SOC 2 Compliance | AlienVault

SOC 2 Compliance

Streamline Your Audit with One Unified
Solution for SOC 2 Compliance

TRUSTED BY THOUSANDS OF CUSTOMERS.
Career Builder
IPG Mediabrands
Dole Foods
Pappas Restaurants
Subaru
U.S. Air Force
Oklahoma University
THSB
Ziosk
Save Mart Supermarkets
High Plains Bank
Epsilon Systems Solutions
Pepco Holdings Inc
Lifespan Bioscience
Arcos Dorados Holdings
Bluegrass Cellular
Bank of Ireland
Hays Medical Center
Taylor-Morrison
National Film Board of Canada
Richland Washington School District
PWC
Delta Sonic
Shake Shack
Miami Parking Authority
JobReady
Subaru
Brookfield Zoo
Southwest Bank
Cintra
City of Fargo
Rainforest Alliance
HSB
Crawford Insurance
FoleyCAT
Pittsburgh Technical College
YMCA
Payoff
Apple Bank
Horizon Health Services
BAE Systems
Dominos
Food Services
GameStop
OshKosh
Steelcase
Tinder

TAKE A TEST DRIVE NOW:

Explore USM Anywhere with Our Online Demo!

Accelerate Your Way to Complying with the SOC 2 Security Principle

The Service Organization Controls 2 (SOC 2) is a highly-desired certification for any organization that delivers services, including SaaS-delivered solutions. The certification attests that an organization has implemented security controls in line with one or more of the following principles: security, availability, processing integrity, confidentiality, and privacy.

Many IT security teams find it difficult to successfully implement the many IT security controls required to comply with the SOC 2 Security Principle. Procuring each technology can be costly, and then successfully deploying, configuring, and then performing the daily management and monitoring of all the security controls can overwhelm even large security teams. This results in SOC 2 certification being out of reach for many organizations or a very long road (and time) to satisfy each of the Common Criteria.

AlienVault® Unified Security Management™ (USM) is a SOC 2 certified solution that helps you check many of the SOC 2 compliance requirements off your list as you work towards your next SOC 2 audit. In one affordable, easy-to-use solution, AlienVault USM combines the essential security controls you need to demonstrate compliance, including asset discovery, vulnerability assessment, log management, file integrity monitoring, and others. It also provides predefined compliance reports out of the box and automatic threat intelligence updates, helping you to stay in compliance with continuous security monitoring.

Unlike the effort to deploy and manage multiple other security controls solutions, it can take as little as one day to fully deploy the AlienVault USM platform for compliance management. You can centralize monitoring of all your on-premises, AWS or Azure cloud, and cloud applications, helping you to satisfy the common criteria required for SOC 2 compliance faster and ensure continuous security and compliance monitoring of all your environments. In addition to SOC 2, the AlienVault USM platform is also certified as PCI DSS and HIPAA compliant, giving you the assurance you need in a security monitoring platform for cloud, on-premises, and hybrid environments.

AlienVault USM delivers multiple SOC 2 compliance must-have security essentials in one unified solution, to help you to prepare for your next SOC 2 audit faster and more easily.

  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Threat and Intrusion Detection (IDS) across host, network, and cloud environments
  • File Integrity Monitoring (FIM)
  • Orchestrated Incident Response
  • Log Management
  • Security & Compliance Reports & Views
  • Integrated Threat Intelligence
  • PCI DSS Level 1 Service Provider
  • SOC 2 Type 1 Certified Compliant
  • Attestation of HIPAA Compliance
  • AWS Advanced Technology Partner
  • Microsoft Azure Certified


AlienVault Is Trusted & Verified

AlienVault makes compliance a top priority for your organization and for ours. We have adopted the NIST Cybersecurity Framework (CSF), aligning our security controls and processes with industry-proven security best practices.

We use our own USM platform to demonstrate and maintain compliance, working with third-party auditors to regularly test our systems, controls, and processes. AlienVault is certified compliant for several regulatory and cybersecurity standards, including PCI DSS and HIPAA, among others.

With the AlienVault USM platform, you can be assured of a secure, compliant product to monitor your on-premises and cloud environments and applications. You can request a copy of our compliance audit reports from your AlienVault sales representative.

Reviews of AlienVault Unified Security Management™ on  Software Reviews on TrustRadius

Everything You Need to Demonstrate SOC 2 Compliance in One Solution

The AlienVault USM platform delivers all of the following essential security capabilities in one unified solution for security and compliance management.

Asset Discovery & Inventory

Understanding what physical and virtual assets exist across your on-premises and cloud environments (including Azure, AWS, VMware and Hyper-V) is the first step to understanding your risk and is recommended to achieve compliance with Common Criteria Controls 3.2 and 4.1 of the SOC 2 Security Principle. The AlienVault USM platform automatically discovers and inventories all your critical on-premises and cloud assets. You can define custom asset groups that you can use to run vulnerability scans and reports.

Vulnerability Assessment

The ability to run quarterly (or more) vulnerability assessments is called out across Common Criteria Controls 3.2, 4.1, 5.8, 6.1 and 7.3 of the SOC 2 Security Principle. The AlienVault USM platform provides internal compliance vulnerability scan capabilities, so you can readily and regularly detect vulnerabilities as part of your compliance and security program.

Threat Detection

Knowing the presence of threats across your infrastructure is a requirement across several Common Criteria Controls. AlienVault takes a multi-layered approach to intrusion detection, providing out-of-the-box network intrusion detection (NIDS), host intrusion detection (HIDS), and cloud intrusion detection. Advanced event correlation compares anomalies and detected threats against the known state of your environment to generate relevant alarms while reducing false positives.

File Integrity Monitoring

File Integrity Monitoring is a best practice control to identify changes that are unauthorized or that may introduce vulnerabilities and risk to your organization. FIM is a best practice to meet Common Criteria Controls CC5.1, CC6.1, and CC7.4. As part of its host-intrusion detection system, the AlienVault USM platform includes file integrity monitoring (FIM) capabilities that can monitor changes to files, directories, and the Windows Registry.

Orchestrated Incident Response

With cybersecurity, time is not on your side, and with the proliferation of single-point security solutions in the marketplace today, it’s no surprise that IT teams struggle to efficiently monitor the security of their environments and to effectively respond to incidents. The need for an efficient incident response process is outlined in Common Criteria controls CC3.2, CC5.4 and CC6.2 to expedite the mitigation of identified threats and risks to your organization. The AlienVault USM platform integrates orchestrated security response across both internal and external IT security and management tools, such as isolating a system infected by malware from the network. These responses can be initiated manually or automatically in response to detected threats, dramatically reducing the time to respond and minimizing any risk exposure.

Log Management

The ability to collect events and logs from across your servers, services, and applications, and to consolidate them centrally for storage and analysis is a security best practice and is central to the log management capability of the AlienVault USM platform. It collects, parses, and analyzes log data from your on-premises and cloud environments, facilitates analysis and correlation to detect threats, and dramatically simplifies trend analysis and forensics investigations.

Security & Compliance Reports & Views

Reports, dashboards, and views are key components to performing day-to-day monitoring of your environment, presenting status to your management, and demonstrating to an auditor that your security controls are implemented and working. The AlienVault USM platform provides numerous security event, compliance, and security framework reports to support your efforts. Available reports include those for the NIST Cybersecurity Framework (NIST CSF), to which the AICPA has published a mapping that demonstrates how you can adopt NIST CSF to demonstrate SOC 2 Compliance.

Integrated Threat Intelligence

The SOC 2 Security Principle focuses on risk identification and remediation. Yet, to successfully identify and mitigate the risks from cybersecurity threats and vulnerabilities, any security tool (or security professional) needs to know what to look for and then how to mitigate that risk. The AlienVault USM platform is continuously updated with threat intelligence, including correlation directives, threat and vulnerability assessment signatures, report updates, and incident response templates, from AlienVault Labs Security Research Team, backed by the AlienVault Open Threat Exchange® (OTX™). This ensures that you can detect the latest cybersecurity threats and vulnerabilities quickly, and that the guidance on how to contain and remediate the risk is available to you automatically so that you don’t have to do the research yourself.

Discover How AlienVault USM Supports
SOC 2 Compliance

Control ID and Description

Relevant AlienVault Capabilities

Examples of How AlienVault USM Helps

CC3.2

The entity designs, develops, and implements controls, including policies and procedures, to implement its risk mitigation strategy

  • Asset Discovery
  • Vulnerability Assessment
  • Threat Detection (Network, Host & Cloud)
  • Incident Response
  • Threat Intelligence
  • Built-in asset discovery discovers physical and virtual assets running on-premises, and in cloud environments (including Azure, VMware, Hyper-V, AWS)
  • Regularly scheduled vulnerability scans identify vulnerabilities on assets across your on-premises and cloud environments
  • Vulnerabilities are ranked as high, medium or low priority to support prioritization for mitigation of risk
  • Uses machine learning and state-based correlation capabilities to detects threats
  • Classifies threats across a kill-chain taxonomy to inform the risk level of that threat
  • Monitors public and dark web sources for the trade or communication of stolen credentials
  • Provides information on recommended patches to identified vulnerabilities
  • AlienApps enables orchestrated manual and automated response actions to be executed to mitigate risks, such as blocking access to and from malicious domains with Cisco Umbrella (formerly OpenDNS), and blocking malicious IP addresses with Palo Alto firewalls
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that the latest vulnerability detection and remediation information is available within the USM platform

CC4.1

The design and operating effectiveness of controls are periodically evaluated against the Security Principle commitments and requirements, corrections and other necessary actions relating to identified deficiencies are taken in a timely manner

  • Asset Discovery
  • Vulnerability Assessment
  • Threat Intelligence
  • Asset discovery gathers information on deployed assets and controls, including what services are running and ports exposed, and helping to drive insights and monitoring of any shifts from baselines
  • Regularly scheduled vulnerability scans identify where deployed assets, systems, and software may be exposed to increased risk
  • Vulnerabilities are ranked as high, medium or low priority to support prioritization for mitigation of risk
  • Provides information on recommended patches to identified vulnerabilities
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that the latest vulnerability detection and remediation information is available within the USM platform

CC5.1

Logical access security software, infrastructure, and architecture have been implemented to support 
(1) identification and authentication of authorized users; 
(2) restriction of authorized user access to system components, or portions thereof, authorized by management, including hardware, data, software, mobile devices, output, and offline elements; and 
(3) prevention and detection of unauthorized access

  • Threat Detection (Network, Host & Cloud)
  • File Integrity Monitoring
  • Log Management & Reporting
  • Threat Intelligence
  • Network-, host-, and cloud-intrusion detection to provide continuous monitoring of your on-premises and cloud environments (AWS, Azure, Office 365, G Suite) to detect threats and anomalies, including ransomware and malware
  • Monitors successful and failed logon events to assets across your on-premises and cloud environments, as well as to cloud applications including Office 365 and G Suite
  • Identify changes to Office 365 policies including Data Leakage Protection (DLP), Information Management, Password Management, and more
  • As part of host-intrusion detection, File Integrity Monitoring detects and alerts you to changes and access to critical system and application binaries, configuration files, and Windows Registry entries on your mission critical servers.
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that the latest threat detection knowledge and correlation rules are available within the USM platform

CC5.3

Internal and external system users are identified and authenticated when accessing the system components (for example, infrastructure, software, and data)

  • Log Management & Reporting
  • Monitors successful and failed logon events to assets by internal and external users, including where authentication and authorization is handled by services like Okta or Azure Active Directory
  • Monitors user and administrator activities, including access and modification of files and content, in cloud applications such as Office 365 and G Suite

CC5.6

Logical access security measures have been implemented to protect against Security Principle threats from sources outside the boundaries of the system

  • Threat Detection (Network, Host, Cloud)
  • Incident Response
  • Threat Intelligence
  • AlienVault USM includes network-, host-, and cloud-intrusion detection to provide continuous monitoring of your on-premises and cloud environments - including AWS, Azure, Office 365, and G Suite - to detect threats and anomalies, including ransomware and malware
  • AlienApps enables orchestrated manual and automated response actions to be executed to mitigate risks, such as blocking access to and from malicious domains with Cisco Umbrella (formerly OpenDNS), and blocking malicious IP addresses with Palo Alto firewalls
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that the latest vulnerability detection and remediation information is available within the USM platform

CC5.8

Controls have been implemented to prevent or detect and act upon the introduction of unauthorized or malicious software

  • Vulnerability Assessment
  • Threat Detection (Host, Network, Cloud)
  • Threat Intelligence
  • Identify systems susceptible to known vulnerabilities, or that may not have antivirus installed and/or operational.
  • Monitor for indicators of malware-based compromise, such as communication to a known Command & Control (C&C, or C2) Server
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that the latest vulnerability detection and remediation information is available within the USM platform

CC6.1

Vulnerabilities of system components to security breaches and incidents due to malicious acts, natural disasters, or errors are monitored and evaluated and countermeasures are implemented to compensate for known and new vulnerabilities

  • Asset Discovery
  • Vulnerability Assessment
  • File Integrity Monitoring
  • Threat Intelligence
  • Asset discovery identifies assets, and Asset Groups dynamically group assets, such as all Windows assets, as well as allowing users to define their own asset groups
  • Regularly scheduled vulnerability scans identify vulnerabilities on assets across your on-premises and cloud environments
  • Vulnerabilities are ranked as high, medium or low priority to support prioritization for mitigation of risk
  • Presents availability of recommended patches for discovered vulnerabilities
  • As part of host-intrusion detection, File Integrity Monitoring detects and alerts you to changes and access to critical system and application binaries, configuration files, and Windows Registry entries on your mission critical servers
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that the latest vulnerability detection and remediation information is available within the USM platform

CC6.2

Security incidents, including logical and physical security breaches, failures, concerns, and other complaints, are identified, reported to appropriate personnel, and acted on in accordance with established incident response procedures

  • Threat Detection (Host, Network, Cloud)
  • Incident Response
  • Log Management
  • Uses machine learning and state-based correlation capabilities to detects threats
  • Classifies threats across a kill-chain taxonomy to inform the risk level of that threat
  • Monitors public and dark web sources for the trade or communication of stolen credentials
  • Security analysts can be notified of alarms through email or SMS, or through other applications including ServiceNow, Pager Duty, Slack, and Datadog
  • Alarms can be labelled to help avoid conflicts across teams, and to help identify status of an alarm
  • AlienApps enables orchestrated manual and automated response actions to be executed to mitigate risks, such as blocking access to and from malicious domains with Cisco Umbrella (formerly OpenDNS), and blocking malicious IP addresses with Palo Alto firewalls
  • Powerful search and analysis capabilities permit forensic analysis of aggregated log and event data from a central location

CC7.3

Change management processes are initiated when deficiencies in the design or operating effectiveness of controls are identified during system operation and monitoring

  • Vulnerability Assessment
  • Threat Intelligence
  • Regularly scheduled vulnerability scans identify vulnerabilities on assets across your on-premises and cloud environments
  • Highlights the availability of any recommended patches for discovered vulnerabilities
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that the latest vulnerability detection and remediation information is available within the USM platform

CC7.4

Changes to system components are authorized, designed, developed, configured, documented, tested, approved, and implemented in accordance with Security Principle commitments and requirements

  • File Integrity Monitoring
  • File Integrity Monitoring capabilities detect and alert you to changes and access to critical system and application binaries, configuration files, and Windows Registry entries on your mission critical servers, so you can verify if a change was authorized or not
SC Media 5-Star
CRN Security 100 2017
CRN Cloud PPG 2017
SC Magazine Awards 2017 Europe Winner
Forbes Cloud 100 2017
Deloitte Fast 500
Cybersecurity Excellence Awards Winner 2017
Watch a Demo ›
GET PRICE FREE TRIAL CHAT