The Power of Knowing
Scrutinizer’s traffic analysis and reporting gives organizations the industry’s deepest visibility, accountability, and measurability of network utilization by user, device, and application. For organizations measured against compliance requirements, this empowers them to demonstrate to the auditors that policies are not just written, but are in fact consistently enforced and automated. If policy deviations occur, alarms are raised and full audits can be run.line-break
- Identify connections to and from the SCADA network
- Track and account for healthcare employee network activity
- Recognize unauthorized host access, enabling rapid response for electronic protected health information (EPHI) access, alteration, and/or destruction
- Detect malicious and suspicious network activity
- Leverage third-party integrations for threat mitigation to remediate security policy violations
- Profile hosts for violations of security policies
- Continuously monitor hosts and network activity to identify intrusions
- Ensure and optimize SCADA network and application performance, availability, and internal security
- Leverage user accountability for security and network risk visibility
- Measure and prioritize risks
- Conduct forensic analysis for security incidents
Some regulatory standards do not explicitly detail how to achieve compliance, but many organizations turn to best practice frameworks like “COSO” (Committee of Sponsoring Organizations of the Treadway Commission), which is recognized by the Security and Exchange Commission (SEC) as the official framework for establishing internal controls over financial reporting. COBIT (Control Objectives for Information and related Technology) provides the IT-specific aspect of COSO’s control framework and is supported by Plixer. Our solution delivers the deepest levels of visibility, accountability, and measurability required for ensuring and maintaining compliance with these COBIT recommendations.
- Ensure infrastructure resource protection and availability
- Capacity and performance of IT resources
- Security testing, surveillance, and monitoring
- Malicious software prevention, detection, and correction
- Network security
- Cost modeling and charging
HIPAA requires that proper controls are put in place to ensure that healthcare transactions and administrative information systems protect individually identifiable electronic health information. HIPAA noncompliance can result in civil liability and damage to your reputation.line-break
Federal Information Processing Standards (FIPS) are U.S. computer security standards developed to protect information transmitted by government agencies and contractors. Plixer’s Network Behavior Analysis, Flow Analytics, and IP Host reputation capabilities enable government entities to preserve the confidentiality and integrity of data collected and analyzed.line-break
The North American Electric Reliability Corporation (NERC) has developed mandatory Critical Infrastructure Protection (CIP) Cyber Security Standards to protect the Critical Cyber Assets that control or affect the reliability of North American bulk electric systems. Approved by the Federal Energy Regulatory Commission (FERC), compliance with these standards is mandatory for all organizations involved with the country’s bulk electrical network. Plixer provides continuous network visibility, enabling utilities to demonstrate network-wide compliance.line-break
SCADA compliance requires that proper controls are put in place to minimize risks associated with industrial control systems that monitor and control processes for delivering critical resources such as electric power, water, oil and gas. A breakdown of SCADA monitoring and control capabilities could cause large-scale blackouts and also affect other critical infrastructures such as oil and natural gas production, refinery operations, water treatment, wastewater collection, and pipeline transport systems.line-break
PCI and NPPI
Retailer and financial services companies are deeply concerned about PCI compliance (Payment Card Industry). The PCI Data Security Standard (PCI DSS), is a set of prescriptive data security specifications to ensure the safe handling of cardholder information at every stage. The PCI DSS provides an actionable framework for developing a robust payment card data security process, including prevention, detection, and appropriate reaction to security incidents.line-break
SOX (Sarbanes-Oxley Act)
Like all other industry standards and government regulations, SOX requires the definition and enforcement of policies that ensure financial systems, data, and records are secure to prevent fraud and theft. CEOs and CFOs are required to certify reports to SEC and must report on their assessment of the effectiveness of internal controls and procedures for financial reporting. Specifically, management must:
- Accept responsibility for the effectiveness of its internal controls
- Evaluate the effectiveness using suitable control criteria
- Support this evaluation with sufficient evidence
- Present a written assertion about their effectiveness
Plixer Scrutinizer NetFlow & sFlow traffic analysis and IPFIX reporting helps publicly held corporations ready themselves for the Sarbanes-Oxley Act through the industry’s deepest levels of visibility, accountability, and measurability required for ensuring and maintaining compliance with these government regulations.
- Verify and demonstrate the effectiveness of internal controls over critical network infrastructure connecting customers, suppliers, and partners.
- Ensure and optimize network and application performance, availability and internal security.
- Leverage user accountability for security and network risk visibility.
- Understand and protect the transmission of all financial information that drives the business
- Measure and prioritize risks