SOX Compliance Suite
Verify Processes. Reduce Compliance Costs.
LogLogic products help businesses meet recurring compliance requirements in a cost-effective way with information they already are generating in-house. The LogLogic SOX reporting suite is one of a series of reports that are helping companies handle key business issues, is designed to make it easier manage policies and controls associated with Sarbanes-Oxley Compliance.
Sarbanes-Oxley Act (SOX) is overseen by the US Securities and Exchange Commission (SEC) and safeguards against accounting errors and fraud management practices. The regulation was a response to corporate accounting scandals of 2001 and 2002, offering consumers protection from unscrupulous acts by public companies and their accounting firms. SOX applies to publicly traded companies that are listed on US-based financial exchanges and some private companies.
Log Management and Intelligence help companies meet compliance mandates like SOX continuously. LogLogic combines software, templates and architectural guidance to help companies to get compliant quick.
LogLogic Compliance Suite Instantly Turns Log Data Into Automated Reports and Alerts for SOX.
Enterprises recognize the critical role protecting information assets has on the success of their business and the importance of best-in-class corporate governance. LogLogic Compliance Suite enables best practices and processes to be easily implemented and enforced to support the IT governance requirements of executives and boards, while also addressing the more detailed requirements of those responsible for solution and service delivery. As a result, CIOs can optimize IT investments, ensure value delivery and mitigate IT risk in a transparent manner.
The LogLogic Compliance Suite automates the process of using log data to evidence and enforce business and IT policies such as Sarbanes-Oxley through COBIT 4.0, ITIL and ISO best practices The first solution of its kind, LogLogic’s Compliance Suite delivers 100+ reports and 75+ alerts — both easily customizable — that run on LogLogic’s award winning LogLogic appliances.
Enterprise data in the form of log files provides critical insight into the use of corporate assets, risks and IT performance. In addition to servers and applications, much valuable information comes from mining the log data from corporate firewalls, VPN concentrators, web proxies, IDS systems, E-mail servers and backup systems.
LogLogic’s Compliance Suite is utilizes LogLogic’s Agile Reporting Engine to allow easy customization of reporting and alerts and the development of custom dashboards based on industry standard processes. LogLogic’s Open Log Services enable raw data, alerts and reports to be easily routed to third-party management and compliance solutions to close the loop on, and constantly validate, business processes. Agile Reporting differentiates LogLogic’s compliance solution from industry alternatives based on static reports. Instead of having to write PERL scripts or SQL statements to customize reports, Agile Reports can be customized with a couple of simple mouse-clicks.
Typical benefits for IT, auditors and financial execs include:
- Time savings of up to two weeks per report and a dramatic improvement in risk mitigation and accuracy. Typical return on investments (ROI) of 1-3 months based on reduced or eliminated consulting, personnel and infrastructure costs.
- No consultancy or rules writing required — eliminating deployment and set-up costs normally incurred with typical security event management solutions
- Ease of reporting and customization — reports load in seconds and immediately start generating results on terabytes of log data. Reports can be mapped to specific business and IT policies.
- Sustainable compliance and a significant reduction in risk by delivering real-time, automated alerting on policies and controls.
- Log Process Auditing to automatically evidence that processes are being completed on time.
- Protection of the integrity of log data for purposes of attestation and litigation. Many current solutions (homegrown and security information and event management) damage and reduce infrastructure data when processing it. They also fail to deliver a way of systematically capturing and securely storing critical infrastructure data spread across the enterprise (and, of enforcing and evidencing this process).
Infrastructure in the form of log files provides critical insight into the use of corporate assets, risks and IT performance. In addition to servers and applications, much valuable information comes from mining the log data from corporate firewalls, VPN concentrators, web proxies, IDS systems, E-mail servers and backup systems, among devices.
Alerting & Reporting
The LogLogic Compliance Suite is the first solution of its kind to provide “out-of-the-box” support for COBIT 4.0 and ITIL, which are common frameworks used frequently by businesses to help achieve Sarbanes-Oxley Act compliance, and ensure security and availability of IT assets in general.
“Enterprises recognize the correlation between protecting information assets and best-in-class corporate governance. Rather than using a propriety methodology, LogLogic has codified thousands of hours of customer learning across hundreds of sites and industry standard best practices into easy-to-run reports and templates. And, unlike rigid dashboards and reports, LogLogic Compliance suite can be easily tailored to meet the requirements of human resources, audit, finance and IT.”
Pat Sueltz, CEO, LogLogic.
The reports and alerts monitor the majority of controls defined in the new COBIT 4.0 IT audit framework specifically and cover all four sections broadly. The COBIT controls and corresponding LogLogic reports and alerts cover six important areas of IT risk management:
- Access: Identity and access monitoring
- Activity: User activity monitoring
- Change: Change control monitoring
- Security: Security monitoring
- Infrastructure: IT infrastructure monitoring
- Continuity: Business continuity management
By automating compliance reporting and alerting based on critical infrastructure data collected and stored by LogLogic’s appliances, the LogLogic Compliance Suite removes the complexity and resource requirements from implementing policies such as COBIT and ITIL to successfully meet SOX and other regulations.
Compliance reporting and alerting from LogLogic is ideal for IT administrators, auditors and financial executives who want to reduce time to compliance and realize dramatic improvements in risk mitigation and audit accuracy.
LogLogic allows for ongoing data monitoring and reporting and long-term archival so you can attest compliance activities on an ongoing basis. Breakthrough Log Learning technology delivers the industry’s first smart behavioral alerts, which can be set by device, device group or network. Adaptive baseline, network policy and ratio-based alerts are all powered by artificial intelligence and machine learning technology. Managers receive early warning of insider misuse and unusual or suspicious behavior they can act quickly.
Customizable Compliance Reporting
LogLogic Compliance Suite uses LogLogic’s unique Agile Reporting Engine to allow on-the-fly customization of templates. Using Agile Reporting functionality, customers can match information log data against specific corporate controls and policies. Agile Reporting differentiates LogLogic’s compliance solution from industry alternatives based on static reports. Instead of having to write Perl scripts of statements to customize reports, Agile Reports can be customized with a few simple mouse clicks.
Real Alerts and Reports Based on Real Data
LogLogic Compliance Suite delivers reports and alerts on all four areas of the IT risk management framework defined by COBIT:
- Plan and organize (PO): This domain covers strategy and tactics, and identifying the way can best contribute to achieving business objectives.
- Acquire and implement (AI): To realize the IT strategy, IT solutions need to be identified, develop or acquired, as well as implemented and integrated into the business process.
- Delivery and support (DS): This domain is concerned with the actual delivery of required services, which includes service delivery, security and continuity management, service support for users, and data and operational facilities management.
- Monitor and evaluate (ME): All IT processes need to be regularly assessed over time for quality and compliance with control requirements. This domain addresses performance management, internal control monitoring, regulatory compliance and governance.
Sample Controls Addressed by LogLogic for Sarbanes-Oxley Compliance
| Category | COBIT 4.0 | Control Header |
|---|---|---|
| Identity And Access | DS5.3 | Identity Management |
| DS5.3 | User account management | |
| PO7.8 | Job change and termination | |
| User Activity | PO4.11 | Segregation of duties |
| AI2.3 | Application control and audit ability | |
| Change | AI6.1 | Change standards and procedures |
| DS9.3 | Configuration integrity review | |
| Security | DS5.2 | IT security plan |
| DS5.5 | Security testing, surveillance, monitoring | |
| DS5.10 | Network Security | |
| DS11.6 | Security requirements for data mgmt | |
| IT Infrastructure | DS1.5 | Monitoring of service level agreements |
| DS2.4 | Supplier performance monitoring | |
| DS3.5 | Monitoring of performance and capacity | |
| DS13.3 | IT Infrastructure monitoring | |
| DS10.2 | Problem tracking and resolution | |
| Business Continuity | DS4.1 | IT continuity framework |
| DS4.5 | Testing of the IT continuity plan | |
| DS11.5 | Backup and restoration |
Contact me
Have someone contact you within 24-hours.
Weekly Webcast
Join our experts every Tuesday.
3-Minute Tour
View a LogLogic introductory tour