Under HIPAA, federal law requires that all health organizations protect their Patient Health Information (PHI). These organizations must establish a comprehensive information security program that includes cybersecurity controls to protect PHI.
Properly addressing HIPAA includes meeting more than 150 individual requirements within its comprehensive security legislation which can be overwhelming for security analysts. One of the most challenging areas of HIPAA revolves around collection, retention, and use of network and log data.
Perch’s co-managed SIEM takes information from across the board and analyzes the activity to protect your PHI. Perch protects your PHI by monitoring, reporting, and taking action on threats posed against your data without adding complexity or additional IT headcount. The Perch SOC provides tier-1 support and manages your alerts. We can either augment your existing Security Operations Center (SOC) or do the heavy lifting for you, 24/7.
Learn More
The Gramm-Leach-Bliley Act (GLBA) requires banks, credit unions, and other financial services firms (all those engaging in certain financial activities) to protect consumer information regarding financial privacy. The GLBA outlines when a financial services firm is able to disclose a consumer’s Non-Public Personal Information (NPPI) to nonaffiliated third parties. GLBA mandates that these organizations have a protocol in place in order to protect consumers against unauthorized access, use, disclosure, etc. of their customer records.
Tasked with regulatory oversight of GLBA, the Federal Financial Institutions Examination Council (FFIEC) requires financial services organizations to have a comprehensive information security program in place that addresses cybersecurity according to their size and complexity.
Perch removes the necessity of having multiple security products and provides you with peace-of-mind. Everything you need for comprehensive threat detection and analysis is included: intrusion detection (IDS), threat intelligence platform (TIP), log storage with configurable retention (SIEM), and managed Security Operations Center (SOC). Using threat intelligence from the FS-ISAC and NCU-ISAO, Perch is able to detect and respond to specific threats targeting the financial sector.
Learn More
As of January 1, 2018, all government contractors are required to fully implement the National Institute of Standards and Technology's (NIST) SP 800-171. This includes establishing an information security program to protect the confidentiality of all information, including Controlled Unclassified Information (CUI).
NIST SP 800-171 is split into 14 overall sections, all of which are requirements for compliance. Any failure to meet these compliance requirements will result in the loss of contract in addition to possible fines and penalties.
Unfortunately for many small DOD contractors, meeting the NIST SP 800-171 guidelines is nearly impossible on their own. However, these organizations are able to partner with an IT managed services provider to assist with compliance.
To protect your CUI, Perch's co-managed SIEM takes information from logs and network data and analyzes the activity. Perch safeguards your CUI by monitoring, reporting, and acting on threats against your data without adding complexity or the need to have additional staff. The Perch SOC provides tier-1 support and manages your alerts. We can either supplement your existing Security Operations Center (SOC) or do the nitty gritty for you.
The Cyber Security Framework (CSF) was developed by the National Institute of Standards and Technology (NIST) as a response to President Obama’s Executive Order 13636 to strengthen and standardize critical infrastructure security within the United States. It’s a reference tool that provides guidance for security practitioners as they work to improve their organization’s cyber security posture.
Organizations can use the CSF to create their own security program as well as map their controls and processes.
- Threat detection – anomalies and events
- Open threat intelligence ecosystem to ingest threat intel from multiple sources
- Continuous security monitoring for the network and logs
- Detection and response procedures to reduce or eliminate emerging threats
- Security orchestration to quickly respond to any incident
- SIEM and log management to solve regulatory and compliance requirements
The Cybersecurity Maturity Model Certification, or CMMC, is an effort to speed up the adoption of mature cybersecurity practices and prevent false compliance claims arising from DFARS. CMMC outlines 17 capability domains across 5 maturity levels, ranging from “Basic Cybersecurity Hygiene” to “Advanced.”
Organizations doing business with the Department of Defense will be required to meet certain CMMC compliance levels and undergo a thirty-party audit prior to any contract award (pre-award certification). If you’re an MSP, that means your DoD contract clients will be looking for help in maturing their cybersecurity stack.
Perch’s co-managed SIEM and threat detection, backed by our 24/7 SOC, can help you gain maturity across the following 6 domains, ensuring you or your clients have a solid start on your CMMC journey:
- (AC) Access Control
- (AU) Audit and Accountability
- (IR) Incident Response
- (SA) Situational Awareness
- (SC) System and Communications Protection
- (SI) System and Information Integrity