ManageEngine Tunes SIEM Solution to Simplify GDPR Compliance

ManageEngine, the real-time IT management company announced that its security information and event management (SIEM) solution, Log360, is now equipped with a prebuilt report and strengthened correlation engine to simplify enterprises’ efforts to meet General Data Protection Regulation (GDPR) requirements. With its new correlation rules and GDPR-specific report, Log360 helps enterprises improve their ability to detect data breaches, prove that their data is always protected, and meet requirements stated in Articles 25(1) & (2), 32(1)(b), and 33.

Starting May 25, 2018, every enterprise that handles the personal data of European Union citizens will need to maintain GDPR compliance. The GDPR's main goal is to enforce transparent data collection and processing methods, as well as stricter data security policies. Non-compliance could result in a hefty fine, so enterprises have to assess their current data protection measures, document relevant information on data processing, and reform their data collection and processing procedures in accordance with GDPR requirements before the GDPR goes into full effect.

"Translating all the GDPR's requirements into IT security policies will have a huge operational impact on businesses of all sizes. The larger the enterprise, the longer it will take to fully adhere to the GDPR," said Manikandan Thangaraj, director of product management at ManageEngine. "With just a few months left to become compliant, we've made it easier to get up to speed with the GDPR using Log360's real-time correlation engine and exclusive GDPR auditing report."

Log360 Features Mapped to GDPR Requirements

Log360's prebuilt GDPR report helps enterprises meet the data protection and secure processing requirements stated in Articles 25(1) & (2) and 32(1)(b) of the GDPR.

The solution also includes:

• Extensive auditing capability: Monitor critical changes to Active Directory—such as changes to security groups, GPOs, permissions, and more—in real time to prevent internal attack attempts. Audit databases (SQL and Oracle) and servers (Windows, Linux, IBM AS400, and more) where personal data is stored to uphold the confidentiality, integrity, and availability of these systems.
• Privileged user monitoring ability: Track privileged user accesses and activities carried out on personal data to ensure that data processing is performed in accordance with the GDPR. Detect and get alerted for user behavior anomalies in real-time to prevent personal data leakage.
• Breach prevention module: Monitor logs from network perimeter devices such as firewalls, IDSs, IPSs, and security solutions (including vulnerability scanners), and correlate the data with threat feeds to prevent breach attempts originating from outside the network.

Enterprises can also meet the notification of personal data breach requirement, outlined in Article 33, with Log360's:

• Real-time data breach notifications: With Log360's strengthened real-time correlation engine, fulfill the GDPR's requirement by detecting data breaches and generating an incident analysis report that provides information on a breach's impact.