Accelerate and Simplify HIPAA Compliance Management

Quickly achieve HIPAA compliance with a full set of essential security capabilities built in to AlienVault USMTM.

Traditional SIEM products aren’t sufficient for meeting HIPAA compliance requirements and keeping up with today’s changing cyber security landscape. They’re costly, complex, and take too long to deploy.  AlienVault Unified Security Management™ (USMTM), with its unique unified approach, delivers a more comprehensive solution that costs less and delivers results in significantly less time.

AlienVault USMTM provides you with the functionality you need to measure HIPAA compliance, in a single platform:

  • Discover all IP-enabled assets, including OS details
  • Identify vulnerabilities like unpatched software or insecure configurations
  • Correlate security events automatically with over 2,500 predefined correlation directives
  • Detect threats already in your network, like botnets, trojans & rootkits
  • Understand the objectives of threats targeting your network
  • Speed incident response with built-in remediation guidance for every alert
  • Monitor and report on security controls required for HIPAA compliance

Threat Intelligence for HIPAA Compliance

IT teams of all sizes suffer from too much log data and not enough threat intelligence, as security tools generate a steady stream of alerts about important (and not so important) activity. Without deep security expertise you are then required to conduct research into each alarm to understand the significance of each alarm and what to do about it.

AlienVault USMTM’s integrated threat intelligence from AlienVault Labs eliminates the need for you to spend precious time conducting your own research. The AlienVault Labs team regularly delivers threat intelligence as a coordinated set of advanced correlation rules and product updates, including up-to-the-minute guidance on emerging threats and context-specific response advice, which accelerates and simplifies threat detection and remediation.


Threat Detection for Healthcare Organizations

According to the Identity Theft Resource Center, healthcare organizations suffered 42.5% of breaches identified in 2014. It’s impossible to stop a dedicated, patient attacker from penetrating even the most secure network. Therefore, it’s essential to detect and respond to attacks as quickly as possible.

At AlienVaultTM, we help healthcare organizations of all sizes achieve world-class threat detection and incident response without the headaches and huge expense of other solutions. Our unified approach puts hours back in your day with automated threat detection and integrated threat intelligence that eliminate manual, time-consuming log analysis and threat research.

AlienVault USMTM has helped healthcare organizations like Shriners Hospitals, Kaiser Permanente and Novo Nordisk accomplish these key tasks:

  • Identify vulnerabilities on assets that store electronic protected health information (ePHI)
  • Maintain an audit log of who has accessed ePHI
  • Identify systems communicating with malicious IPs, a sign of possible compromise
  • Identify and respond to security incidents; including remediation advice for every alert

Comprehensive Reporting and Log Management for HIPAA Compliance

HIPAA Standard § 164.312(b) — Audit Controls states that you must “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.” AlienVault USM is updated regularly with new compliance reports as these regulatory standards evolve, greatly reducing the time required to assess HIPAA compliance. In addition, AlienVault USM’s intuitive reporting interface simplifies adherence to this standard with its easy to use interface and integrated scheduling functionality.

HIPAA Compliance Standard § 164.312(c)(2) deals with data integrity and requires that any covered organization “Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.”

Alienvault USMTM helps entities satisfy this requirement by providing File Integrity Monitoring (FIM) on files as well as Windows registry entries and digitally signed audit logs. AlienVault USM’s FIM feature performs regular audits on files (ePHI, security configuration, or other sensitive files) by comparing its current hash state with a recorded baseline, alerting you to changes to the files makeup as well as permissions, file owner, and last modified time.

To ensure that the logs themselves have not been tampered with, AlienVault USM includes a mechanism to validate the authenticity of stored logs by digitally signing them at the block or line level. This confirms that your logs have remained unaltered while stored in the USM logger and allows for them to be admissible in a court of law.


AlienVault USMTM Covers Key HIPAA Requirements

§164.308 – Risk Analysis

Conduct an accurate assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.
Relevant USMTM CapabilitiesBenefits of Unified Security ManagementTM
  • Asset discovery
  • Vulnerability assessment
  • Network intrusion detection (NIDS)
  • Host intrusion detection (HIDS)
  • File integrity monitoring (FIM)
  • SIEM
  • Risk scoring & analysis
  • Built-in asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, and security intelligence—provides a complete picture of your risk posture, within hours of deployment.
  • Accurate and consolidated asset inventories combined with real-time vulnerability assessment data is essential for auditor reviews and assessments.
  • Accelerated audit procedures because integration is already completed—as soon as you install USM.

§164.308 – Information System Activity Review

Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. 
Relevant USMTM CapabilitiesBenefits of Unified Security ManagementTM
  • Vulnerability Assessment
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • SIEM
  • Behavioral Monitoring
  • Log Management
  • Built-in asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, and security intelligence— reduces the cost and complexity of compliance.
  • Unified log review and analysis, with triggered alerts for high risk systems (containing ePHI).
  • Customized, action-oriented alerts which tell you exactly what to do, rather than add to the noise.
  • Integrated threat intelligence powered by AlienVault Labs acts like your own dedicated team of analysts.

§164.308 – Access Authorization, Establishment, and Modification

Implement policies and procedures that grant, establish, document, review, and modify a user’s access to assets.
Relevant USMTM CapabilitiesBenefits of Unified Security ManagementTM
  • Asset discovery
  • Host intrusion detection (HIDS)
  • File integrity monitoring (FIM)
  • SIEM
  • Automatically discover all ePHI assets via built-in asset discovery—no costly and complicated integration required.
  • Monitor changes to critical files with built-in file integrity monitoring (FIM).

§164.308 – Log-in Monitoring 

Procedures for monitoring log-in attempts and reporting discrepancies.
Relevant USMTM CapabilitiesBenefits of Unified Security ManagementTM
  • Host intrusion detection (HIDS)
  • SIEM
  • Built-in HIDS monitors all activity on critical files and systems.
  • Built-in SIEM correlates events that could signal policy violations such as unauthorized logins followed by additional security exposures such as data exfiltration.
  • Unified security management dashboards and reports facilitate audit reviews.

§164.308 – Protection from Malicious Software 

Procedures for guarding against, detecting, and reporting malicious software.
Relevant USMTM CapabilitiesBenefits of Unified Security ManagementTM
  • Vulnerability assessment
  • Network intrusion detection (NIDS)
  • Host intrusion detection (HIDS)
  • File integrity monitoring (FIM)
  • SIEM
  • Behavioral monitoring
  • Built-in vulnerability assessment discovers hosts and applications that may be vulnerable to malware and other exploits.
  • Built-in intrusion detection (NIDS and HIDS) detects and alerts on potential infections and exposures.
  • Built-in file integrity monitoring (FIM) alerts on changes to critical files which could signal malicious intent or malware infection.
  • Unified essential security delivers the security intelligence required to respond to and contain malware outbreaks.

§164.308 – Password Management

Procedures for creating, changing, and safeguarding passwords.
Relevant USMTM CapabilitiesBenefits of Unified Security ManagementTM
  • Vulnerability assessment
  • Host intrusion detection (HIDS)
  • File integrity monitoring (FIM)
  • SIEM
  • Built-in, automated vulnerability assessment identifies the use of weak and default passwords.
  • Built-in host intrusion detection and file integrity monitoring will signal when password files and other critical system files have been modified.
  • The built-in event correlation engine connect critical, yet related events across systems such as a password change followed by exfiltration of data from the same device.

§164.308 – Security Incident Response and Reporting

Identify and respond to suspected or known security incidents; mitigate harmful effects of known security incidents and document security incidents and their outcomes.
Relevant USMTM CapabilitiesBenefits of Unified Security ManagementTM
  • Vulnerability assessment
  • Network intrusion detection (NIDS)
  • Host intrusion detection (HIDS)
  • File integrity monitoring (FIM)
  • SIEM
  • Behavioral monitoring
  • Log management
  • Situational awareness
  • Built-in asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, and security intelligence—accelerates the incident response process.
  • Unified log review and analysis, with triggered alerts for high risk systems (containing ePHI).
  • Customized, action-oriented alerts which tell you exactly what to do next when responding to incidents
  • Integrated threat intelligence powered by AlienVault Labs acts like your own dedicated team of analysts.

§164.310 – Device and Media Controls

Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain ePHI.
Relevant USMTM CapabilitiesBenefits of Unified Security ManagementTM
  • Host intrusion detection (HIDS)
  • File integrity monitoring (FIM)
  • SIEM
  • Built-in HIDS will alert on policy violations such as attempted use of external storage media on critical systems (e.g. USB drives).
  • Built-in file integrity monitoring (FIM) captures anomalous changes to critical files containing ePHI.
  • Event correlation rules provide the situational awareness needed to identify the potential exfiltration of ePHI.

§164.312 – Encryption and Decryption 

Implement a mechanism to encrypt and decrypt ePHI.
Relevant USMTM CapabilitiesBenefits of Unified Security ManagementTM
  • Asset discovery
  • Behavioral monitoring
  • Host intrusion detection (HIDS)
  • Network intrusion detection (NIDS)
  • Automatically discover all ePHI assets via built-in asset discovery—no costly and complicated integration required.
  • AlienVault’s USM will detect and alert when encryption or decryption procedures are not implemented correctly.