What do all government and industry compliance standards and best practices have in common? They all require the definition and implementation of policies and controls to protect information and systems while demonstrating verifiable evidence that those policies and controls are enforced. Scrutinizer allows companies to provide demonstrable evidence of IT compliance with internal governance policies, external regulations, and industry best practices like HIPAA, FIPS, NERC, SCADA, SOX, COBIT, PCI and NPPI.

Scrutinizer Dashboard

HIPAA Compliance


HIPAA requires that proper controls are put in place to ensure that healthcare transactions and administrative information systems protect individually identifiable electronic health information. HIPAA noncompliance can result in civil liability and damage to your reputation.
Download the pdf explaining specific sections Plixer can address.

FIPS Compliance


Federal Information Processing Standards (FIPS) are U.S. computer security standards developed to protect information transmitted by government agencies and contractors. Plixer's Network Behavior Analysis, Flow Analytics, and IP Host reputation capabilities enable government entities to preserve the confidentiality and integrity of data collected and analyzed.

NERC


The North American Electric Reliability Corporation (NERC) has developed mandatory Critical Infrastructure Protection (CIP) Cyber Security Standards to protect the Critical Cyber Assets that control or affect the reliability of North American bulk electric systems. Approved by the Federal Energy Regulatory Commission (FERC), compliance with these standards is mandatory for all organizations involved with the country's bulk electrical network. Plixer provides continuous network visibility, enabling utilities to demonstrate network-wide compliance.

SCADA


SCADA compliance requires that proper controls are put in place to minimize risks associated with industrial control systems that monitor and control processes for delivering critical resources such as electric power, water, oil and gas. A breakdown of SCADA monitoring and control capabilities could cause large-scale blackouts and also affect other critical infrastructures such as oil and natural gas production, refinery operations, water treatment, wastewater collection, and pipeline transport systems.

PCI and NPPI


Retailer and financial services companies are deeply concerned about PCI compliance (Payment Card Industry). The PCI Data Security Standard (PCI DSS), is a set of prescriptive data security specifications to ensure the safe handling of cardholder information at every stage. The PCI DSS provides an actionable framework for developing a robust payment card data security process, including prevention, detection, and appropriate reaction to security incidents.
Download the pdf explaining specific sections Plixer can address.

SOX (Sarbanes-Oxley Act)


Like all other industry standards and government regulations, SOX requires the definition and enforcement of policies that ensure financial systems, data, and records are secure to prevent fraud and theft. CEOs and CFOs are required to certify reports to SEC and must report on their assessment of the effectiveness of internal controls and procedures for financial reporting. Specifically, management must:

  • Accept responsibility for the effectiveness of its internal controls
  • Evaluate the effectiveness using suitable control criteria
  • Support this evaluation with sufficient evidence
  • Present a written assertion about their effectiveness

Plixer Scrutinizer NetFlow & sFlow traffic analysis and IPFIX reporting helps publicly held corporations ready themselves for the Sarbanes-Oxley Act through the industry’s deepest levels of visibility, accountability, and measurability required for ensuring and maintaining compliance with these government regulations.

  • Verify and demonstrate the effectiveness of internal controls over critical network infrastructure connecting customers, suppliers, and partners.
  • Ensure and optimize network and application performance, availability and internal security.
  • Leverage user accountability for security and network risk visibility.
  • Understand and protect the transmission of all financial information that drives the business 
  • Measure and prioritize risks

COSO/COBIT


Some regulatory standards do not explicitly detail how to achieve compliance, but many organizations turn to best practice frameworks like “COSO” (Committee of Sponsoring Organizations of the Treadway Commission), which is recognized by the Security and Exchange Commission (SEC) as the official framework for establishing internal controls over financial reporting. COBIT (Control Objectives for Information and related Technology) provides the IT-specific aspect of COSO’s control framework and is supported by Plixer.  Our solution delivers the deepest levels of visibility, accountability, and measurability required for ensuring and maintaining compliance with these COBIT recommendations.

  • Ensure infrastructure resource protection and availability
  • Capacity and performance of IT Resources
  • Security testing, surveillance and monitoring
  • Malicious software prevention, detection, and correction
  • Network security
  • Cost modeling and charging

Compliance Summary


With Plixer Scrutinizer NetFlow & sFlow traffic analysis and IPFIX reporting, you will have the industry's deepest levels of visibility, accountability, and measurability required for ensuring and maintaining compliance with these industry standards.

  • Identify connections to and from the SCADA network
  • Track and account for healthcare employee network activity
  • Recognize unauthorized host access, enabling rapid response for electronic protected health information (EPHI) access, alteration, and/or destruction
  • Detect malicious and suspicious network activity
  • Leverage third-party integrations for threat mitigation to remediate security policy violations
  • Profile hosts for violations of security policies
  • Continuously monitor hosts and network activity to identify intrusions
  • Ensure and optimize SCADA network and application performance, availability, and internal security
  • Leverage user accountability for security and network risk visibility
  • Measure and prioritize risks
  • Conduct forensic analysis for security incidents

Scrutinizer allows administrators to quickly confirm the source of the problem by narrowing down the issue to the client, server, or network. In some cases, this is done by breaking down the environment into groups. The user interface allows the configuring of 'locking' policies that state which groups can communicate with one another. If rules are violated, an alarm is raised and full audits can be run to report on all end systems involved. Given ample disk space, Scrutinizer can save all raw flows from all flow-exporting devices for decades.

  • “Situational awareness is needed by government and commercial security organizations for effective threat discovery and risk mitigation. Technology and process integration are required, or investments will be wasted…”

    John Pescatore - Gartner