Reliance Compliance Services

RTS supports a variety of compliance efforts, with hundreds of prebuilt compliance reports included at no additional cost. In addition, every compliance report is paired with a real-time compliance dashboard, consolidating your regulatory compliance requirements with your daily security operations in order to maximum efficiency—and avoid surprises during an audit.

RTS also helps meet the requirements of  HIPAA, SOX, ISO and others by enhancing your visibility into data access, data usage, and user identities and roles, and applying this context to your security events and device logs. This provides human-readable information, correctly formatted and organized—reports that are as easy for your auditor to use as they were for you to generate.

Compliance Practices

     HIPPA

    SOX 

    ISO

HIPPA

Privacy and security are tightly intertwined so treating privacy monitoring and security information management separately is inefficient and exploitable by insiders and outside threats. Privacy officers and security officers are both mandated by the same regulations and have a stake in ensuring patient privacy and integrity of systems. Yet they lack a common set of tools to identify and isolate threats and have no way to correlate clinical application events with IT infrastructure events. Their teams aren't able to share information or collaborate effectively and they often waste time and resources working on the same problems in parallel.

The compliance landscape for healthcare organizations has changed significantly since the passage of the legislation creating HIPAA in 1996, and the subsequent introduction of the HIPAA Security and Privacy Rules. In 2009, the passage of the HI-TECH Act as a part of the American Recovery and Reinvestment Act of 2009 (ARRA) ushered in changes in what kinds of organizations are considered covered entities, and changes in scope for compliance requirements for healthcare organizations. In addition, regulators tasked with enforcing the requirements of HIPAA and HITECH have become more aggressive in audits of healthcare organizations.

Under HIPAA, the federal government developed privacy principles (the Privacy Rule) and security guidelines (the Security Rule) for healthcare patients, healthcare organizations, and service providers ("entities"). The HIPAA Privacy Rule introduced the concept of protected healthcare information (PHI), and electronic PHI (ePHI), while the HIPAA Security Rule de- fines the controls and safeguards (described in Standards and Specifications) which are required in order to guard against unauthorized use and modification of ePHI.

The HIPAA Security Rule instructs the healthcare entity to build its information security around four General Rules, constructed from eighteen Standards and forty-two Specifications. Rules are based on Standards, and Standards are based on Specifications (also known as Safeguards), which may be Administrative, Physical or Technical.

The Security Rule requires the healthcare entity to implement all Standards and Specifications including "Required" and "Addressable" Specifications, unless the Addressable Specifications are not "reasonable" and "appropriate". In the overview chart below, Required Specifications are noted below with an (R), Addressable Specifications with an (A).

By integrating privacy monitoring and SIEM systems healthcare providers can address application security and IT infrastructure security in a unified fashion. With an integrated solution privacy officers and security officers can:

Improve communications and collaboration

Eliminate duplication of efforts

Identify & contain threats more quickly and efficiently

Recognize and remedy security gaps and business process deficiencies

Improve compliance with government regulations

RTS monitors and logs all access to sensitive information, and can use that information to detect risks and threats to the confidentiality and privacy of electronic medical records.  In addition, RTS fully supports Fair Warning Privacy Solution, allowing for advanced correlation of users, privileges, patients, and policies in order to detect privacy breaches.  Privacy alerts from FairWarning can then be correlated against other network, user and application security events to provide improved risk management.

The result is improved visibility into the security, access, and use of patient records that allow RTS to produce pertinent HIPAA compliance reports, using the included HIPAA report templates.  In addition, RTS directly satisfies several HIPAA requirements, including:

164.306 (1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits.

164.306 (2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.

164.306 (3) Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under subpart E of this part.

164.308 Administrative (1)(i) Standard: Security management process

164.308 Administrative (4)(ii) (a) Standard: Information access management

164.312 (a) (1) Technical Standard: Access control

164.312 (b) Technical Standard: Audit controls

164.312 (e) (1) Technical Standard: Transmission security

RTS can also facilitate the establishment and evaluation of the policies and procedures required by 164.306, 164.308, 164.312 and other HIPAA standards,  by making the correct information easily accessible for documentation and review

Sarbanes-Oxley

RTS provides a more comprehensive solution to Sarbanes-Oxley compliance by supplementing log management with direct monitoring of stored data, as well as inspecting all application traffic to detect data in motion. The result is a unified solution that address the primary event monitoring and review challenges of Sarbanes-Oxley. This is because RTS provides deeper visibility into your compliance activity than any other SIEM, while also providing real-time, operational tools to quickly detect, react and resolve incidents.

Stay ahead of compliance violations before they can impact your business

Automatically baseline all activity and generate exception reports

Sustain compliance with real time compliance dashboards to monitor, measure, and inform

Sarbanes-Oxley requires internal control structures and procedures that can be audited using control frameworks like COBIT. Auditing industry best practices are that centralized log collection and monitoring systems are the most effective solution to meeting this requirement. However, logs often don't contain the level of detail required to address the real concerns of SOX, which requires an audit trail of all access and activity to sensitive information as it relates to business operations. RTS's content awareness takes compliance to a new level by providing the required user, network, application, and policy contexts.

Assess and proactively mitigate vulnerability

Monitor all activity, including database access, transaction, and even the contents of emails and other applications

Correlate Identities, roles, and policies against observed activity

Prioritize the most critical events so that they can be addressed quickly and efficiently

302, 404 — The ability to reconstruct what actually happened to specific data, including time sequences for processing and related activities.

RTS Guard Database Activity Manager (DBM) provides protected audit trails of all database activity, including that of privileged users. RTS ESM performs data analytics for database activity (as detected by RTS DBM), as well as user and system activity seen elsewhere in network, server logs, and other events.

304, 306, 308 — Monitor login failures to financial data-sources, and monitor activity by user when logins are successful, provide reports of account activity including new and disabled accounts.

RTS DBM monitors these critical data-sources directly either via an agent or network-based appliance. All user activity, account creation, authentication, and database activity performed on the database is logged for reporting and auditing purposes, an events are generated for further correlation and analysis. of this activity.

RTS ESM provides the ability to correlate all database activity events, network activity events, and security events — providing reports for Admin Access to Financial Systems, Login Failures, and related activity both before Login (network activity) ad after login (database activity).

404, 409 — Create and monitor controls of systems that can impact the ability to faithfully report financial status.

RTS provides extensive attack alert and audit trail storage. Can be used to cross-reference observed behavior during forensic analysis. Combined with RTS DBM database activity monitoring, RTS is able to monitor both the network and the database itself, clearly indicating when financial systems are compromised, as well as who compromised the system, when, and in many cases how.

404, 409, 802 — Continuous monitoring of database activity, especially high risk activities including privileged user behavior, direct access to sensitive data stores, user privilege escalation, failed login and failed database operations.

RTS DBM provides database access monitoring — either host-based on as a non-intrusive network appliance. RTS DBM includes secure "audit the auditor" capabilities to ensure accurate detection and logging of privileged user behavior, account changes, schema changes, database table access, etc.

RTS ESM performs real-time monitoring, logging, and auditing of user activity., based upon RTS DBM events as well as additional data collected from security devices, logs, and the network itself. Using Policy based access, the data collected in the RTS system is not accessible to the users being monitored and therefore provides a clear demarcation to sensitive data.

409 — Reporting.

ISO

ISO 17799, Section A.9 — Monitor and report on foreign domain activity and password events (i.e., activity across the trusted network perimeter)

RTS Enterprise Security Manager (ESM) provides correlation and reporting of foreign domain activity (from firewalls, IPS, network activity, and server logs) and password events (from server logs).

RTSGuard Database Activity Manager (DBM) provides core password event monitoring, at the database itself. This data may be used alone, or with RTS ESM for correlation and analysis.

ISO 17799, Section A.10 — Control of operational software, system test data, etc.

RTS DBM provides continuous monitoring of critical system files, database tables, and software to ensure their integrity. The DBM is able to track user & administrator sessions, detect out-of-process database changes, policy violations & anomalies, and ensure that required operational processes are running. Detects & alerts when a process is stopped, and even restart it automatically Additionally, a framework is provided for executing scripts on target servers for assessing, reporting and enforcing corporate policies.

RTS ESM provides analysis an correlation, and reporting of these events, which may be sourced from RTS DBM and/or from object-level auditing on the operational software itself.

ISO 17799, Section A.12 — Control of Financial data and Human Resources data. Provide control of system audit data and collected data, including control of source code to prevent control bypass.

RTS DBM provides core control over database processes, operation, access and data, as discussed above, with further analysis being provided by RTS ESM to provide context around events — such as: the attack vector of the unauthorized access to Financial or HR data; related security violations; and other patterns useful for forensic security operations.

RTS ELM provides proper encryption and storage of this audit data, providing the necessary control of collected evidence.

Role / User based identity.

RTS ESM's integration with popular authentication systems helps ease the complexity associated with appropriately tracking and accounting for user authentication across the system. This includes the correlation of event, flow and log information to database activity events created by RTS DBM, perimeter security events created by RTSGuard IPS, and internal system-, host- and network- activity collected from routers, switches, and logs.

Create policies and procedures that identify prevention and timely detection of unauthorized acquisition, use or disposal of assets.

RTSSecurity provides a complete view of user activity from the network perimeter to the database itself, providing a clear and concise system for the detection, prevention, and forensic examination of asset activity.