AWS HIPAA compliance

Traditional point security products aren’t sufficient for meeting AWS HIPAA compliance requirements and keeping up with today’s changing cyber security landscape. They’re costly, complex, challenging to manage, and in many cases incompatible with AWS. In fact, based on a LinkedIn survey (2016), 59% of respondents said their traditional security solutions work somewhat or not at all when it comes to monitoring cloud environments like AWS.

AlienVault® Unified Security Management™ (USM) is a cloud-native, scalable, and centrally managed collection of essential security capabilities, helping you satisfy the HIPAA Security Rule. Using its purpose-built sensor that integrates tightly with AWS APIs, USM Anywhere helps you to quickly identify suspicious or malicious behavior in your AWS environment.

The AlienVault USM platform delivers multiple security essentials to help you prepare for your next HIPAA audit faster and more easily, and in a single, unified platform:

• Discover all your AWS environment assets, including OS details, while satisfying AWS scanning policies
• Identify systems with vulnerabilities, understand which assets are high-, medium-, and low risk, and identify any available patches or workarounds
• Intrusion detection detects threats including malware and ransomware that are active in your network with advanced, automatic correlation
• Identify both successful and failed logon attempts, and monitor user and administrator activities
• Speed incident response with built-in remediation guidance for every alarm, and integrated orchestrated responses that can be manually or automatically executed
• Collect events from across your on-premises and cloud environments and cloud applications for analysis, and store them for at least 12 months
• Be assured that you’re protected with continuously updated threat intelligence delivered automatically to the USM platform, including the latest correlation directives, vulnerability assessment signatures, IDS rules, guided threat responses and more
• Easily report on security controls required for HIPAA requirements with predefined HIPAA reports, and the ability to create new custom reports and views to meet reporting requirements specific to your organization

HIPAA Standard § 164.312(b) — Audit Controls states that you must "Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information." AlienVault USM Anywhere provides built-in and customizable HIPAA reports, along with intuitive dashboards and customizable views, that simplify adherence to this standard with an easy-to-use interface.

HIPAA Compliance Standard § 164.312(c)(2) deals with data integrity and requires that any covered organization, “Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.” With its AWS-native sensor, USM Anywhere helps entities satisfy this requirement by providing mechanisms for collecting and analyzing host logs, data sent over syslog, AWS CloudTrail and AWS CloudWatch logs, and AWS S3 storage logs. Additionally, it will create events and meta data for event response prioritization, and future auditing and reporting.