GLBA Compliance

The Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act (GLBA), also known as The Financial Modernization Act of 1999, was created to protect customer records and account information. Financial institutions according to GLBA are supposed to implement security solutions that effectively prevent and detect security threats towards their customer data.

In addition to detection and prevention techniques, they must also have incident management and response measures in place. These capabilities much be a repeatable process and can be used to improve the remediation process and to prevent future incidents. GLBA also requires log management and protection of log data to ensure integrity for evidentiary purposes.

Is Log Aggregation Enough?

The log aggregation part of meeting GLBA is not so challenging. According to the annual SANS Survey, most organizations have a central log server. Getting meaningful and useful data out of their log servers is clearly problematic. Most of the IT professionals that were surveyed stated that they have trouble.

Common complaints are that logs are hard to decipher, the volume is overwhelming and the logs are not correlated together. Analyzing and reporting activity is also an integral part of meeting GLBA. To achieve and maintain GLBA compliance log data must be centrally managed and most importantly the logs must be protected from being altered.

The LogClarity® Enterprise Solution is designed to automate and streamline several key elements of GLBA requirements. LogClarity® collects, aggregated and maintains all log data from all sources. LogClarity® instantly puts an MD-5 checksum to ensure that they can be used for legal and compliance purposes. LogClarity® provides simple to configure grooming so logs are automatically offloaded into an archived database without user intervention.

In addition, to the automated grooming, LogClarity® provides an Incident Management component which comes with over 375 built-in alerts. Alerts range from violations to compliance mandates, to security threat identification to operational problems. The Incident Management component of LogClarity® is a crucial element that enables customers to be proactive rather than being forced to manually sifting through log data.

The Database is the Weakest Link

Banking auditors are focused on making sure financial institutions utilize a strategic approach to meeting GLBA rather than a tactical one. Point-solutions are frowned upon when presented as long term solutions to GLBA. Because threats have been proven that they can come from “inside or outside the perimeter”, the continuous evolution of the defense-in-depth security strategy is required. Perimeter security is not enough.

Databases in particular are extremely vulnerable to data theft while insider attacks are also rising worldwide. In many cases, external drive abuse has been determined as the method of choice for stealing corporate intellectual property and customer private information. Accountability of all activity taking place inside database servers is the key to ensuring data security and meeting GLBA compliance.

The LogClarity® Enterprise Solution is the only solution that combines enterprise log management automation with Database Activity Monitoring and Incident Management. These three components used in concert ensure the highest visibility and true audit trail of activity. Full accountability of users can be achieved while data access can be monitored. LogClarity® helps customers prevent, detect, and respond rapidly to internal and external threats. Log data from user activity, databases, applications, systems and the network are correlated for unmatched forensics and reporting. If you are concerned about insider threats, or simply want to solve the fundamental requirements of GLBA, LogClarity® is designed to meet the challenges of security and compliance management.

LogClarity® Enterprise Solution Benefits

Compliance is Achievable
Customer Data Security is Increased
Log Management Automation
User Accountability
Audit Trail Protection