GDPR: General Data Protection Regulation
What GDPR says?
The entry into force of the EU Regulation 679/2016 – General Data Protection Regulation – that obliges companies to protect personal data of people in EU, had have an immediate impact on information systems.
- In particular, accountability principle (Article 5, paragraph 2) imposes data controllers to demonstrate compliance with the legislation assessing adequacy of technological solutions adopted and their effectiveness in protecting personal data.
- The violation can cause administrative charges (by control authorities, article 58) that are explained in the Article 83 as well as the criminal ones (Articles 197,168 and 169).
SGBox operates in compliance with regulations
In this context, one of the main test tools for tracking data management activities is the log generated by computer devices.
The Security Information and Event Management (SIEM) platforms have suddenly acquired a significant weight, also considering the possibility of collecting information about access in an organized way.
SGBox is a next generation modular SIEM and SOAR platform for intelligent data management in cloud, virtual or physical appliance.
Each module, which can be activated individually, has its own specific functionality and cooperates with other modules to share the information collected, facilitating compliance with the requirements imposed by the GDPR.
The features of the various modules allow to meet the requirements imposed by the various regulations.
The tool allows you to use predefined or custom controls to automate the compliance process.
How SGBox support the GDPR Compliance
Article 17 (“right to erasure/right to be forgotten”)
GDPR requires to define data-destruction policy (retention period) that respects the right to obey data of the concerned party.
SGBox allows not only registering all users’ accesses to company’s files via server audit and NAS but also to prove that secure personal data cancellation procedures are respected.
Article 24 (“responsibility of the controller”)
Article 25 (“data protection by design and by default”)
Article 28 (“processor”)
Monitoring of users access to resources (authentication systems, VPN accesses, file server, NAS, email server, etc);
• Monitoring of system administrators accesses to resources (access log, details of operations made in the system);
• Monitoring of traffic logs of perimeter firewalls (information about network connections from internal systems, communication with Command and Control systems, possible actions of data exfiltration identification);
• Monitoring of generated logs from Endpoint Protection platforms (EPP) and Endpoint Detection and Response (EDR) allowing malware identification or possible attacks aimed to avoid company data;
• Monitoring of logs generated by Host Intrusion Prevention and Detection (IPS, IDS) tools, also Host-based intrusion detection system (HIDS);
• Monitoring of logs generated by File Integrity Monitoring (FIM) and Data Leakage Protection (DLP) solutions aimed to protect company data;
• Decrease attack surface with vulnerability management activities (NVS module), identification of data asset vulnerabilities caused by updates lack or by incorrect configuration (hardening); threats classification;
• Collection of Open Source Threat Intelligence Feed of third parties (LM and LCE modules) to reduce number of false positive and provide accurate information to technical staff;
• Advanced features of data analysis and presentation to facilitate the IT incidents management process.
Taking advantage of collected data, Log Correlation Engine module (LCE) allows to identify risk scenarios with correlation rules that can apply automatic countermeasures.
Article 32 (“Security of processing”)
Particularly with regard to the need to adopt appropriate technical and organisational measures.
SGBox allows to demonstrate adequacy of technical and informative measures via security system data centralization (firewall, IDS / IPS, EOO, EDR, DLP, FIM, VPN, directory service, etc).
A powerful log recognition and normalization engine with a simple and intuitive interface allows users to aggregate logs produced by different platforms in the company.
The collected data can be centrally analyzed and managed in real time. It can be done in logs history as well. The analyzed data can be presented with graphs and detailed personalized reports (dashboards).
When it is necessary to take advantage of a strong authentication, it is possible to use authentication mechanisms of an external directory server to connect to SGBox web console.
Article 33 (“notification of a personal data breach to the supervisory authority”)
Article 34 (“communication of a personal data breach to the data subject”)
SGBox encourages the detection of system violation (Articles 33 and 34) using automatic features based on behavioral models of User Behavior analytics (UBA).
The platform offers a complete visibility (24×7) of security events (dashboard, views, etc.) to identify an attack and accelerate response time in case of an IT incident.
Information centralization (with a possibility to set up a personalized retention time to respect the security system needs and proportion principle) encourages investigations and allows to set up root cause of a data breach.
Article 35 (“data protection impact assessment”)
SGBox offers a possibility to differentiate the access to logs information according to least privilege and need to know principles.
On request, SGBox allows to disguise information about navigation of users from proxy servers logs in visualization (via parser), in order to allow access only to authorized users (data obfuscation).
With SGBox, it is possible to correctly apply role-based access control technics to limit access to data of logs included in SIEM platform.
The platform offers asset discovery features as well as those related to definition of dynamic groups of host related to specific company functions (perimeter systems ISO 27001, human personnel systems, etc).