COBIT Compliance Suite
Automate Alerting & Reporting
The LogLogic Compliance Suite is the first solution of its kind to provide “out-of-the-box” support for Control Objectives for Information and Related Technology (COBIT) 4.0. The reports and alerts monitor and verify many of the controls defined in the new COBIT 4.0 specifically, and cover all four sections broadly. COBIT is the IT Governance Institute’s IT governance and control framework, most frequently used to help achieve Sarbanes-Oxley Act compliance, but also ensuring security and availability of IT assets in general. COBIT 4.0 can be downloaded from www.isaca.org/cobit/.
Beyond Security Event Management
Unlike security event management solutions which typically cover one aspect of IT risk management — security monitoring, LogLogic reports and alerts cover this an other COBIT controls such as identity and access monitoring, user activity monitoring, change control monitoring, IT infrastructure monitoring and business continuity management.
By automating compliance reporting and alerting based on critical infrastructure data collected and stored by LogLogic’s appliances, the LogLogic Compliance Suite removes the complexity and resource requirements from implementing policies
Alerting & Reporting
The LogLogic Compliance Suite is the first solution of its kind to provide “out-of-the-box” support for COBIT 4.0 and ITIL, which are common frameworks used frequently by businesses to help achieve Sarbanes-Oxley Act compliance, and ensuresecurity and availability of IT assets in general.
The reports and alerts monitor the majority of controls defined in the new COBIT 4.0 IT audit framework specifically and cover all four sections broadly. The COBIT controls and corresponding LogLogic reports and alerts cover six important areas of IT risk management:
- Access: Identity and access monitoring
- Activity: User activity monitoring
- Change: Change control monitoring
- Security: Security monitoring
- Infrastructure: IT infrastructure monitoring
- Continuity: Business continuity management
By automating compliance reporting and alerting based on critical infrastructure data collected and stored by LogLogic’s appliances, the LogLogic Compliance Suite removes the complexity and resource requirements from implementing policies such as COBIT and ITIL to successfully meet SOX and other regulations.
Compliance reporting and alerting from LogLogic is ideal for IT administrators, auditors and financial executives who want to reduce time to compliance and realize dramatic improvements in risk mitigation and audit accuracy.
LogLogic allows for ongoing data monitoring and reporting and long-term archival so you can attest compliance activities on an ongoing basis. Breakthrough Log Learning technology delivers the industry’s first smart behavioral alerts, which can be set by device, device group or network. Adaptive baseline, network policy and ratio-based alerts are all powered by artificial intelligence and machine learning technology. Managers receive early warning of insider misuse and unusual or suspicious behavior they can act quickly.
Customizable Compliance Reporting
LogLogic Compliance Suite uses LogLogic’s unique Agile Reporting Engine to allow on-the-fly customization of templates. Using Agile Reporting functionality, customers can match information log data against specific corporate controls and policies. Agile Reporting differentiates LogLogic’s compliance solution from industry alternatives based on static reports. Instead of having to write Perl scripts of statements to customize reports, Agile Reports can be customized with a few simple mouse clicks.
Real Alerts and Reports Based on Real Data
LogLogic Compliance Suite delivers reports and alerts on all four areas of the IT risk management framework defined by COBIT:
- Plan and organize (PO): This domain covers strategy and tactics, and identifying the way can best contribute to achieving business objectives.
- Acquire and implement (AI): To realize the IT strategy, IT solutions need to be identified, develop or acquired, as well as implemented and integrated into the business process.
- Delivery and support (DS): This domain is concerned with the actual delivery of required services, which includes service delivery, security and continuity management, service support for users, and data and operational facilities management.
- Monitor and evaluate (ME): All IT processes need to be regularly assessed over time for quality and compliance with control requirements. This domain addresses performance management, internal control monitoring, regulatory compliance and governance.
Sample Controls Addressed by LogLogic for Sarbanes-Oxley Compliance
| Category | COBIT 4.0 | Control Header |
|---|---|---|
| Identity And Access | DS5.3 | Identity Management |
| DS5.3 | User account management | |
| PO7.8 | Job change and termination | |
| User Activity | PO4.11 | Segregation of duties |
| AI2.3 | Application control and audit ability | |
| Change | AI6.1 | Change standards and procedures |
| DS9.3 | Configuration integrity review | |
| Security | DS5.2 | IT security plan |
| DS5.5 | Security testing, surveillance, monitoring | |
| DS5.10 | Network Security | |
| DS11.6 | Security requirements for data mgmt | |
| IT Infrastructure | DS1.5 | Monitoring of service level agreements |
| DS2.4 | Supplier performance monitoring | |
| DS3.5 | Monitoring of performance and capacity | |
| DS13.3 | IT Infrastructure monitoring | |
| DS10.2 | Problem tracking and resolution | |
| Business Continuity | DS4.1 | IT continuity framework |
| DS4.5 | Testing of the IT continuity plan | |
| DS11.5 | Backup and restoration |
ROI
LogLogic customers normally experience a return on their investment of six months or less. The ROI of deploying the LogLogic solution can be measured in terms of:
- Reduced cost and complexity of log management. LogLogic accelerates the time to identifying and reporting on critical log data and significantly reduces the infrastructure and labor costs associated with log management.
- Improved storage and log data retention, reducing the amount of storage required and better utilizing existing NAS and SAN resources.
- Better utilization of existing network and IT management systems. Log Routing technology directs critical log data, alerts and reports to the application of your choice, reducing the need to manage multiple systems and the associated costs of training, maintenance and support.
- The ability to capture log data from virtually any application or device, eliminating the need for multiple systems. You can capture and store your data once, then report and alert to many different applications.
- Reduced downtime and accelerated threat remediation — LogLogic protects valuable data, saving resources and reducing downtime.
- Automate key compliance activities such as log data collection, retention and analysis. LogLogic generates reports in real-time for proof of compliance.
- Improved business continuity through mitigating the risk of network incidents and attacks.
- Improved security by deterring IP theft and malicious attacks, and achieving greater insight into user activity
Learn More
Contact me
Have someone contact you within 24-hours.
Weekly Webcast
Join our experts every Tuesday.
3-Minute Tour
View a LogLogic introductory tour