"eIQnetworks already correlates data from more data sources than any other solution on the market, and for that reason SecureVue is uniquely positioned to identify sophisticated in-progress attacks or vulnerabilities that log-only solutions will miss," said Vijay Basani, eIQnetworks' CEO. "With the ComplianceVue packages, eIQ now offers a turnkey solution for comprehensive compliance reporting across a broad range of security data including events, configuration data, vulnerabilities, and network flows, proving again that 'log data is not enough' to properly prove adherence to regulatory rules."
PCIVue, NERCVue, and HIPAAVue Streamline Compliance The new ComplianceVue packages include a SecureVue Central Server, and the associated compliance reporting modules and dashboards required to provide necessary documentation for regulatory-driven audits. Reporting is effortless, and section-specific compliance reports are directly linked to appropriate rules and requirements of each supported regulation, best practice, or standard. Interactive dashboards provide real-time views into key compliance metrics, and provide drill-down into underlying data to support comprehensive internal and external auditing needs.
Most importantly, eIQ's support of more than just log data means that the ComplianceVue packages include system configuration changes, data flow patterns across the network, and even system performance and availability when substantiating technical controls. Additionally, SecureVue's built-in security features, including monitoring, alerting, workflow management, and visualization tools " all built on the industry's most advanced, high-performance database " provide enterprises with the tools needed to align compliance and security efforts.
"Today enterprises are forced to do more with less, and manually preparing for numerous audits is difficult and challenging, but a necessary evil. Our new ComplianceVue packages provide a more comprehensive out-of-the-box solution to streamline the process," said Mike Rothman, Senior VP of Strategy at eIQnetworks. "The market is beginning to realize that security information and event management (SIEM) solutions lack comprehensive support for a broad range of security information, and relying on only log data is woefully inadequate—not only for security, but also for compliance."
Among the ComplianceVue features and benefits immediately available to current SecureVue customers and partners:
Reports for a variety of regulations, best practices, and standards. The ComplianceVue packages create reports to map network activity against PCI DSS 1.2, NERC CIP-002 through NERC CIP-009, and HIPAA (using 45 CFR Parts 160, 162, and 164). Additional packages for SecureVue customers are available to address NIST 800-53 Rev. 3, SOX (using COBIT 4.1), and GLBA (using the FFIEC IS Handbook). As regulations reach more and more industries, and as existing regulations change, eIQ's modular approach supports the straightforward inclusion of additional reports to assist compliance with new requirements.
Global reporting across a broad range of operating systems, network infrastructure, applications, and databases. The ComplianceVue packages are built on the high-performance, highly scalable SecureVue solution, and as a result can produce reports on the world's most demanding IT networks. As enterprises look to converge security and compliance operations, they can capture and correlate the broadest range of data sources in the industry including log and event, configuration, asset, network flow, vulnerability, performance, availability and other security-relevant data from network devices, security devices, servers, applications, and databases.
A foundation for value-added services. The ComplianceVue packages can be customized for Managed Security Service Providers (MSSPs) to offer compliance-reporting services to customers. MSSPs can easily create role-based access to a centralized deployment, allowing multiple customers to produce reports based on a unique view into their own environments. This is just one example of how partners are creating value-added services based on SecureVue's ability to manage and correlate data from numerous network devices and data sources.
Philip Howard, of industry analyst firm Bloor Research, recently commented on SecureVue's support for more than just log data, saying, "eIQnetworks has gone further by also collecting configuration, asset and performance data to further enhance its capabilities this makes SecureVue the most complete product in the SIEM market in terms of its breadth of data collection capabilities."
eIQnetworks executives have produced a series of articles and podcast recordings that discuss appropriate practices for regulatory compliance. As an example, by visiting the company's blog site (http://blog.eiqnetworks.com), visitors can hear recent podcast episodes about NERC requirements for energy industry companies.
Availability The ComplianceVue packages will be generally available as part of SecureVue 3.2 in September through eIQnetworks' global distribution channels.
About eIQnetworks eIQnetworks is redefining security and compliance management by proving "log data is not enough" and fostering collaboration across security, network, data center and audit teams to more quickly isolate the root cause of security issues and ensure compliance mandates are being enforced. Global financial, retail, media, healthcare, manufacturing, and government enterprises rely on eIQnetworks to make sense of formerly disparate data sources to react faster to emerging threats, automate their compliance efforts, and more effectively monitor security policies. Headquartered in Acton, Mass., eIQnetworks is located online at www.eIQnetworks.com and can be reached at +1 877.564.7787.