Meet the GDPR's IT security requirements

with Log360.

Why Log360 for GDPR?

Most of the GDPR's requirements talk about not only getting proper consent from individuals, but also notifying these individuals on how their data is being handled as well as what rights they have over this collected data. However, there are also specific requirements concerning the security operations center (SOC). Apart from ensuring lawful and transparent data collection, businesses also need to establish technical measures to safeguard data from attacks and threats. This is the primary objective of the SOC. To meet this requirement, you need to deploy security information and event management (SIEM) solution.

ManageEngine Log360 is a comprehensive SIEM solution, that will help you meet the IT security requirements of the GDPR with its predefined audit report template. The solution also comes with the threat intelligence, forensic analysis, incident detection and management capabilities, that will help you protect personal data and stay GDPR compliant.

Explore Log360 and see for yourself how it helps meet the GDPR compliance requirements. We also assist you with a free e-book that decrypts GDPR’s IT security articles and gives you information on how Log360 helps you to meet those.

Why wait? Go ahead, download Log360, and explore it with a 45-day extended complimentary license. Need expert’s assistance in tuning the solution to fit your environment? Do not hesitate we’re a form away!

Thanks!

Your e-book is on its way.

If you don't find it in your inbox within the next few minutes, check your spam folder.

Explore Log360 for free

with 45-days complimentary license.

  • Please enter business email only.
    Please enter business email address
  •  
  • By clicking 'Get Your Copy Now', you agree to processing of personal data according to the Privacy Policy.

How Log360 helps you meet GDPR requirements

IT Security requirements of GDPR and Log360 features mapping

Scope of this guide

This document elaborates on the GDPR's IT security requirements, the measures security administrators need to take to meet these requirements, and how Log360, a comprehensive security information and event management (SIEM) solution, can help you meet these requirements.

Article

"..in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)."

What it means

  • To prevent unauthorized processing, set up security configurations and monitor the changes to these configurations to detect unauthorized or unlawful access and processes.
  • Audit all the operations performed on personal data to ensure the processes  carried out in a legitimate manner.

IT Security requirements of GDPR and Log360 features mapping

Article What it means What Log360 offers
"..in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)." To prevent unauthorized processing, set up security configurations and monitor the changes to these configurations to detect unauthorized or unlawful access and processes.

Audit all the operations performed on personal data to ensure the processes  carried out in a legitimate manner.
Log360 provides out-of-the-box audit reports as below to ensure authorized access to personal data.
  • SQL server permission information 
  • SQL server security changes 
  • Created, altered, or deleted roles and users in Oracle database server.
  • Domain level permission changes 
  • Group policy permission changes
  • Folder permission changes
  • Access control list (ACL) changes
  • User permission changes.
    • Also, to audit the changes to privileged groups, the solution provides detailed information on:
      • Changes to security groups 
      • Recently added members to security groups
      These reports help security admins validate whether the change made to the privileged user groups are legitimate. Further, Log360 offers audit reports on DML and DDL operations performed on SQL and Oracle databases to ensure that the processing of personal data stored in these databases is legitimate. Available reports
      • Selected, inserted, deleted, and updated tables.
      • Executed and received commands
      • Inserted, selected, updated, and deleted schemas.
      • Created, altered, and deleted tables/databases.
Protip: One of the best methods to prevent unauthorized or unlawful processing of personal data is to keep a check on network intrusions. With most of the security attacks aiming to steal personal data, it is mandatory that you try stop those attacks at its intrusion stage and continue protecting personal data.

Log360 helps stop security attacks by identifying malicious traffic into the network. The solution's threat intelligence feature includes Global IP Threat Database and STIX/TAXII threat feed processor that are dynamically updated with known malicious sources (IP addresses, domains, and URLs). An attempt of intrusion from any of these suspicious sources will result in instant email/SMS notification with which you can block the traffic and safeguard personal data from being mishandled.
Article 25 (2) "...In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons." Ensure that personal data access is granted only for selected users and is not made accessible to everyone. 

Monitor the privileged user group that has permissions to access and process personal data.Changes to this group should be tracked and analyzed to avoid unauthorized access to personal data.  
Log360 offers logon reports that help check who accesses the systems and applications that store/process personal data. 

Additionally, the permission and security configuration change reports (specified above) will also help validate the personal data access. 
Article 32 1(b) "... ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;" Regularly audit the systems (or servers) that store and applications (databases) that process personal data.

  Get notified in real-time upon any unauthorized access attempts, permission changes, privilege escalations, or unexpected shutdowns of servers and applications that could result in potential threats affecting  their confidentiality or integrity. 
To ensure confidentiality and integrity, Log360 offers real-time email notifications and exhaustive auditing reports on:
     
  • SQL server logon failures
  • Logon attacks on Windows Servers and SQL/Oracle databases
  • Reasons for logon failure to ascertain whether the attempt is authorized.
  • To ensure integrity, the solution offers audit reports for:
  • File permission changes
  • Critical group membership changes
  • ACL changes
  • Database role changes
  • Changes to privileged user accounts.
  • To ensure availability and to speed up troubleshooting process, Log360 offers real-time email and SMS notification when :
  • A database server goes down.
  • A file server shuts down.
  • A service stops unexpectedly.
Article 33 (1) "In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it,.." Data breaches, if any should be detected and reported to supervisory authorities within 72 hours. Log360, with its real-time correlation engine and threat intelligence platform, helps enterprises detect data breaches in real-time. 

The solution is capable of detecting data leakages for well-known attacks such as: 
     
  • SQL injection
  • Ransomware attacks
  • Insider data stealing
  • Cross-site scripting
  • Denial of Service and Distributed Denial o Service.
Further, the solution's custom rule building capability helps security admins create new rules to detect internal security attacks and policy violations as well. 
Article 33-3(d) "....describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. Elaborate the efforts taken to mitigate the attacks and its adverse effects.  Log360's forensic analysis capability helps to ascertain the data breach'seffects including:
     
  • System/server affected by the breach.
  • Data that got affected.
Further, the log search feature helps ascertaining the method of data breach, which is essential to mitigate the adverse effects and prevent future attacks of similar kind.

The comprehensive GDPR audit report

Apart from the abovelisted individual reports that help you probe into information that you need for meeting GDPR's security requirements, Log360 provides a comprehensive GDPR audit report, that aggregates and presents events across your network for easy auditing.

Salient features of Log360

     
  • Auditing activities happening in business critical applications
  • User behavior monitoring
  • Active Directory change auditing
  • Threat intelligence
  • Real-time correlation with integrated incident management
  • Automated log management
  • Best-in-class forensic analysis

About Log360

Log360 is an integrated solution for all log management and network security challenges. It offers real-time log collection, analysis, monitoring, correlation, and archiving capabilities that help protect confidential data, thwart internal security threats, and combat external attacks. To help meet the most needed security, auditing, and compliance demands, the solution comes packaged with over 1,200 predefined reports and alert criteria. 

Download 30-day trial

Thanks!

Your e-book is on its way.

If you don't find it in your inbox within the next few minutes, check your spam folder.

Learn how Log360 helps you meet these requirements.

  • Please enter business email address
  •  
  • By clicking 'Get Your Copy Now', you agree to processing of personal data according to the Privacy Policy.

© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.

Demo Request