AWS HIPAA Compliance | AlienVault

AWS HIPAA Compliance

Simplify AWS HIPAA Compliance with AlienVault USM Anywhere

TRUSTED BY THOUSANDS OF CUSTOMERS.
Career Builder
The New York Times
Dole Foods
Pappas Restaurants
Subaru
U.S. Air Force
Oklahoma University
THSB
Ziosk
Save Mart Supermarkets
High Plains Bank
Epsilon Systems Solutions
Pepco Holdings Inc
Lifespan Bioscience
Arcos Dorados Holdings
Bluegrass Cellular
Bank of Ireland
Hays Medical Center
Taylor-Morrison
National Film Board of Canada
Richland Washington School District
PWC
Delta Sonic
Shake Shack
Miami Parking Authority
JobReady
Subaru
Brookfield Zoo
Southwest Bank
Cintra
City of Fargo
Rainforest Alliance
HSB
Crawford Insurance
FoleyCAT
Pittsburgh Technical College
YMCA
Payoff
Apple Bank
Horizon Health Services
BAE Systems
Dominos
Food Services
GameStop
OshKosh
Steelcase
Tinder

TAKE A TEST DRIVE NOW:

Explore USM Anywhere with Our Online Demo!

Accelerate Your Path to HIPAA Compliance with AlienVault USM Anywhere

Traditional point security products aren’t sufficient for meeting AWS HIPAA compliance requirements and keeping up with today’s changing cyber security landscape. They’re costly, complex, challenging to manage, and in many cases incompatible with AWS. In fact, based on a LinkedIn survey (2016), 59% of respondents said their traditional security solutions work somewhat or not at all when it comes to monitoring cloud environments like AWS.

AlienVault® Unified Security Management™ (USM) is a cloud-native, scalable, and centrally managed collection of essential security capabilities, helping you satisfy the HIPAA Security Rule. Using its purpose-built sensor that integrates tightly with AWS APIs, USM Anywhere helps you to quickly identify suspicious or malicious behavior in your AWS environment.

The AlienVault USM platform delivers multiple security essentials to help you prepare for your next HIPAA audit faster and more easily, and in a single, unified platform:

  • Discover all your AWS environment assets, including OS details, while satisfying AWS scanning policies
  • Identify systems with vulnerabilities, understand which assets are high-, medium-, and low risk, and identify any available patches or workarounds
  • Intrusion detection detects threats including malware and ransomware that are active in your network with advanced, automatic correlation
  • Identify both successful and failed logon attempts, and monitor user and administrator activities
  • Speed incident response with built-in remediation guidance for every alarm, and integrated orchestrated responses that can be manually or automatically executed
  • Collect events from across your on-premises and cloud environments and cloud applications for analysis, and store them for at least 12 months
  • Be assured that you’re protected with continuously updated threat intelligence delivered automatically to the USM platform, including the latest correlation directives, vulnerability assessment signatures, IDS rules, guided threat responses and more
  • Easily report on security controls required for HIPAA requirements with predefined HIPAA reports, and the ability to create new custom reports and views to meet reporting requirements specific to your organization

AlienVault Is Trusted & Verified

AlienVault makes compliance a top priority for your organization and for ours. We have adopted the NIST Cybersecurity Framework (CSF), aligning our security controls and processes with industry-proven security best practices.

We use our own USM platform to demonstrate and maintain compliance, working with third-party auditors to regularly test our systems, controls, and processes. AlienVault is certified compliant for several regulatory and cybersecurity standards, including PCI DSS and HIPAA, among others.

With the AlienVault USM platform, you can be assured of a secure, compliant product to monitor your on-premises and cloud environments and applications. You can request a copy of our compliance audit reports from your AlienVault sales representative.


HIPAA Compliant

PCI DSS Level 1 Service Provider

SOC 2 Type 1 Certified

Threat Detection for Healthcare Organizations

According to the Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data (2016), 89% of healthcare organizations suffered a data breach. It’s impossible to stop a persistent attacker from penetrating even the most secure defenses. Therefore, it’s essential to detect and respond to attacks as quickly as possible.

At AlienVault, we help healthcare organizations of all sizes achieve world-class threat detection and meet AWS HIPAA compliance requirements without the headaches and huge expense of other solutions. Our unified approach puts hours back in your day with automated threat detection and integrated threat intelligence that eliminate manual, time-consuming log analysis and threat research.

AlienVault has helped healthcare organizations like Shriners Hospitals, Kaiser Permanente, and Novo Nordisk accomplish these key tasks:

  • Identify vulnerabilities on assets that store electronic protected health information (ePHI)
  • Maintain an audit log of who has accessed systems containing ePHI, helping meet audit management requirements
  • Identify systems communicating with malicious IPs or domains, a sign of possible compromise
  • Identify and respond to security incidents, including containment or remediation advice for every alert

Comprehensive Reporting and Log Management for HIPAA Compliance in AWS

HIPAA Standard § 164.312(b) — Audit Controls states that you must "Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information." AlienVault USM Anywhere provides built-in and customizable HIPAA reports, along with intuitive dashboards and customizable views, that simplify adherence to this standard with an easy-to-use interface.

HIPAA Compliance Standard § 164.312(c)(2) deals with data integrity and requires that any covered organization, “Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.” With its AWS-native sensor, USM Anywhere helps entities satisfy this requirement by providing mechanisms for collecting and analyzing host logs, data sent over syslog, AWS CloudTrail and AWS CloudWatch logs, and AWS S3 storage logs. Additionally, it will create events and meta data for event response prioritization, and future auditing and reporting.

alienvault labs

Actionable Threat Intelligence Delivered Directly to You

Most teams don’t have unlimited resources to research the latest threats in the wild. That’s why the AlienVault Labs Security Research Team works on your behalf to scour the global threat landscape for emerging latest attack methods, bad actors, and vulnerabilities that could impact your security. This team analyzes hundreds of thousands of threat indicators daily and delivers continuous threat intelligence updates automatically to your USM environment, in the form of actionable IDS signatures, correlation rules, remediation guidance, and more. With this integrated threat intelligence subscription, you always have the most up-to-date threat intelligence as you monitor your environment for emerging threat.

To provide deeper and wider insight into attack trends and bad actors, the AlienVault Labs Security Research Team leverages the power of the Open Threat Exchange® (OTX™)—the world’s first truly open threat intelligence community. This community of security researchers and IT professionals collaborate and share millions of threat artifacts as they emerge “in the wild,” so you get global insight into attack trends and bad actors that could impact your operations.

Learn More About Threat Intelligence ›

Discover How AlienVault USM Supports
HIPAA Requirements

HIPAA Standard

HIPAA Requirement

Examples of How AlienVault USM Helps

§164.308(a)(1) - Security Management Process
Implement policies and procedures to prevent, detect, contain, and correct security violations.

§164.308(a)(1)(ii)(A) - Risk Analysis

§164.308(a)(1)(ii)(D) - Information System Activity Review

  • Built-in asset discovery discovers assets running on-premises, and in cloud environments (including Azure, VMware, Hyper-V, AWS).
  • Identifies systems susceptible to known vulnerabilities, and ranks them as 'high', 'medium' and 'low' risk to aid prioritization.
  • Identifies patches or workarounds available to vulnerable systems.
  • Identifies where security tools, such as antivirus and firewalls, have been disabled or have failed to start.
  • Monitors access to and attempt to modify system and application binaries, configuration files, log files.
  • Monitors user and administrator activities in cloud environments such as Azure and AWS, and within cloud applications such as Office 365.
  • Continuously updated threat intelligence ensures that USM is operating with the latest correlation directives, vulnerability signatures, IDS rules, reports, guided threat response and more.
  • Aggregates, analyzes and archives logs and events from systems, applications and devices from across your on-premises and cloud environments.
  • Identifies logon success and failures.
  • Identifies privilege escalation attempts.
  • Identifies unauthorized attempts to access or modify key logs.

§164.308(a)(3) - Workforce Security 
Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information ..., and to prevent those workforce members who do not have access ... from obtaining access to electronic protected health information.

§164.308(a)(3)(ii)(A) - Authorization and/or Supervision

§164.308(a)(3)(ii)(C) - Termination Procedures

  • Monitor access attempts to critical files and data, and alarm when unauthorized attempts are detected.
  • Capture and monitor all login successes and failures to critical assets, particularly those containing electronic protected health information.
  • Monitor for logon or access attempts from the accounts of users who have been de-provisioned.

§164.308(a)(4) - Information Access Management
Implement policies and procedures to prevent, detect, contain, and correct security violations.

§164.308(a)(4)(ii)(C) - Access Establishment and Modification

  • Captures all user account creation and modification activities.
  • Identifies logon success and failures.
  • Identifies privilege escalation attempts.

§164.308(a)(5) - Security Awareness and Training
Procedures for monitoring log-in attempts and reporting discrepancies

§164.308(a)(5)(ii)(A) - Security Reminders

§164.308(a)(5)(ii)(B) - Protection from Malicious Software

§164.308(a)(5)(ii)(C) - Log-in Monitoring

§164.308(a)(5)(ii)(D) - Password Management

  • Provision for automated updates of USM infrastructure whenever updates are made available.
  • Continuously updated threat intelligence ensures that USM is operating with the latest correlation directives, vulnerability signatures, IDS rules, reports, guided threat response and more.
  • Identifies systems susceptible to known vulnerabilities, or that may not have antivirus installed and/or operational.
  • Identifies indicators of malware-based compromise, and enables orchestrated responses that can be automated or manually invoked to isolate infected systems and block malicious domains.
  • Monitors and stores events from antivirus solutions that could indicate a compromise, or attempt to disable antivirus software.
  • Monitors for changes to Office 365 policies including Information Management, and more.
  • Continuously updated threat intelligence ensures that USM is operating with the latest correlation directives, vulnerability signatures, IDS rules, reports, guided threat response and more.
  • Captures and enables monitoring of logon success and failures to systems, security devices, cloud environments, and more.
  • Identifies where new user and administrator accounts are created and deleted.
  • Monitors public and dark web sources for the trade or communication of stolen credentials.
  • Identifies use of default system accounts on Windows machines.
  • File Integrity Monitoring can detect changes and access to critical system and application files, and Windows Registry entries.

§1164.308(a)(6) - Security Incident Procedures
Implement policies and procedures to prevent, detect, contain, and correct security violations.

§164.308(a)(6)(ii) - Response and Reporting

  • Correlates events to detects threats
  • Generates alarms on threats, classifying them across a kill-chain taxonomy to inform the risk level of that threat.
  • Enables threat investigation and provides context to determine the nature of the threat.
  • Provides recommended incident response guidance to contain or remediate the threat.
  • Enables labels to be applied to alarms.
  • Security orchestration and response capabilities enable manual or automated incident response, driving actions with leading security and IT operations tools including Cisco Umbrella, Carbon Black, Palo Alto Firewalls, and more.
  • Enables creation of incident tickets within popular solutions like ServiceNow, directly from within the USM Anywhere console.
  • Continuously updated threat intelligence ensures that USM is operating with the latest correlation directives, vulnerability signatures, IDS rules, reports, guided threat response and more.

§164.308(a)(7) - Contingency Plan 
Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.

§164.308(a)(7)(ii)(E) - Applications and Data Criticality Analysis

  • USM Anywhere provides a fault resilient architecture that assures durability of all captured event and log data from your environments.

§164.312(a) - Access Control
Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.

§164.312(a)(2)(iii) - Automated Logoff

§164.312(a)(2)(iv) - Encryption and Decryption

  • Monitors for changes to Windows Group Policy and Office 365 policies that define automated logoff, session timeout, and access token timeout parameters.
  • Monitors for changes to Windows Registry or application configuration files that define encryption settings for protected health information.

§164.312(b) - Audit Controls
Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

  • Monitors for changes to Office 365 policies including Data Leakage Protection (DLP), information management, and more.
  • File Integrity Monitoring can detect modification attempts to applications or online storage containing electronic protected health information.
  • Unified log collection, review and analysis, with triggered alarms for high risk systems.

§164.312(c)(1) - Integrity
Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.

§164.312(c)(2) - Audit Controls

  • Monitors for changes to Office 365 policies including Data Leakage Protection (DLP), information management, and more.
  • File Integrity Monitoring can detect modification attempts to applications or online storage containing electronic protected health information.

§164.312(e)(1) - Transmission Security 
Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.

§164.312(e)(2)(i) - Integrity Controls

§164.312(e)(2)(ii) - Encryption

  • Discover unauthorized communications, such as between untrusted networks and systems within the cardholder data environment.
  • Monitors for changes to Office 365 policies including Data Leakage Protection (DLP), information management, and more.
  • File Integrity Monitoring can detect modification attempts to applications or online storage containing electronic protected health information.
  • Monitors for changes to Windows Group Policy and Office 365 policies that define automated logoff, session timeout, and access token timeout parameters.
  • Monitors for changes to Windows Registry or application configuration files that define encryption settings for protected health information.
SC Media 5-Star
CRN Partner Program Guide Winner 2017
SC Magazine Awards 2017 Europe Winner
Forbes Cloud 100 2017
Deloitte Fast 500
Cybersecurity Excellence Awards Winner 2017
Watch a Demo ›
GET PRICE FREE TRIAL CHAT