HIPAA compliance

HIPAA, the Health Insurance Portability and Accountability Act was passed in the USA in 1996. The objective of the law was to create an approach to reduce the concerns for health insurance coverage, provide good access to health insurances, increase in health industry efficiency and protection the health information data in electronic form. The Act makes it mandatory that the involved stakeholders such as health care providers, clearinghouses, various health care plans, department of healthcare and other agencies should assure the patients that their data is secure along all dimensions of security.

File Integrity Monitoring

Achieving HIPAA compliance is a complex process, but maintaining it can often be even more cumbersome. LogPoint’s native FIM calculates the hash value of files, before and after changes could have been made so you will always be in control of your sensitive assets and get alerted whenever a new directory or file is created, deleted, renamed or altered in its content. Additionally, FIM also monitors any creation or deletion of the files and directories.

LogPoint SIEM use cases: File Integrity Monitoring

Log sources: FIM

Detecting Access to Systems

With LogPoint, you can easily detect users and systems accessing other systems along with other important contextual information such as the actions performed, the final status, or other entities used like IP addresses. Monitoring access control helps to verify users viewing systems and resources. LogPoint can detect activities such as failed and successful logins, various login attempts, users locked or unlocked.

Example

Failed login attempts

LogPoint SIEM use cases: Failed login attempts HIPAA
Query

label=Login label=fail | chart count() by user, source_address, message order by user

Authentication and Transmission Control

Simply put, authentication controls ensure that users are who they claim to be. This can include password-based authentication, public-private authentication, or two-factor authentication.

Transmission controls ensure that data transfers made outside of the organization are executed by authorized users. This requires the use of email with a private key, HTTPS file transfer, or the use of a VPN. To make audits of transmission controls easier, LogPoint can detect activities such as email, HTTPS, and VPN communications. LogPoint by design also enforces authentication and transmission control for data security by maintaining a proper authentication mechanism for user identity, maintained locally inside LogPoint or a remote authentication server such as LDAP and Radius.

Similarly, for transmission controls, LogPoint uses secure communication channels for interaction between an external object and LogPoint instance or between multiple LogPoint instances. A user accessing data inside LogPoint uses the HTTPS channel, while the communication between two LogPoint instances is protected inside a VPN tunnel.

Last but not least, LogPoint provides out-of-the-box support of data analytics components such as dashboards, alerts and reports, for a wide range of log data sources. Users can also use the power of the LogPoint taxonomy to build these contents from scratch.

Example

Successful logins

LogPoint SIEM use cases: Successful logins HIPAA

Log sources: Windows Server, Other authentication systems

Query

label=Login label=Successful | chart count() by user order by count() desc limit 10