Sarbanes-Oxley Compliance

Demonstrating SOX Compliance is still too Manual

Sarbanes-Oxley IT compliance has driven public companies and the vendors who provide them a variety of services to adopt stringent IT controls based on ITIL, COBiT, COSO, ISO 17799, BS-7799 and other best practices frameworks for IT operations and security. Demonstrating these controls has become a huge burden for IT operations, who are inundated with ad hoc requests to report on everything from firewall to wireless access point activity. The technologies used to implement these different controls all log in different locations and formats and produce massive volumes of data. Administrators need to log into different servers and tools and write one-off scripts in order to satisfy auditor requests. Additionally, the routine review of log data that is one of the explicit controls required by all of the security frameworks takes hours of manual analysis every day.

Automate Reporting, Respond Immediately to Auditor Requests

Splunk indexes all of the data that is generated by every technology deployed for SOX compliance to enable instantaneous retrieval of any information requested by IT auditors. Searches and reports can be scheduled and added to dashboards to automate the verification of control effectiveness. An intuitive Web interface, automated classification and interactive filters and histograms automate and improve the effectiveness of daily log review controls, saving hours per day and eliminating significant operational and security risk.