ESP - SOX Compliance
COMPLY WITH SARBANES-OXLEY (SOX)
Protecting Financial Reporting Data
Section 404 of the Sarbanes-Oxley Act (SOX) requires that chief executives attest to the effectiveness and maintenance of internal controls encompassing all IT systems (including hardware, software, and networks) involved in financial reporting. IT departments must first identify these controls and then prove to auditors that each has been properly implemented, maintained and monitored to ensure the availability, confidentiality, and integrity of financial reporting data. Implementing and enforcing the ongoing operational effectiveness of controls and policies for IT systems is a significant undertaking.
What is your SOX security compliance score?
Elemental has developed ESP as a unique framework along with innovative technologies to reduce the overall time and effort involved in demonstrating compliance with SOX IT controls. The Elemental Security Platform helps enterprises easily identify SOX IT systems and provides preventive and detective controls to mitigate risks associated with host misconfigurations and unauthorized network access.
Host Discovery and Inventory
Automatic Host Discovery – New computers connecting to the network present a significant security management challenge. These new computers may be authorized company-owned computing assets-non-malicious computers belonging to partners and contractors-or they may be rogue devices with malicious intent. The Elemental Security Platform discovers and profiles all new endpoints connecting to the network, thereby providing security administrators with broad visibility.
SOX Host Inventory – SOX requires that enterprises identify and maintain an inventory of all hosts that are directly involved in financial reporting. Enterprise networks are constantly changing, making it difficult to maintain such a list. The Elemental Security Platform continuously detects which hosts are involved in financial reporting and generates SOX host inventory reports so that enterprises can quickly identify their SOX inventory at any point in time.
Host Configuration Controls
System Settings Management – A significant number of intrusions result from exploitation of system configuration errors. This problem is even more acute in heterogeneous computing environments, which are increasingly common. The Elemental Security Platform provides extensive cross-platform computer integrity policy rules based on industry best practices such as those from the National Security Agency (NSA), the Center for Internet Security (CIS) and the SANS (SysAdmin, Audit, Network, Security) Institute. Continuously monitoring compliance with these policies can ensure that multiple aspects of computer configuration-including the OS settings, registry settings, file permissions, authorization requirements, hardware and software inventory and application settings-meet these standards.
SOX Baseline Policy
The Elemental Security Platform provides a SOX security policy to help enterprises comply with general IT control requirements. Elemental recommends that this policy is applied to all hosts included in SOX audits. The SOX policy enables enterprises to easily manage and monitor host and network configuration rules that are consistent with industry best practices for cross-platform operating environments.
The Elemental SOX policy includes a rich collection of rules to control the configuration and network behavior of hosts. These rules address host access and authentication, file system access and permissions, system logging, kernel and registry settings and configuration of hardware devices. Unlike other products, the Elemental SOX policy also integrates rules to configure the security parameters of applications along with rules to control the network behavior of hosts.