by Jasmine Chennikara-Varghese

Organizations are challenged to maintain compliance to regulatory standards and internal mandates while proactively keeping users and data secure. As the cyber landscape evolves and becomes more complex, it is imperative to have sufficient visibility into users and transactions that impact both compliance and security.  Log data plays a significant role in providing that insight and accelerating detection of compliance failures and security breaches.

Using application and security audit logs, users and their associated activities can be reviewed for adherence to corporate standards and for compliance in segregation of duties and privileged user monitoring. Most organizations have routine auditing processes in place to examine transactions and user activities on system data. This is often a periodic manual review of log events to assess user privilege changes and identify fraudulent transactions or access violations by authorized users.

While compliance does not guarantee security, audit log data used to establish compliance can also deliver insights for security analytics.  Monitoring all users for privilege changes and transactional activity enables security analysts to derive behavioral patterns and detect changes in activity. With the same log data, viewed from the security perspective, anomalous authorizations or unexpected user transactions, such as creation of a new user account by a non-administrative user, can be identified.

Multi-dimensional analysis of log data also enables security analysts to follow the breadcrumbs and gain visibility into the lifecycle of a data breach. This includes uncovering whose credentials were used to access and change system configurations or create a user with escalated privileges.  Analysts can also track privileged account access and ascertain if critical activities were performed, such as download of sensitive master data tables.

Access and activity against critical data is a security concern as well as a potential control violation making it both a compliance issue and a data exposure risk. Greenlight solutions empower security and compliance teams with the right insight about who is actually accessing data, to discover discrepancies or gaps in the expected data access and transactions. Learn how Greenlight solutions help you transform application and security audit logs into security and compliance intelligence.