|
Virtualization and service processors changed all the rules for compliance management.
New, hidden virtualization management GAPS now exist where traditional log management systems are blind to virtualization security threats.
The Virtualization Security and Service Processor GAP
Virtualization logging requirements are opening new virtualization security holes with PCI, Sarbanes Oxley, HIPAA, SOX and NERC CIP compliance. Existing log management systems fail to provide virtualization security and logging for virtual systems thus leaving firms open to physical and virtualization compliance issues.
PCI, Sarbanes Oxley, HIPAA, SOX and NERC CIP demand credit card, corporate, patient and critical infrastructure data be SECURED, LOGGED and AUDITED.
- AT ALL TIMES — not just when the O/S or network is up
- IN ALL MODES — including virtualized environments
- IN ALL PLACES — including the service processor threat
- ALL STATES — even when the machine is in single user mode
If you are using a traditional log management system, you have huge GAPS where the clever criminal can steal credit card, personnel, corporate or other critical data - and your log management system is totally BLIND to it. You may think you are compliant, but the government and the litigators will not.
|
