Security Kung Fu: Security vs. Compliance
The Security Kung Fu Series was created as both a thought leadership and awareness campaign which ran from Q1 – Q2 2017. It was meant to educate attendees on the internal and external threats businesses face, and the compliance challenges many must endure. It also served to highlight the need for an array of software solutions from the SolarWinds Core IT Security Portfolio which can assist with these concerns. A primary focus of the event was SolarWinds® Log & Event Manager which can contribute to greater IT security and assist businesses in meeting and maintaining compliance with a variety of compliance regimes. Part 4: Security vs. Compliance As our repeat attendees found out, for many of these webcasts we spent at least a small portion of time discussing how each topic we covered transcends the goal of improving IT security to impact compliance as well. In this session, we took a deeper look at what is driving this point and discussed the “Two Schools of Thought” which are guiding IT decision making – Security vs. Compliance. If you are interested in learning about the impact of this campaign, please visit my LinkedIn Profile for more details or feel free to reach out to me directly over LinkedIn. Other Security Kung Fu Events: Part 1: SIEM Solutions | http://bit.ly/2qkwVWh Part 2: Firewall Logs | http://bit.ly/2ql3l2A Part 3: Active Directory Changes | http://bit.ly/2s5kFFc Acknowledgements I’d like to thank the following individuals for assisting me in the execution of this campaign: Justina Lister, Angeline Kelly, Jamie Hynds, Ian Trump, Destiny Bertucci, Curtis Ingram, Chris Wiley, Ren Penaflor, Allie Eby, Ann Guidry, Rainy Schermerhorn, Kirsten Tanges, Damon Garcia
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Security Kung Fu: Security vs. Compliance
Similar to Security Kung Fu: Security vs. Compliance (20)
Recently uploaded
Recently uploaded (20)
Security Kung Fu: Security vs. Compliance
- 2. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. INTRODUCTION The Security Kung Fu Series is a four-part series intended to guide you in the mastery of the art of Security Kung Fu. As we embarked on creating this series, we always knew that in the back of everyone’s minds were a couple of curious thoughts: Why “Kung Fu?” And, “what does martial arts have to do with how I protect my network?” Well, “Kung Fu” is a Chinese term referring to any study, learning, or practice that requires patience, energy, hard work, discipline and time to complete. So, really, it’s not just martial arts. Perhaps, by this definition, you’re starting to see the parallels we see with IT security, and the vital roles many of you play within your respective organizations. For on demand access to each recording of the series visit the Security Kung Fu Series Page. 2
- 3. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Security Kung Fu Series 3 SIEM Solutions AD ChangesFirewall Logs Security vs. Compliance
- 4. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Agenda 4 • Respect your Security Kung Fu Masters • Compliance overview • Repercussions of noncompliance • Don’t just check the box • Security vs. Compliance • SolarWinds Solutions Overview • How SolarWinds® Log & Event Manager (LEM) can contribute to compliance • Q&A
- 5. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Security Kung Fu Masters 5 Destiny Bertucci Head Geek™ SolarWinds Jamie Hynds Sr. Product Manager - Security SolarWinds
- 6. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. THE CYBER SECURITY CLIMATE
- 7. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Compliance Overview • PCI DSS (Payment Card Industry Data Security Standard) – applies to any organization that accepts credit cards for payment https://www.pcisecuritystandards.org/ • HIPAA (The Health Insurance Portability and Accountability Act of 1996) – applies to healthcare-related businesses deemed either covered entities or business associates by law https://www.hhs.gov/hipaa/ • SOX (Sarbanes-Oxley Act) – applies to publicly traded U.S. companies, and international companies traded publicly in the U.S. https://www.sec.gov/about/laws/soa2002.pdf • GLBA (Gramm-Leach-Bliley Act) – applies to companies that offer consumer financial products or services https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act
- 8. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. The Repercussions of Non-Compliance Non-compliance can be costly in more ways than one—whether directly or indirectly. Organizations that are found to be non-compliant can face serious consequences, including: • Hefty fines • Criminal penalties • Data breaches/loss/theft • Lawsuits • Brand damage • Loss of customer loyalty
- 9. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Don’t just check a box Don’t • IT compliance shouldn’t be the bare minimum you can get away with to satisfy the auditors! DO! • IT compliance should be seen as an opportunity to ensure the right controls are in place to actually keep your network and sensitive data secure.
- 10. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Security vs. Compliance ≠ COMPLIANT SECURE
- 11. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. SolarWinds Security Portfolio Log & Event Manager (LEM) Patch Manager Network Configuration Manager (NCM) User Device Tracker (UDT) Serv-U MFT Server Serv-U FTP Server Powerful, affordable, and easy-to-use solutions to help to make everything in IT more secure.
- 12. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. How SolarWinds LEM Can Contribute to Compliance • Create a centralized view of your IT infrastructure • Collect, normalize, and analyze log data and perform real-time, in-memory event correlation • Automatically respond to IT issues, compliance violations, and security threats • Generate compliance reports and provide detailed audit information
- 13. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. SOLARWINDS LOG & EVENT MANAGER SolarWinds® Log & Event Manager is an affordable SIEM solution that helps you detect and respond to security threats. • Real-time event correlation for instantaneous detection of malicious and suspicious activity • Automated remediation and advanced search for forensic analysis and troubleshooting • Out-of-the-box compliance rules and reports for HIPAA, PCI, SOX, FISMA, and may more. Download Free Trial | Learn More
- 14. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. SOLARWINDS SECURITY PORTFOLIO SolarWinds® Log & Event Manager Download Free Trial | Learn More SolarWinds® Patch Manager Download Free Trial | Learn More SolarWinds® Network Configuration Manager Download Free Trial | Learn More Serv-U® MFT Server Download Free Trial | Learn More
- 16. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.