The Federal Financial Institutions Examination Council (FFIEC)
requires financial institutions and their service providers to maintain effective security compliance management programs which provide availability of systems, confidentiality of data or systems, accountability and assurance. Federal Financial Institutions Examination Council (FFIEC) standards call for financial institutions to collect, retain and review logs and audit trails in such security and control areas as user access rights administration, firewall policy, and remote access.
The IT Handbook describes security controls implementation. EventTracker offers comprehensive features to satisfy these requirements.
Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 established the Consumer Financial Protection Bureau (CFPB) and authorizes it to supervise certain consumer financial services companies and large depository institutions and their affiliates for consumer protection purposes. The CFPB has been charged with the implementation of, examination for compliance with and enforcement of Federal consumer finance law.
CFPB compliance is focused on the consumer Examiners will review any practice that could be deemed to be unfair and deceptive if it is not clear to the consumer or could be construed as confusing to the consumer. From an IT standpoint, CFPB compliance is comparable to the practices described by the IT Handbook provided by the FFIEC.
EventTracker can monitor critical file and folder access and alert on cases where access is denied or on cases where access is unexpected. It also monitors all successful and failed logon attempts to all servers either locally or remotely. All administrator and user activity can be monitored.
EventTracker has deep integration with Active Directory and monitors all changes made by Admins to Group Policy and access rights. Selected files/folders of high value are monitored by the Change Audit component and all changes to access rights are detected and logged/reported.
EventTracker monitors authentication attempts from a wide variety of sources including Active Directory, local access to Windows workstations, remote access via VPN using Radius or AAA authentication, network devices such as Cisco, Checkpoint, Fortinet etc, access to VMware ESX or vCenter, access to databases including Oracle and SQL Server. Repeated failed attempts are correlated and generate alerts.
EventTracker monitors all network access from both local and remote locations by monitoring logs of firewalls, IDS/IPS, wireless access points and VPN concentrators. Reports include date/time, user, location, and duration.
- Logging and monitoring user or program access to sensitive system resources, including files, programs, processes, or operating system parameters
- Filtering logs for potential security events, and providing adequate reporting and alerting capabilities
- Activating and using operating system security and logging capabilities, and supplementing them with additional security software where supported by risk management process
- Restricting and logging access to system utilities, particularly those with data altering capabilities
- Monitoring operating system access by user; terminal, date, and time of access
Application logs in a wide variety of formats are monitored by EventTracker. Supported formats include log4j, text, csv, xml, w3c, evt/evtx and syslog (tcp and udp). Logs from custom applications are readily integrated by the development of suitable knowledge packs.
Remote Access via VPN concentrators using Radius or AAA authentication are logged and monitored by EventTracker providing complete details including date/time, user, location and duration. Repeated failed attempts are correlated and generate high priority alert notifications.