• What is GDPR ?
    Stands for “General Data Protection Regulation”
    It is set to come into force in May 2018
    Proposed by the European Commission will strengthen and unify data protection
    for individuals within the European Union (EU)
    This also covers the export of personal data outside the EU
    Examples – IP address, customer details and transactions, biometric data, genetic or healthcare data
    Consists of 11 chapters, 99 articles, and 187 recitals
  • Why GDPR is so Important ?
    There are significant penalties involved in case of a data breach, or non compliance
    2 tiers of fines are:
    • Up to €10 million, or 2% annual global turnover – whichever is higher
    • Up to €20 million, or 4% annual global turnover – whichever is higher
    Infringements of the organisation’s obligations, including data security breaches,
    will be subject to the lower level, whereas infringements of an individual’s privacy rights
    will be subject to the higher level
  • Important Participants
    Processor (who uses the SIEM tool)
    means a natural or legal person, public authority, agency or other body which
    processes personal data on behalf of the controller
    Controller (the organization having data)
    means the natural or legal person,public authority, agency or other body which,
    alone or jointly with others, determines the purposes and means of processing of personal data
    Subject
    those for whom GDPR was written to protect.
  • Processor has Obligations too
    Damages claims from data controllers and data subjects - non-compliant
    data processors are also vulnerable to sanctions by the regulator
    From access and audit rights, to administrative orders and, ultimately,
    to fines of up to 4% of annual global turnover for certain breaches
    Processor has to notify without undue delay
    No exemptions, all data breaches have to be reported

IT Goals for GDPR Compliance.

Take the time to identity all sensitive data when starting your GDPR compliance project.
Companies need to know which data is relevant under GDPR, which systems contain those types of data, and which databases have specific combinations of sensitive data that place them at a higher risk.
Keep data subjects’ personal data separate from the rest of your enterprise’s data. Effective auditing can be done if the personal data is isolated from the rest of the data. Auditing user accesses, data modifications, and data deletion, and managing permissions to personal data is easier if the data is isolated.
Grant access to only those who are authorized to process the data. Keep an eye on the privilege permissions that are being granted. Establish proper measures to monitor the permission grants, privilege escalations, and user activities happening on the storage system where the personal data is stored.
The focus of the GDPR audit is to determine whether the organisation has implemented adequate policies and procedures to regulate the processing of personal data.
Additionally, the review will ensure that monitoring of personal data processing is carried out by such policies and procedures and identifying and controlling the risks to prevent data breaches.
Collect and analyze logs from perimeter systems such as firewall, WAF, web proxies.
Correlate with logs from endpoint systems such as Antivirus.
How you can quickly respond to a potential breach?
There are two ways to achieve fast incident response
(1) shorten the time to identify an illegitimate access to data, and
(2) reduce the time in stopping any violation against your security policies.

Top Actions from 99 Articles

Centralized Log Repository
Requirement
  • Under Article 25(2)
  • Detailed logging and monitoring of activity logs is one of the fundamental requirements of GDPR.
  • Non tampered logs to ensure the evidence is not tampered with.
  • Centrally available and easily searchable for forensics
Solution
  • KHIKA can ingest, index and store any type of log, even your custom application logs.
  • Provides full text search with lightening fast response
  • KHIKA ensures integrity of stored logs (non-tampered evidence records)
  • KHIKA provides a central storage and single plane of glass for log review
Auditing of log data
Requirement
  • GDPR requires auditing system to ensure Integrity, Security, Confidentiality of logs generated in your environment.
Solution
  • KHIKA’s ensured Integrity of stored logs by constantly performing checksums and alerting when checksums are altered (by unauthorized user).
  • KHIKA’s transmits logs over wire using SSL to ensure secure transmission.
  • KHIKA’s Granular access control ensures confidentiality and security.
  • KHIKA Audits all the user activities within itself and provides out-of-box granular audit activity report.
Create and Manage records and detailed reporting
Requirement
  • Under Articles 25,32,33,34,35,44
  • GDPR demands to create and manage records of private data accessed by all stakeholders and provide detailed reporting on the access patterns.
  • GDPR demands to create and manage records of changes in systems and network that may affect security of the private data.
Solution
  • KHIKA can collect and store logs/data from all network assets and applications.
  • The logs capture access patterns and provide out-of-box reports to understand
    • Who has access to sensitive data.
    • Who has actually accessed the sensitive data.
    • The changes to configuration that may affect the security of the private data.
Personal information to be encrypted in transit
Requirement
  • Under Articles 32(1), 34
  • GDPR requires that the personal information must be sent in encrypted form over the wire.
Solution
  • KHIKA can analyze traffic without DPI by using flows and identify the layer-7 traffic. The non-SSL traffic can be spotted without using expensive DPI techniques (this feature is under development).
  • KHIKA can also provide useful reports on firewall indicating protocol and ports used. This reports are useful to identify the non-SSL traffic (outbound traffic on ports other than 443 from critical systems).
Monitoring systems for assets with private data
Requirement
  • Under Articles 25(2), 32(1)(b), 32(1)(d),33(2), 33(3)(a), 34, 44
  • GDPR requires that the systems with private data must be monitored.
Solution
  • KHIKA can monitor every single system under its purview to cover following comprehensive aspects
    • Security and hardening policies (Security Configuration Assessment).
    • Real Time Logs and log correlations.
    • Configuration changes
    • File Integrity Monitoring (FIM)
    • Host Based Intrusion detection system (HIDS)
Detection : Real Time Alerting
Requirement
  • Under Article 33(2), 33(3), 34
  • GDPR requires organization to monitor and alert in real-time to suspicious activities, attacks and breaches.
Solution
  • KHIKA’s state-of-art correlation engine captures threats, changes and suspicious behavior in real-time.
  • KHIKA provides complimentary Threat Intelligence feeds (community based) that can be correlated in real time with your organization’s data.
  • KHIKA can correlate across data sources and devices to generate limited number of actionable alerts.
Who accesses privileged accounts and sensitive information
Requirement
  • Under Article 25(2)
  • GGDPR requires you to monitor privileged accounts and the activity done by these accounts.
Solution
  • KHIKA provides out of box reports on activities performed by privileged users.
  • KHIKA can integrate with PIM tools to provide more context on privileged access monitoring.
The means to secure assets
Requirement
  • Under Articles 32(1)(b), 34, 44
  • GDPR requires auditing system to ensure Integrity, Security, Confidentiality of logs generated in your environment.
  • Security Configuration Assessment of all the network assets is vital as a weak configuration of a single system on network can compromise the security posture of entire network.
  • Organizations are required to have strong hardening policies for network assets and ensure its enforcement.
Solution
  • Organizations are required to have strong hardening policies for network assets and ensure its enforcement. Examples:
    • Are USB drives enabled/disabled?
    • Are guest users enabled on the server?
    • Do we have local administrator account enabled?
    • If password length is set to more that 10 characters?
    • Is logging enabled to appropriate level?
    • Is password age set to 90 days or less? etc..
Mechanism for identifying, reporting and responding to a breach
Requirement
  • Under Articles 32(1)(c), 33(2), 34
  • GDPR requires you to identify, report and respond in case of a breach.
Solution
  • KHIKA’s state-of-art alerting and correlation engine helps to identify attacks and breaches in real time.
  • The non-tampered data repository captures all the evidence required for reporting, in case of a breach.
  • KHIKA can integrate with orchestration tools to respond automatically after an attack or a breach has happened.

Our Solutions for GDPR Articlewise.

Data protection by default

Only personal data which are necessary for each specific purpose of the processing are processed.
Requirement
  • the amount of personal data collected
  • the extent of their processing
  • the period of their storage
  • their accessibility
Solution
KHIKA:
  • monitors the Accessibility of data via privileges tracking of users, database auditing of critical data, file folders tracking for objects, Logs and Configuration files integrity checking for data tampering
  • stores the data only for the period of storage predecided
KHIKA reports:
  • Object Access Report by User
  • Distgroup members Modified Report
  • Distgroup members Created Report
  • SecurityGroup members Report (Created, Modified, deleted)
  • Windows AD GPO Activities Report
  • Report_Firewall_User_Access and many more

Security of Processing

The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
Requirement
  • The pseudonymisation and encryption of personal data.
Solution
KHIKA can:
  • analyze traffic without DPI by using flows and identify the layer-7 traffic. The non-SSL traffic can be spotted without using expensive DPI techniques
  • also provide useful reports on firewall indicating protocol and ports used. This reports are useful to identify the non-SSL traffic (outbound traffic on ports other than 443 from critical systems)

Security of Processing

The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
Requirement
  • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
Solution
KHIKA can:
  • provide Non tampered data storage.
  • monitors, reports and tracks runtime critical Personal and important data stored in the Organisation's Databases via Database Auditing, Tracking Access to Objectsand User Activities.
KHIKA reports:
  • Log Integrity Report
  • File Integrity Report
  • Database Command Execution Summary Report
  • Database Dropped Objects
  • Oracle Schema Audit
  • Oracle Hardening and many more

Security of Processing

The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
Requirement
  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident / breach.
Solution
KHIKA provides:
  • High Availability Architecture.
  • Backup and Restoration Procedure (Data)

Security of Processing

The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
Requirement
  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Solution
KHIKA can do continuous monitoring of data in:
  • Storage
  • Peripheral Protection devices
  • Data Sources / End Points
KHIKA reports:
  • Communication with malicious IP for firewall
  • VPN connection Activities
  • Attack on Firewall
  • Report_Firewall_Access_Denied
  • Firewall_Inbound_Outbound_Traffic
  • Endpoint Devices log monitoring for data in use on Data Sources and many more

Notification of a personal data breach to the supervisory authority

Requirement
  • The processor shall notify the controller without undue delay after becoming aware of a personal data breach.
Solution
In KHIKA:
  • Alerts are triggered when critical events occur and emails are sent to stakeholders, as they happen, to take prompt action.
KHIKA reports:
  • Realtime Alerting in KHIKA - triggers alerts and sends emails / creates report for critical events and many more

Notification of Nature of a personal data breach to the supervisory authority

Requirement
  • Nature of personal data breach, categories and approx number of data subjects concerned, categories and approx number of personal record concerned
Solution
KHIKA provides:
  • Alerts Report provides the statistics of suspicious behaviour / breach required in this section.
  • In Addition, (breach module) Details of breach, attempt of breach and related critical events shall be alerted and reported via - Continuous monitoring of data in Storage, Peripheral Protection devices and Data Sources / End Points. Data correlated with Threat Feed.
KHIKA reports on Firewall Reporting:
  • System Activities of Network Admin, Firewall, Rule changes.
  • Attack on Firewall
  • VPN Access Request made from External Network
  • VPN_Security_report
  • Report Firewall Content Blocked (Cyberroam)
  • Firewall Inbound Outbound Traffic
  • Report Firewall bandwidth Consumption and many more
KHIKA reports on IPS Reporting:
  • IPS Events Report
  • Report Malicious Communication
  • Report Filelog Malware Event
  • Report Directionwise Traffic
  • Report IPS Alerts
  • Ransomware Attack Detection
  • DNS Attack Detection and many more

Communication of a personal data breach to the data subject

Requirement
  • When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
Solution
KHIKA provides:
  • In addition to realtime Alerting, Identification and notification of a breach within 24 hours happens via: Organisation's Databases , Database Auditing, Tracking Access to Objects and User Activities.Tracking of endpoint protection devices like Firewall, IPS etc.
KHIKA reports:
  • Database Dropped Objects
  • Oracle Schema Audit
  • Ransomware Attack Detection
  • DNS Attack Detection
  • Communication with malicious IP for firewall
  • VPN connection Activities and many more

Data protection impact assessment.

Requirement
  • Controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.A single assessment may address a set of similar processing operations that present similar high risks.
  • A systematic description of the envisaged processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by the controller.
  • An assessment of the risks to the rights and freedoms of data subjects referred to in paragraph.
  • The measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation taking into account the rights and legitimate interests of data subjects and other persons concerned.
  • An assessment of the necessity and proportionality of the processing operations in relation to the purposes
  • Where necessary, the controller shall carry out a review to assess if processing is performed in accordance with the data protection impact assessment at least when there is a change of the risk represented by processing operations.
Solution
KHIKA provides:
  • Enrichment of Important Personal Data with identification such as Locations, Security Risk Level, Personal Identification Information (PIN) can be done in KHIKA to the integrated and stored logs information

General principle for transfers

Requirement
  • The controller and processor follow general principles of transfer(of GDPR), including for onward transfers of personal data from the third country or an international organisation to another third country or to another international organisation.
Solution
KHIKA provides:
  • Privileged User Access Tracking to Data
  • Database Auditing and Monitoring for Access and Modifications.
KHIKA reports:
  • Object Access Report by User
  • Object Access Report by Object
  • Distgroup members Modified Report
  • SecurityGroup Report
  • Windows AD GPO Activities Report and many more