Vigilance™ Monitoring for Compliance
Intrinium Vigilance™ – Your Solution for Compliance
Compliance can pose a difficult challenge for most organizations; Intrinium Vigilance™ simplifies your compliance needs. Through this advanced security solution, our clients will be able to more effectively reduce risk and meet the requirements of HIPAA, FFIEC Cybersecurity and U.S. Security and Claims commission.
The following diagrams outline the necessary requirements for all compliance requirements, as it relates to federal regulations.
Intrinium Vigilance™ – Your Solution for HIPAA Requirements
Security management process
Implement policies and procedures to prevent, detect, contain, and correct security violations. 45 CFR 164.308 (a)(1)(i)
Intrinium Vigilance™ allows you to get the most out of your security hardware: Preventing events before they happen, detecting them quickly, containing them before they escalate, and applying remediation in real-time.
Security incident procedures
Implement policies and procedures to address security incidents. 45 CFR 164.308 (a)(6)(i)
Intrinium Vigilance™ Security Analysts act to support your Incident Response Policy by creating Standard Operating Procedures for incidents and guiding your response through robust security best practices.
Person or entity authentication
Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed. 45 CFR 164.312 (d)
Intrinium Vigilance™ correlates multiple logging sources to help identify suspicious activity and behavior, ensuring that unauthorized use of accounts does not take place.
Information system activity review
Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. 45 CFR 164.308 (a)(1)(ii)(D)
Intrinium Vigilance™ provides a central repository for logs, generates reports as needed, and provides detailed after-action reports in the case of any serious security incident.
Access control
Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights. 45 CFR 164.312 (a)(1)
Intrinium Vigilance™ tracks the creation, deletion, and modification of network users, greatly reducing the risk of unauthorized access.
Response and Reporting
Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity; and document security incidents and their outcomes. 45 CFR 164.308 (a)(6)(ii)
Intrinium Vigilance™ allows you to get the most out of your security hardware: Preventing events before the happen, detecting them quickly, containing them before they escalate, and applying remediation in real-time.
Audit controls
Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. 45 CFR 164.312 (b)
Intrinium Vigilance™ monitors the logs of critical servers and systems to help ensure only authorized activity takes place.
Intrinium Vigilance™ – Your Solution for FFIEC Cybersecurity Requirements
Threat Intelligence & Collaboration
Financial institution management is expected to monitor and maintain enough awareness of cybersecurity threats and vulnerabilities so they may evaluate risk and respond accordingly.
Intrinium Vigilance™ provides a central repository for logs, generates reports as needed, and provides detailed after-action reports in the case of any serious security incident. Utilizing credentialed and un-credentialed scan vulnerabilities can be scheduled or performed ad hoc. The result then produces actionable items of remediation to create a more secure posture.
Cybersecurity Controls
Cybersecurity controls can be preventive, detective, or corrective.
Preventive controls need to be reviewed and adjusted when financial institutions change their information technology (IT) environment. Financial institutions should routinely scan IT networks for vulnerabilities and anomalous activity, test systems for their potential exposure to cyber-attacks, and remediate issues when identified.
Intrinium Vigilance™ provides a central repository for logs, generates reports as needed, and provides detailed after-action reports in the case of any serious security incident.
Intrinium Vigilance™ – Your Solution for SANS Technology Institute Requirements
Controlling access to various systems and data via management of user credentials, authentication and authorization methods, firewalls and/or perimeter defenses, tiered access to sensitive information and network resources, network segregation, and system hardening.
Intrinium Vigilance™ are intimately familiar with industry best practices and will make recommendations to limit unauthorized or escalated access to your most sensitive data. In addition, their understanding of regulatory and compliance standards makes them uniquely qualified to assist your organization make informed choices on network infrastructure and configuration.
Data encryption.
Intrinium Vigilance™ utilizes VPN communication between the sensor and the Security Event Platform. Since no actual log data leaves your environment, only the alerts leave your network and that is encrypted
Protecting against the loss or exfiltration of sensitive data by restricting the use of removable storage media and deploying software that monitors technology systems for unauthorized intrusions, the loss or exfiltration of sensitive data, or other unusual events.
Intrinium Vigilance™ integrates threat intelligence with built-in security controls, accelerates threat detection, remediation, and regulatory compliance. Within minutes we are able to discover all of the IP-enabled devices on your network, what software is installed on them, how they’re configured, any potential vulnerabilities and active threats being executed against them.
Data backup and retrieval.
Intrinium Vigilance™ works with your organization to ensure that all the most important data is being backed up by knowing what devices are critical for business continuity. Our immediate discovery of all your IP-enabled assets allows for easy discovery of forgotten devices.
We are here to help, contact us today.
External Penetration Test 101
Chiara Morrison - Manager, Marketing All businesses, large and small, face the growing challenge of Information Security within the organization. As an SMB, we know you want to protect your clients’ data and meet compliance requirements without allocating a...
Side-Channel: Page Cache Attacks
A side-channel attack is an attack vector through which a threat could glean information from your computer or information system. This could be as simple as reading emissions (see Emissions Security or EMSEC) from your computer to using sophisticated methods of monitoring data being written onto your hard disk and making determinations that way.
Streamlining Technology Security for SMB
By Shea McHugh -Information Security Analyst- Intrinium Streamlining Technology Security for SMB External penetration testing is a great first step in assessing your network. After your network assessment is completed, we recommend reviewing your approach...
California Consumer Policy Act of 2018
Chiara Morrison - Manager, Marketing 2018 has been the year of regulation in the Information Security community from General Data Protection Regulation (GDPR) to the California Consumer Policy Act (CCPA), privacy and security is more important than ever. 2019 is...
Top 18 of 2018
Chiara Morrison - Manager, Marketing As we wrap up the year, we wanted to share some of our favorite and most trafficked blog posts from our staff writers. We hope you enjoy! https://intrinium.com/smb-relay-attack-tutorial/ https://intrinium.com/events-2/...
How to Set Up and Configure Multi-Factor Authentication in the Office 365 Admin Center
How to Set Up and Configure Multi-Factor Authentication in the Office 365 Admin Center We recommend activating and configuring your multi-factor authentication to ensure you are optimizing your cybersecurity for your Office 365 platform. Before beginning, it is...
Tips for Staying Safe This Holiday Season
By Chiara Morrison - Manager, Marketing As we head into the holiday season, The National Cybersecurity & Communications Integration Center (NCCIC), reminds users to be aware of seasonal scams and malware attacks. As of the NCCIC release on November 19th, 2018,...
Managing the Information Security Budget
By Tracy Martin – Senior Information Security Consultant – Intrinium Developing a budget for your information security program can be challenging. Priorities have a way of changing throughout the year, regulations change, or new regulations, such as the GDPR, are...
Phishing and The Seasons
By Sahan Fernando - Director, Managed Security - Intrinium Phishing is constant, relentless and a perpetually annoying threat for all Information Security professionals. As we move into year-end, it is important to remind your staff that phishing is all about being...
Financial Planning for Security
By Sahan Fernando - Director, Managed Security - Intrinium Budget success depends on having a strategic IT plan and vision, executed by a strong leader and supported by good processes. With the fiscal year 2019 right around the corner, this is something we all need! ...