To add pressure to an already stressful job, IT professionals carry the burden of the “knowledge” role in compliance with government regulations regarding privacy, fiscal responsibility and protection of certain groups from exposure to specific Web content. Senior management, HR and others look to the data pros to maintain the proper controls and logs required to satisfy audits and defend against litigation.
VistaOne has helped financial organizations comply with Sarbanes-Oxley, healthcare providers with HIPPA, schools with the Children’s Internet Protection Act and many others. While we don’t claim to be experts (we’re not lawyers), we can recommend tools developed by people who’ve studied the statutes that can help automate some of the chores.
Blue Coat Offers Comprehensive Security to Achieve Compliance
Blue Coat products help you manage the most sophisticated online threats that can compromise your data and leave your organization vulnerable to fines, legal action and worse. They promise cost-effective ways that make it easier to:
- Automate network security policies to comply with government regulations
- Set and enforce effective Web communication policies at the gateway
- Effectively filter Web content while optimizing bandwidth
- Deliver a comprehensive Internet security platform that protects against Web-based threats such as spyware, viruses and trojans
- Keep customer, student, financial and patient data safe
Blue Coat addresses the appropriate regulations in a variety of situations:
Financial institutions: Comply with Sarbanes-Oxley and the Gramm-Leach-Bliley Act by preventing unauthorized access to customer records and other confidential information, controlling IM and Skype communications and stopping spyware, viruses and trojans at the network gateway.
Securities dealers: Stay compliant with NASD Rule 3010 by using Blue Coat to monitor, manage and control all email and IM communications between your financial reps and external customers and partners.
Retail Establishments: Blue Coat and its technology partners can help implement the Payment Card Industry (PCI) Data Security Standards (DSS) to safeguard customer data.
Educators: Let Blue Coat help you comply with the Children's Internet Protection Act (CIPA) by keeping inappropriate content and Web sites off your school's network. Read Blue Coat’s CIPA FAQ to learn more.
Healthcare providers: Blue Coat's proxy-based architecture helps you comply with HIPAA by stopping malicious code at the Web gateway, so you can protect patient information and deliver secure, anytime access to your providers and administrators.
Blue Coat has designed all its products to help you achieve compliance according to ISO 17799, a code of practice for information security management published by the International Organization for Standards (ISO).
Riverbed’s Cascade Captures Network Flow Data for Cost-Effective Compliance
For many companies, protecting sensitive customer information requires extensive deployments of hardware for intrusion detection and/or prevention. For others, the cost of audits that prove that unauthorized persons did not have access to regulated data is burdensome. These organizations need the ability to cost effectively monitor both external and internal access to regulated resources and provide historical data stores of such access.
Riverbed Cascade uses network flow data collected from existing sources within the infrastructure. It enhances that data with sophisticated grouping and active directory information and performs both policy-based and behavioral-based analysis on network activity to identify instances of access to controlled resources. Cascade provides compliance sensitive users with:
- The ability to leverage existing network devices as a source of intrusion detection mitigating the need for expensive remote deployments
- User Defined Policies and custom resource grouping to monitor access of regulated resources by authorized and unauthorized users
- Anomaly detection that can pick up authorized users exhibiting unique behaviors like accessing a controlled data store and sending data to remote sites
- The ability to easily prove that only authorized users accessed regulated assets in the last year
Cascade enables User Defined Policies that automate the monitoring of access to regulated assets. Its advanced Network Behavior Analysis (NBA) technology is the most advanced in the industry allowing customers to implement automated network and application monitoring and analysis with a significantly reduced burden on expert operations staff.
Cascade: An Example
A global hospitality company operates 900 properties around the world. Multiple users at every location access customers’ personal credit information. Their systems integrator informed them PCI compliance mandated the deployment of $3000 IDS devices in each location.
The company's reaction was, “even if the devices were free we couldn't afford to deploy and maintain them.” In desperation, they consulted a wiser and more helpful WAN performance and security specialist. They learned they could use Cascade to collect network flow information from branch routers already deployed at each property.
As a bonus, Cascade armed them with active directory data, business grouping of their PCI servers and user defined access policies. They achieved compliance for 1/8th the cost proposed by the integrator.
Resources:
Blue Coat Solutions to Help Implement PCI DSS
Blue Coat and the Children’s Internet Protection Act (CIPA)
Visibility and Control with Proxy Appliances (Blue Coat)
Creating Notification Policies: Coaching, Splash, and Compliance (Blue Coat)
Best Practices for Controlling Skype within the Enterprise (Blue Coat)
Palm Beach County Schools (Blue Coat, CIPA)
Doctors and Physician’s Groups Under Pressure by the Government to Better Protect Patient Data