Indication of Compromise: Another Key Practice for GDPR Compliance
Last updated on: September 6, 2020
In this ongoing blog series on preparing for complying with the EU’s General Data Protection Regulation (GDPR), we’ve explained the importance of having solid, foundational security practices like asset management and threat prioritization. Today, we’ll discuss how another such practice can help organizations stay on the right side of GDPR: Indication of Compromise (IOC).
In a nutshell, IOC can help customers who are dealing with unauthorized access to customer personal data by an external threat actor or adversary. This makes IOC particularly relevant to GDPR’s stringent requirements for data integrity, control, accountability and protection.
To comply with GDPR, which goes into effect on May 25, companies worldwide — not just in the EU — must know what personal data of EU residents they have, where it’s stored, with whom they’re sharing it, how they’re protecting it, and what they’re using it for.
Qualys IOC and GDPR
The aim of the GDPR is to protect all EU residents from privacy and data breaches, which are increasingly caused by external threat actors or adversaries seeking financial gain.
Qualys IOC can help organizations by empowering security analysts to more quickly detect, investigate, research, and remediate external threats against computing systems that contain customer personal data, as well as the organization’s own sensitive data. This includes identifying modern non-malware and fileless attacks that are more easily able to bypass traditional endpoint prevention security technologies.
More specifically, Qualys IOC can help with two specific GDPR requirements:
- the ability of the organization to protect personal data
- complying with breach notification rules, for which the organization must know the extent of the breach in order to alert affected parties
GDPR doesn’t change how mature and lean-forward organizations have been implementing detection and response technology like Qualys IOC. However, it does change how those organizations that haven’t deployed such a technology need to implement it in a way that’s scalable, easy-to-use, cost effective, and non-impactful on their endpoint systems.
Qualys IOC: Cloud based, scalable, precise, versatile and intuitive
Let’s look at IOC in more detail.
Qualys IOC integrates endpoint detection, behavioral malware analysis, and pre-defined threat hunting techniques that incorporate a continuous view of an asset’s vulnerability posture along with suspicious activity monitoring.
With Qualys IOC, security analysts and incident responders can correlate endpoint activity with threat intelligence, network alerts, and sandbox analysis to quickly determine exactly when and where a compromise took place.
Key Qualys IOC benefits include:
- Unified agent event collection: Qualys IOC uses the Qualys Cloud Agent’s non-intrusive data collection and delta processing techniques to transparently capture endpoint activity information from assets on and off the network in a way that is more performant than query-based approaches or log collectors. This is the same agent used by other Qualys Cloud Apps, including Qualys Vulnerability Management and Qualys Policy Compliance, so there’s no need to deploy, configure and maintain an additional agent for Qualys IOC.
- Highly scalable detection processing: Threat hunting, suspicious activity detection, and OpenIOC processing is performed in the Qualys Cloud Platform on billions of active and past system events, and is coupled with threat intelligence data from Qualys Malware Labs to identify malware infections (indicators of compromise) and threat actor actions (indicators of activity).
- Actionable intelligence for security analysts: Customers can use pre-defined threat hunting rules and easily import indicators of compromise artifacts into widgets, dashboards, and saved searches to quickly verify threat intelligence, scale of infections, first-infected asset (“Patient Zero”), and timeline of compromises — even for assets that are currently offline or have been re-imaged by IT.
- Streamline investigations with a Single View of Asset: Qualys IOC creates a Single View of the Asset, showing threat hunting details unified with other Qualys Cloud Apps for hardware and software inventory, vulnerability posture, policy compliance controls, and file integrity monitoring change alerts for on-premises servers, cloud instances, and off-net remote endpoints. A single user interface significantly reduces the time required for incident responders and security analysts to hunt, investigate, detect, and respond to threats before a breach or compromise can occur.
In short, when an endpoint is infected and a breach happens, Qualys IoC helps you detect it faster, ideally before any damage is done and any information is stolen. For your organization’s overall security posture, and for GDPR compliance specifically, It’s critical to prevent intruders from prowling around inside your network undetected for months.
For more information on Qualys IOC, visit our website at qualys.com/ioc and sign up for a free trial at qualys.com/trial. To learn more about how Qualys solutions can help you become GDPR compliant, visit qualys.com/gdpr.
(Chris Carlson is Vice President, Product Management at Qualys)
Read Other Posts in the Countdown to GDPR Series:
- Reduce Your Risk
- Get 20/20 Visibility Into Your IT Assets
- Prioritize Vulnerability Remediation
- Assess Vendor Risk
- Manage Vulnerabilities
- IT Policy Compliance
- Secure Web Applications
- The GDPR deadline readiness and impact to global organizations outside the EU: webcast, summary blog post, and Q&A transcript
- Put FIM in Your GDPR Toolbox
There is one simple question: where we can find those IOC? And how to look for IOC periodically?