Archives

Posts Tagged ‘Data Retention Compliance’

How NetFlow Solves for Mandatory Data Retention Compliance

Compliance in IT is not new and laws regulating how organizations should manage their customer data exist such as: HIPPA, PCI, SCADA and Network transaction logging has begun to be required of business. Insurance companies are gearing up to qualify businesses by the information they retain to protect their services and customer information. Government and industry regulations and enforcement are becoming increasingly stringent.

Most recently many countries have begun to implement Mandatory Data Retention laws for telecom service providers.

Governments require a mandatory data retention scheme because more and more crime is moving online from the physical world and ISP‘s are keeping less data and retaining it for a shorter time. This negatively impacts the investigative capabilities of law enforcement and security agencies that need timely information to help save lives by early spotting lone-wolf terrorists or protect vulnerable members of society from abuse by sexual deviants, ransomware or other crimes online.

Although there is no doubt as to the value of mandatory data retention schemes they are not without justifiable privacy, human rights and expense concerns to implement.

It takes a lot of cash, time and skills that many ISP’s and companies simply cannot afford. Internet and managed service providers and large organizations must take proper precautions to remain in compliance. Heavy fines, license and certification issues and other penalties can result from non-compliance with mandatory data retention requirements.

According to the Australian Attorney-General’s Department, Australian telecommunications companies must keep a limited set of metadata for two years. Metadata is information about a communication (the who, when, where and how)—not the content or substance of a communication (the what).

A commentator from the Sydney morning herald qualified“…Security, intelligence and law enforcement access to metadata which overrides personal privacy is now in contention worldwide…” and speculated that with the introduction of Australian metadata laws that “…this country’s entire communications industry will be turned into a surveillance and monitoring arm of at least 21 agencies of executive government. …”.

In Australia many smaller ISP’s are fearful that failing to comply will send them out of business. Internet Australia’s Laurie Patton said, “It’s such a complicated and fundamentally flawed piece of legislation that there are hundreds of ISPs out there that are still struggling to understand what they’ve got to do”.

As for the anticipated costs, a survey sent to ISPs by telecommunications industry lobby group Communications Alliance found that  “There is a huge variance in estimates for the cost to business of implementing data retention – 58 per cent of ISPs say it will cost between $10,000 and $250,000; 24 per cent estimate it will cost over $250,000; 12 per cent think it will cost over $1,000,000; some estimates go as high as $10 million.”

An important cost to consider in compliance is the ease of data reporting when requested by government or corporate compliance teams to produce information for a specific ipv4 or ipv6 address. If the data is stored in a data-warehouse that is difficult to filter this may cause the service provider to incur penalties or be seen to be non-complying. Flexible filtering and automated reporting is therefore critical to produce the forensics required for the compliance in a timely and cost effective manner.

Although there are different laws governing different countries the main requirement of mandatory data retention laws at ISP’s is to maintain sufficient information at a granular level in order to assist governments in finding bad actors such as terrorists, corporate espionage, ransom-ware and pedophiles. In some countries this means that telcos are required to keep data of the IP addresses users connect to, for up to 10 weeks and in others just the totals of subscriber usage for each IP used for up to 2 years.

Although information remains local to each country and governed by relevant privacy laws, the benefits to law enforcement in the future will eventually provide the ability to have the visibility to track relayed data such as communications used by Tor Browsers, Onion routers and Freenet beyond their relay and exit nodes.

There is no doubt in my mind that with heightened states of security and increasing online crime there is a global need for governments to intervene with online surveillance to protect children from exploitation, reduce terrorism and to build defensible infrastructures whilst at the same time implementing data retention systems that have the inbuilt smarts to enable a balance between compliance and privacy rather than just a blanket catch all. There is already an available solution for the Internet communications component based on Netflow that assists ISP’s to quickly comply at a low cost whilst properly allowing data retention rules to be implemented to limit intruding on an individual’s privacy.

NetFlow solutions are cheap to deploy and are not required to be deployed at every interface such as a packet analyzer and can use the existing router, switch or firewall investment to provide continuous network monitoring across the enterprise, providing the service provider or organization with powerful tools for data retention compliance.

NetFlow technology if sufficiently scalable, granular and flexible can deliver on the visibility, accountability and measurability required for data retention because it can include features that:

  • Supply a real-time look at network and host-based activities down to the individual user and device;
  • Increase user accountability for introducing security risks that impact the entire network;
  • Track, measure and prioritize network risks to reduce Mean Time to Know (MTTK) and Mean Time to Repair or Resolve (MTTR);
  • Deliver the data IT staff needs to engage in in-depth forensic analysis related to security events and official requests;
  • Seamlessly extend network and security monitoring to virtual environments;
  • Assist IT departments in maintaining network up-time and performance, including mission critical applications and software necessary to business process integrity;
  • Assess and enhance the efficacy of traditional security controls already in place, including firewalls and intrusion detection systems;
  • Capture and archive flows for complete data retention compliance

Compared to other analysis solutions, NetFlow can fill in the gaps where other technologies cannot deliver. A well-architected NetFlow solution can provide a comprehensive landscape of tools to help business and service providers to achieve and maintain data retention compliance for a wide range of government and industry regulations.

Performance Monitoring & Security Forensics: The 1-2 Punch for Network and IT Infrastructure Visibility

Why NetFlow is Perfect for Forensics and Compliance

Netflow forensic investigations can produce the report evidence that can be used in court as it describes the movement of the traffic data even without necessarily describing its contents.

It’s therefore crucial that the Netflow solution deployed can scale in archival to allow full context of all the flow data and not just the top of the data or the data relating to one tools idea of a security event.

The issue with Forensics and flow data is that in order to achieve full compliance its necessary to retain a data warehouse that can eventuate in a huge amount of flow records.

These records, retained in the data warehouse may not seem important at the time of collection but become critical to uncover behavior that may have been occurring over a long period and to ascertain the damage of the traffic behavior. I am talking broadly here as there are so many different instances where the data suddenly becomes critically important and it’s hard to do it justice by explaining one or two case studies. Remember you don’t know what you don’t know but when you discover what you didn’t know you need to have the ability to quantify the loss or the risk of loss.

How much flow data is enough to retain to satisfy compliance?

From our experience it is usually between 3-24 months depending on the size of the environment and the legal compliance relating to data protection or data retention. For most corporates we would recommend 12 months as a best practice. Data retention in ISP land in some countries requires the ability to analyze traffic for up to 2 years. Fortunately disk today is cheap and flow is cost effective to deploy across the organization. There is more information about this in our Performance and Security eBook.

Once a security issue has been identified the flow database can be available to quantify exactly what IP’s accessed a system, the times the system was accessed as well as quantifying the impact on dependent systems that the host conversed with directly or indirectly on the network before and after the issue.

Trawling through huge collection of flow-data can be a lengthy task and its necessary to have the ability to run automated Predictive AI Baselining analytics and parallel Predictive AI Baselining analytics to gauge damage from a long term inside threat that could have been dribbling out your intellectual property slowly over a few months.

Performance Monitoring & Security Forensics: The 1-2 Punch for Network and IT Infrastructure Visibility

How to Achieve Security and Data Retention Compliance Obligations with Predictive AI Cyber Flow Analytics

Information retention, protection and data compliance demands are an important concern for modern organizations. And with data being generated at staggering rates and new entry points to networks (mobile devices, wireless network, etc.) adding their own levels of complexity, adherence to compliance obligations can prove challenging. In addition, when considering high profile network hacks such as the Sony, Dropbox and Target intrusions, it quickly becomes clear that no organization is immune to the possibility of having their systems compromised. This backdrop demonstrates the importance of finding a suitable network monitoring solution that is able to navigate the tightrope between meeting regulatory requirements without placing too much strain on hardware resources.

In this blog we’ll touch on two of these regulatory standards: the Health Insurance Portability and Accountability Act (HIPAA) and Supervisory Control and Data Acquisition (SCADA), and look at how Network Specialists can leverage NetFlow’s ability to provide insightful metrics that aid in the building of a water-tight security apparatus.

NetFlow and HIPAA

Few have greater concerns around information privacy than the health care industry. If compromised, medical records containing patients’ sensitive information can lead to disaster for both health care organizations and individuals. The Privacy Rule, as stipulated by HIPAA, addresses the data retention compliance and protection measures expected of health care organizations to ensure critical patient records remain safe, uncompromised and reliable.

One of these protection measures is the continuous monitoring of information systems to prevent security breaches or unintended exposure of information to the wrong people. NetFlow is ideal for monitoring and enforcing security by giving detailed insight into both local, inbound and outbound traffic. It also allows you to easily identify the nature of the traffic and see how traffic flows between devices as it traverses your environment.

NetFlow’s ability to detect and report on anomalies through analysis by a NetFlow analyzer can give health care organizations unmatched network visibility and data granularity. Its availability on most networking devices makes it ideal for deployment in and monitoring of large-scale environments such as hospitals and other health care facilities. Also, flow exports to NetFlow analyzers are comparatively lightweight, which makes it possible for organizations to collect and store network audit data for extended periods of time.

NetFlow and SCADA

SCADA is a standard that facilitates communication channels between remote equipment as a means to control their functions. Examples of SCADA at work are remote management of Heating Ventilation and Air Conditioning (HVAC) systems, industrial equipment and Closed Circuit Television systems. SCADA is a type of industrial control system (ICS). Security around SCADA-enabled systems are paramount to human safety, as typical utilization of SCADA include sewerage systems, power plant and water treatment facilities. Also, these management systems typically communicate via the Internet, making them vulnerable to hackers who may seek to use them as entry points into corporate networks.

NetFlow provides built-in support for SCADA and facilitates real-time monitoring and management of communication between remote devices, making it possible to take corrective action on-the-fly if needs be. It also enables users to make operational decisions based on both real-time and historic data that gives context to anomalies and events as they occur. Users are also able to perform functions remotely without visiting sites to perform updates and other maintenance tasks. By providing detailed and up-to-date information on business-critical systems, NetFlow is enabling businesses to be more proactive in the monitoring, management and maintenance of remote devices and systems.

Employing the right NetFlow reporting tool is key to manage compliance obligations

The missing link in leveraging the power of NetFlow in data retention and protection efforts is a powerful, comprehensive and robust NetFlow reporting tool. When considering your regulatory obligations, ensure that your choice of NetFlow reporting tool gives you the detailed, granular and contextual information you need to make insightful, data-driven decisions around the security, integrity and stability of your information assets.

8 Keys to Understanding NetFlow for Network Security, Performance & Overall IT Health