AlienVault Achieves Compliance for PCI DSS, HIPAA, SOC 2

September 19, 2017 | John McLeod
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

There’s a phrase we’ve been using a lot lately at AlienVault about eating your own dog food. Kind of weird, I know. But, what that means in the world of a product company is to use your own product to test and prove the value of that product.

Six months ago, when AlienVault decided to pursue compliance for PCI DSS, HIPAA, and SOC 2 - well, we decided to eat our own dog food - to fully demonstrate our compliance using our own USM Anywhere product.

Today, I’m pleased to announce that AlienVault’s USM Anywhere product has achieved certifications for PCI DSS and SOC 2 Type I and 3rd party validation for HIPAA compliance. Additionally, coming very soon are certifications for SOC2 Type 2, ISO 27001 and a 3rd party validation of GDPR compliance.

How did we achieve certification so quickly? I’m a strong believer in lessons learned. Therefore, our director of security and I started the process by calling peers who had already achieved compliance certifications. We listened and learned about their path to success, and we used that knowledge to create our own plan. Then, our engineering and product teams “rolled up their sleeves” and executed the plan.

Compliance is one of the top reasons why our customers turn to AlienVault, and our achieving compliance certification against widely-accepted regulatory standards carries significant and ongoing benefits to AlienVault customers. Here’s how:

1. AlienVault customers have verified assurance in our ability to securely handle their data.

We built USM Anywhere—our cloud-based security monitoring solution—because we recognized the enormous value that a SaaS model could deliver to today’s resource-limited IT security teams: significant cost-savings in hardware and maintenance, a much faster deployment time, easier scalability and log retention, amongst many other benefits.

Yet, we also knew that even our most credulous users would need assurance that AlienVault was able to securely process, transmit, and store their security-related data in our cloud. Despite the fact that we are a 100% security-centric organization with a renowned security research team, sometimes it’s not enough to tell our users, “Hey, trust us. We know what we’re doing with your data.” As President Ronald Reagan famously stated, “trust but verify,” we want our customers to trust in us and ensure that they have a path to verify that trust.

Having successfully completed a third-party audit and earning compliance certifications lets AlienVault customers know that we are doing exactly what we say we are doing—that we have the security controls in place to continuously protect your data and ours. While it’s not a substitute for your own compliance certifications, it does mean that you can rely on our technology to assist in your own compliance efforts.

2. We’ve built a better product for compliance management.

As I mentioned above, our internal security and compliance team here at AlienVault used USM Anywhere to demonstrate compliance for certifications and continues to use USM Anywhere for “continuous compliance,” making them a tenacious internal customer with a direct vein to our engineering and product management teams. Throughout our compliance journey, these teams are working side-by-side to address any shortcomings or challenges in USM Anywhere that could impact our own compliance. As a result, our product team continues to make enhancements to USM Anywhere and roll out new features to our customers, including making it easier to organize log data and security events in an auditor-friendly way and more robust out-of-the-box compliance reports.

Going through the compliance journey ourselves gives us a deeper understanding and greater empathy for our customers’ compliance efforts, and it forces us to build a better product for our customer’s continuous compliance journey.

3. It’s easier, faster, and more affordable for AlienVault customers to prepare for their compliance audits.

Our motivation for achieving compliance certifications was to make it easier, faster, and more affordable for our customers to pursue their own compliance certifications. As I mentioned, many of our customers use the USM platform for compliance management, and we’ve designed USM Anywhere to support that effort.

AlienVault USM Anywhere simplifies and centralizes your compliance management onto a single pane of glass. It combines multiple essential security capabilities into one unified platform, giving you deep insight into your assets, vulnerabilities, and threats so that you can demonstrate compliance quickly, completely, and continuously. Our predefined compliance reporting capabilities make it even easier to demonstrate compliance by mapping the reports directly to the requirements as they are defined in the PCI DSS and HIPAA regulatory standards.

Tour our interactive online demo to learn more about the compliance management capabilities of USM Anywhere and how it can help you to accelerate your path to compliance certification.

John McLeod

About the Author: John McLeod, AlienVault
John is the CISO at AlienVault, responsible for cyber security in the enterprise and our products. John is a former Air Force Special Agent with over 20 years of experience in information security including but not limited to criminal, counter-intelligence, fraud and computer crime investigations. Prior to joining Alienvault, he served as the Director of Information security for National Oilwell Varco. His experience includes management roles for Halliburton, Mandiant, Guidance Software, and Mantech International. The US Intelligence community recognized him for his work in steganography. As a consultant, he responded to some of the highly publicized cyber-attacks, including: Moonlight Maze, Titian Rain, Night Dragon, TJX and Operation Aurora. He holds a B.S. in Information Systems Management from the University of Maryland University College, and M.S. in Network Security from Capitol College in Maryland. Additionally, he is a Certified Information Systems Security Professional (CISSP).
Read more posts from John McLeod ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL CHAT