occur that indicate a security or performance-impacting event.

 

The AccelOps platform scales seamlessly and provides unmatched delivery of proactive security and operational intelligence, allowing organizations to be more responsive and competitive as they expand their IT capabilities. 

Keep Social

twitter
facebook
linkedin