Review: Intellicta brings issue tracking to compliance rules
Many organizations, such as those operating in, government or public utilities, are subject to strict regulations that are diligently enforced. Even groups working well outside of those realms are often subject to technical rulesets, such as PCI compliance for any entity that accepts credit cards, or the new General Data Protection Regulation (GDPR) that dictates exactly how personal information can be collected and stored electronically for organizations doing business in Europe. Even groups that completely escape all forms of mandated regulations can take advantage of best-practice guidelines such as]
There are important distinctions between compliance and security. They are meant to be mutually supporting, with compliance rules put in place to provide a good security baseline. But it’s possible to be completely in compliance with all applicable regulations, and still not be adequately secure. The reverse is also true. If an organization has deep security but is still not technically in compliance with applicable regulations, should a data theft occur, they will likely still be held responsible, sometimes financially, because of the lack of compliance.
And just like compliance and security are similar but different, so too are the skillsets used to implement them. Organizations can have a deep IT or cybersecurity staff that is unskilled with compliancy issues, or unpracticed in knowing exactly which regulations apply.
That is where the Intellicta Platform from TechDemocracy shines. The platform acts like a security information and event management (SIEM) console, but for compliancy issues. Installed as either an on-premises or cloud-based console, it pulls information from a series of network collectors and correlates that data into a continuously-monitored compliancy dashboard.
Set up and configuration
Setting up the platform on a network involves linking the console to data collectors, which can be almost anything, including physical access servers, active directory lists, firewalls, Hadoop data, application servers, customer databases or anything else that might factor into a compliance regulation. Pricing for the platform is based on the number of collectors that are needed to obtain a complete network picture, and TechDemocracy will help get everything set up so that no issues are missed. The entire process takes about two to three weeks, depending on the size of the network to be monitored.
Once configured, the platform must then be programmed so that it knows what compliance rules will be tracked. It comes with every major compliance ruleset in place and ready to go, so things like HIPAA in healthcare or PCI for retail are implemented in just a few minutes. Once those are in place, the platform allows administrators to create their own compliancy rules, such as requiring biometric building access as part of a human resources management system.
For the pre-set compliancy rules, everything is hardcoded into the system to prevent mistakes. For example, if personal data needs to be encrypted, then users can’t tell the system to ignore that rule on a system that is collecting customer names. However, TechDemocracy officials did say they would work with customers if they really wanted to tweak the rules (e.g., requiring all data breaches to be responded to within a week, even if the applicable regulations give 30 days).
Testing
Once the system was up and running in a test network, it immediately began to report on all kinds of compliancy issues. The system is smart enough to know exactly how compliancy rules and frameworks should be applied, citing both large violations (like data servers without adequate encryption) and small ones (such as an employee who gained access to the facility without first registering with an access control station).
Users can treat the Intellicta Platform much like a SIEM console, tracking down compliancy issues and fixing them as needed. As fixes are made, Intellicta adjusts its dashboard accordingly. It’s not quite done in real time, and instead is based on the schedule of data dumps from the collectors, though the company says that real-time monitoring and the ability to trigger instant scans is in the works for a future version of the program.
In addition to tracking individual issues, the program uses a proprietary algorithm to estimate the amount of revenue loss that each potential vulnerability or compliancy failure would generate. This is based on a lot of factors including the costs associated with cleaning up from an attack as well as expected fines and penalties that would be assessed if issues are exploited. Even relatively minor issues can have millions of dollars in consequences, so this statistic can be a real eyeopener.
More than just a compliancy issue tracker, Intellicta offers to provide context with the data in the form of relevant, pre-configured questions that IT staff or even managers and executives can ask. Some of these questions are fairly self-evident given the nature of the program, such as “Are we in compliance?” Others dive deeper into specific problems, including “Do we have enough IT staff?” or “Are our security services effective?” and “Are we ready for a disaster?”
The program is surprisingly good at correlating pertinent data and forming a conclusion, which it backs up with specific statistics and graphs to help prove its point. For example, when asked if we were resolving compliancy issues in our testbed, the answer was a resounding “No.” Intellicta went on to show that our test network had 362 compliancy issues, with only 41 of them resolved over the past three months, and only three that were being worked on. Data like this could be used to justify, for example, hiring more IT workers to help knock down issues more quickly, better training, or better prioritization of resources. Intellicta can’t solve problems like that, but can certainly identify them and explain how, if not why, they are happening.
Intellicta can also track compliancy issues over time. That way, if an organization hires more staff, for example, executives can see exactly what effect that move is having on compliancy issues over any set time period. And a compliancy-over-time report could also be used to help IT staff communicate their specific needs to executives, and with issues tied to real-world dollars in terms of risk.
The bottom line
Almost every compliancy framework was created with security in mind, yet each is fundamentally different and requires different skillsets to implement properly. The Intellicta Platform, or something like it, would be a definite requirement in any industry that is subject to regulations about how technology is employed, protected and used. Even without required frameworks, having something like Intellicta in place can ensure that compliance to best practice type documents provide a baseline for actual cybersecurity programs, measuring both their implementation and effectiveness.
In a world where every advantage counts, having the Intellicta Platform within an arsenal can make a significant difference for beleaguered defenders, spotlighting problems before a disaster or hack occurs, and ensuring that cybersecurity gets better over time.
Comments