GPG-13 Compliance

Recording of Business Traffic Crossing a Boundary

Logcollect  analyzes network events and combines accounting data from other boundary devices to establish a record of all cross-boundary imports and exports. Raw accounting data is checked against applicable policy in real time, and alerts and reports are generated if any policy breaches or other malicious activities are detected.

Recording Relating to Suspicious Activity at The Boundary

Logcollect  analyzes the behavior of boundary traffic and immediately identifies any suspicious or unusual traffic. Alerts are generated and distributed in real time, and all raw data is made available for data mining and forensic analysis.

Recording on Internal Workstation, Server or Device status

Workstation, server and other device accounting data is collected and analyzed by Logcollect  in real-time. Logcollect  automatically detects when suspicious activity occurs, such as configuration changes; privileged access and unauthorized escalation; unexpected system and application restart; software installation and patch failures; removable media insertion and removal; sensitive file access and more.

Recording Relating to Suspicious Internal Network Activity

Logcollect  constantly monitors the behavior of users, networks, machines and applications. Alerts are generated in real-time, whenever any suspicious activity is detected, to indicate an external breach has occurred or an insider is acting maliciously.

Recording Relating to Network Connections

All connections made to a network are analyzed by Logcollect  including wireless, VPN and dial up. Logcollect  automatically detects and alerts on any suspicious activity, such as attempt to gain access or wireless network hacking attempts.

Recording on Session Activity by User and Workstation

Logcollect  monitors user activity across the network, including data access and communications. Logcollect  ensures that any security policy breaches or suspicious patterns of behavior are identified and alerted on in real time. The raw accounting data is also available in Logcollect  for reporting and ad-hoc analysis purpose.

Recording on Data Backup Status

Logcollect  monitors accounting data related to the status and operation of backup and restore process. Logcollect  can identify and generate alerts if an error in the backup and restore process occurs, such as failure to complete a backup/ restore, data corruption or deletion.

Alerting Critical Events

Logcollect  categorizes and prioritizes all the alerts it generates based on risk. Alerts can be viewed centrally via the Logcollect console using the dashboard view.

Reporting on The Status of the Audit System

Logcollect  enables all aspects of the audit process – from data collection to viewing, alerting and reporting – to be independently tracked and audited.

Production of Sanitized and Statistical

Management Reports Logcollect  ships with hundreds of compliance and security status and management reports, for example number of failed logons, number and type of intruders detected, average time to resolve the security incident, etc. The reporting function is highly configurable –existing reports can be amended or new ones written simply through the interface.

Providing a Legal Framework for Protective

Monitoring Activities Logcollect  is deployed and configured in accordance with the guidance recommended as a part of the overall risk management process. Throughout the accounting data collection process, Logcollect  ensures that all data is collected and analyzed for forensic validity.