The amount and depth of network security and server security information provided within the event log already awaiting monitoring, storage, and auditing is staggering even without being faced with wide ranging HIPAA requirements.
Network security professionals around the globe are realizing the importance of monitoring, collecting, and reporting data in the event log. For those seeking HIPAA compliance, management of the event log throughout its life cycle is a central component in meeting aspects of HIPAA requirements – including the areas of data security, network security, and the tracking of file and network access.
Event Alarm, Event Archiver, and Event Analyst comprise Dorian Software’s suite of log management software – the only patent pending solution for total event log management.
Additionally, Dorian’s Fortress Desktop is proving helpful in access control and logon security and tracking. Finally, UltraAdmin – an Active Directory management tool – can act as a nice complement to efforts in more efficiently managing a network with the limited human and time resources left in the wake of expanding regulatory requirements.
What is True HIPAA Compliance?
Few are willing to go on the record to state what is and what isn’t HIPAA compliant. The first resource to come along from the federal government to define compliance is the following guide:
NIST / HIPAA Guidelines
A Publication by the
Computer Security Division of NIST
(National Institute of Standards and Technology)
But, as a pioneer in the event log management field since 1997 and with unparalleled support to a global customer base of countless users, Dorian Software’s log tools are uniquely positioned to spearhead your organization’s efforts in log management as a central component of your HIPAA strategy.
HIPAA’s Security Requirement
Establishing audit trails and auditing capability are critical to meeting HIPAAs security requirement. So, what components build a solid audit trail? According to the HCFAs own standards and guidelines in the HCFA Information Security Policy, if a potential security breach is to be investigated, the audit trail must be able to provide sufficient information to establish what events occurred, when they occurred, and who (or what) caused them.
Event logs will provide the very foundation for such an investigation. In fact, event logs are the basic piece of information providing real-time feedback on the health and security of your network. Therefore, monitoring, analyzing and preserving these logs for future auditing is a fundamental way of keeping tabs on your network its components, its users, and its unwelcome visitors.
A recent Network World article underscores the fact that there are many interpretations of HIPAA “compliance” and many vendor insights on strategies for compliance. It also highlights the provisions within each aspect of the HIPAA Security Rule – administrative, physical, and technical. The wide ranging provisions, the different interpretations by different parties on those requirements, the speculation by so many parties, and the lack of a central authoritative voice on what constitutes compliance continues to create confusion for many affected by the regulation.
However, it is safe to assume that efforts will focus on 1) event log management for network and access auditing with 2) logon management, tracking, and access control.
Event Alarm: On the Frontline
First, Event Alarm provides a proactive frontline defense. Monitoring your network in real-time, Event Alarm can notify you immediately with an email, page, or network popup upon the occurrence of events you specify including external intrusion. But, Event Alarm takes protection of your network even more seriously – providing the capability of notification not only when a hacker comes calling. Event Alarm is also prepared to detect internal security breaches.
But, how can a team of administrators ensure that log files are first stored for auditing without manually clearing and storing GBs worth of them? And, how can that team of administrators ensure that every single event is accounted for?
Event Archiver: Automated Consolidation of Log Files
Look to Event Archiver Enterprise – already trusted by federal agencies and Fortune 50 companies to automate the clearing and preservation of these event logs. Running as an unattended service on a Windows NT / 2000 / 2003 Server or NT / 2000 / XP Workstation, Event Archiver automatically archives the application, system, and security logs on multiple remote Windows servers and workstations on a schedule which you specify.
And, with the skyrocketing costs of implementing a HIPAA compliant solution, Event Archiver does not require an additional and expensive SQL implementation. Event Archiver consolidates logs into EVT format, comma-delimited text, and Access or ODBC databases.
Most importantly, clearing and consolidation of logs with Event Archiver is automated. Taxing your organization and you and your administrators time with an unreliable scripted solution or even worse, the manual monitoring and clearing of thousands of log files, is simply not an option.
Event Analyst: Making Reliable Auditing and Reporting Possible
Finally, with the frontline defense and automated consolidation in place, now you can begin your proactive analysis and auditing of your log files. Event Analyst, the third component of our total event log solution, empowers you to more proactively audit and report upon your network health and potential security breaches. Using Event Analyst’s special event log “windowing” technology, administrators can examine different cross sections of event log records from multiple sources simultaneously. Event Analyst’s highly intuitive interface allows the administrator to seek quickly through the logs, jumping to specific dates or rapidly scrolling through the logs chronologically.
The hundreds of thousands of event log entries make reliable auditing and reporting impossible when attempted without Event Analyst. However, Event Analyst provides room for local storage of frequently sought after events and event filters, allowing administrators to file away definitions for commonly examined events. After being stored, network administrators can summon time after time the same filters to quickly zero in on events of interest. In fact, Event Analyst ships with many predefined filters that are of immediate use to almost every network administrator.
Then, when auditing time comes or, in the unfortunate event that your team must pick up the pieces after a security breach, Event Analyst can report on the information in convenient, easy-to-access HTML format. Furthermore, any of these formats is suitable for presentation to law enforcement authorities.
With as much attention and research as is required for HIPAA compliance, dont believe for a moment that the effort ends with the arrival of compliance deadlines. Evolving threats to the security of networks and private data are ensuring that changing demands of HIPAA compliance will be with us for a while.
Other Resources Include:
Be sure to visit Dorian Software’s dedicated resource to better understanding the event log and strategies for managing it.
The HIPAA Security Rule
Read a primary source on HIPAA – from the US Department of Health and Human Services.