|
|
| |
|
Virtualization and service processors changed all the rules for compliance management.
New, hidden virtualization management GAPS now exist where traditional log management systems are blind to security threats.
The Virtualization and Service Processor GAP
Virtualization logging requirements are opening new holes with PCI, Sarbanes Oxley, HIPAA, SOX and NERC CIP compliance. Existing log management systems fail to provide virtualization security and logging for virtual systems thus leaving firms open to physical and virtualization compliance issues.
PCI, Sarbanes Oxley, HIPAA, SOX and NERC CIP demand credit card, corporate, patient and critical infrastructure data be SECURED, LOGGED and AUDITED.
- AT ALL TIMES — not just when the O/S or network is up
- IN ALL MODES — including virtualized environments
- IN ALL PLACES — including the service processor threat
- ALL STATES — even when the machine is in single user mode
If you are using a traditional log management system, you have huge GAPS where the clever criminal can steal credit card, personnel, corporate or other critical data - and your log management system is totally BLIND to it. You may think you are compliant, but the government and the litigators will not.
Read More:
VIRTUALfx – Monitor, Manage, Remediate in a Virtualized World
Log Management GAPs
VMs Can Hurt You
2008 Data Breach Investigations Report
SANS Institute March 2008 Alert
Hardware Service Processors
Log Management
Virtualization
Outside-In Infrastructure
|
| |
|
|
