• Sales: (888) 204-0822 | Office (954) 935-8800

SOLUTION OVERVIEW

ALERT LOGIC® FOR SOX COMPLIANCE

INTRODUCTION

The Sarbanes-Oxley Act (SOX) came into force in July 2002 and introduced major changes to the regulation of corporate governance and financial practice. By mandating the requirements for reliability and usefulness of financial reporting, SOX is designed to renew investor’s trust and understanding of public corporation financial reporting.

The SOX Act provides specific details on IT and IT security including any computers, network hardware, and other electronic equipment that financial data passes through. The Act helps to ensure that proper controls are in place to prevent data breaches, prevent unauthorized users from viewing sensitive financial information and have tools ready to remediate incidents should they occur.

An independent external SOX auditor is required to review controls, policies, and procedures during a Section 404 audit and the audit requires all financial reports to include an Internal Controls Report. This shows that a company’s financial data are accurate (within 5% variance) and adequate controls are in place to safeguard financial data.

SOX auditing requires that “internal controls and procedures” can be audited using a control framework like COBIT. Log collection and monitoring systems must provide an audit trail of all access and activity to sensitive business information.

ALERT LOGIC SOLUTIONS

Using Alert Logic solutions, companies can implement a broad range of regulatory and industry security standards (such as SOC 2, PCI DSS, HIPAA, SOX, and GDPR) with less complexity, and at a fraction of the total cost and time of traditional security tools. Alert Logic integrates cloud-based software, analytics and expert services to assess, detect and block threats to applications and cloud environments to improve your security visibility and compliance programs. We focus on the threats most relevant to cloudhosted applications by defending each layer of your application and infrastructure stack against hard-to-detect web application attacks. Integrated expert services augment your in-house security team by

monitoring your cloud workloads and environment 24/7. Analyst investigate alerts and contact you within 15 minutes if we detect suspicious activity such as: unauthorized access, exposur or modification of accounts, controls or configurations.

REDUCE YOUR RISK of attacks with continuous vulnerability scanning and configuration inspection of your applications and cloud environments.

QUICKLY RESPOND TO ATTACKS and post-breach activities with distributed IDS sensors that provide full-packet inspection and real-time alerts.

PROTECT CUSTOMER DATA from network and OWASP Top 10 attacks with web application scanning and web application firewall technologies.

PREPARE FOR AUDITS, ANYTIME with the event and log data you need for automated alerts, audit trails and easy access for reporting and audits, stored in our secure SSAE 16 Type 2 audited data centers for as long as you need.

Alert Logic maintains strict compliance with internal and external regulatory requirements for our IT operations and services, including: PCI DSS 3.2 Level 2 Audit, AICPA SOC 1 & 2 Audit, and ISO 27001-2013 certification for UK Operations.

FREE UP RESOURCES with ActiveWatch™ experts for daily log reviews and 24/7 event and threat monitoring.

ALERT LOGIC SOX SOLUTIONS MAPPING

The integrated services that make up Alert Logic® address a broad range of SOX requirements to help you prevent incidents that threaten the security, availability, integrity and privacy of financial and customer data.

SOX 404 ALERT LOGIC ESSENTIALS ALERT LOGIC PROFESSIONAL ALERT LOGIC ENTERPRISE
DS 5.9 – Malicious Software Prevention, Detection and Correction
DS 5.5 – Security Testing, Surveillance and Monitoring
DS 5.6 – Security Incident Definition
DS 13.3 – IT Infrastructure Monitoring
AI3.2 – Infrastructure resource protection and availability
ALERT LOGIC SOX 404
Alert Logic Essentials
Vulnerability & Asset Visibility
– Asset discovery
– Vulnerability scanning
– Cloud configuration checks
– Extended Endpoint protection
– Threat Risk Index
– Compliance scanning and reporting
DS 5.9 – Malicious Software Prevention, Detection and Correction
Alert Logic Professional Includes Essentials
24/7 Managed Threat Detection and Incident Management
– 24/7 Incident Monitoring & Management
– Security Analytics & Threat Intelligence
– Log Collection and Monitoring
– Intrusion Detection
– Security Event Insights and Analysis
– Office 365 Log Collection & Search
– Cloud Vendor Security Integrations
– AWS User Behavior Anomaly Detection
– Anti-Virus Integration
DS 5.5 – Security Testing, Surveillance and Monitoring
DS 5.6 – Security Incident Definition
DS 13.3 – IT Infrastructure Monitoring
Alert Logic Enterprise Includes Professional
Managed Web Application Firewall and Assigned SOC Analyst
with Threat Hunting
– Always-on Managed WAF Defense
– Assigned SOC Analyst
– Controlled Threat Hunting
– Dark Web Scanning
AI3.2 – Infrastructure resource protection and availability

DEMONSTRATE SOX COMPLIANCE PREPAREDNESS

Alert Logic ingests AV logs and analyzes them to provide key insights for alerting and Security Operations Center (SOC) support, such as:

DETECTION OF KNOWN HACK TOOLS such as pwdump, wincred, and mimikatz whose presence is highly correlated with malicious post-compromise activity.

DETECTION OF WRITING TO PRIVILEGED LOCATIONS ON THE LOCAL SYSTEM, which is indicative of a user or malware with administrative privileges – often a later stage action in the attack cycle.

MONITOR THE INFRASTRUCTURE FOR SECURITY-RELATED EVENTS

Alert Logic provides Interactive reports that provide convenient access to analysis, statistics, and trending data. The Incident Analysis report group provide valuable insights and trending data for incidents.

INCIDENT DAILY DIGESTThreat status of your infrastructure from incidents detected on the previous day for the selected detection types.

INCIDENT DAILY DIGEST TRENDSHistogram chart that allows you to focus on how your threat landscape of detected incidents has evolved within the specified date range.