The continued growth, proliferation, and awareness of cybersecurity as a necessary focus for all companies has helped revolutionize the global compliance landscape. A growing number of old regulations have been re-factored to include more stringent cybersecurity controls. New regulations are being developed and enforced globally, including the General Data Protection Regulation (GDPR), the China Privacy Policy, the Australian Signals Directorate, the United Arab Emirates National Electronic Security Authority, and more.
In most cases, the majority of these regulations are looking to enforce the same or very similar controls, as they’re all loosely based on frameworks and standards developed by ISO and NIST. While there are exceptions and outliers, you should be able to meet most, if not all, of your regulatory compliance requirements by implementing one consolidated module.
LogRhythm’s Consolidated Compliance Framework
LogRhythm’s Consolidated Compliance Framework (CCF) is a core compliance module with strong customer benefits. As an all-encompassing compliance module, LogRhythm’s CCF helps reduce the time and resources spent satisfying compliance regulations. The module is mapped to dozens of regulations, streamlining the compliance process by centralizing controls into a single module. For example, the GDPR’s far-reaching, comprehensive, and high-stakes data protection requirements have left many organizations concerned with meeting compliance. LogRhythm’s CCF, however, provides a solution designed to satisfy GDPR compliance needs. Pre-built content is directly mapped to controls associated with GDPR requirements such as AI Engine scenario-based analytic rules, dashboards, lists, and reports. The recent GDPR Compliance Module released by LogRhythm Labs is a key component of our CCF, and will enable your organization to effectively monitor and protect personal data in your environment.
Addressing Inefficiencies in the Compliance Process
LogRhythm Labs has traditionally developed stand-alone compliance modules mapped to the controls outlined in a specific regulation. From a development perspective, this often meant recreating the same content multiple times for each compliance module we built, and subsequently updating and digging into multiple modules for a change in a single control. This is the most commonly-used development method used by compliance services or software companies today.
This method proved to be inefficient and caused significant delays in our ability to develop and deliver additional compliance modules to our customers. From a customer perspective—specifically those that require more than one compliance module—this meant the possibility of firing two or more alarms (e.g., when implementing PCI-DSS, HIPAA, and GDPR modules) for the violation of the same, single control. This duplicative work also extends to reporting and general administration and usability of our product.
LogRhythm’s CCF will enable you to operate within one cohesive, consolidated framework, ultimately allowing you to better meet your compliance needs and protect your data and business interests. Moving to our CCF will help alleviate all of these issues and create not only a better SIEM user experience, but also help simplify the compliance process for most companies.
The Future of Compliance
This is simply the beginning of LogRhythm’s CCF. It will continue to evolve to incorporate ISO 27001, NIST-CSF, NIST 800-171, and NIST 800-53 framework. We believe these seemingly separate frameworks, when combined, will form a basis or core compliance module that addresses nearly all current regulations regardless of industry or sector. While we understand that each industry may have more specific requirements that are only associated with that industry, LogRhythm Labs has planned to create supplemental, add-on compliance packs or modules designed to meet industry-specific needs not already covered in the CCF.
Figure 1: The LogRhythm CCF Vision
LogRhythm’s Consolidated Compliance Framework is available in our knowledge base and currently includes pre-built content mapped to the controls associated with GDPR. We are excited to continue to add regulations and subsequent controls to the CCF throughout 2018, and encourage our customers to adopt early.