Integrating Machine and Human Workflows for Compliance Automation

Maintaining the security and compliance posture of a system requires automated machine workflows augmented with human workflows for oversight and change control. With the features added in the recent V2.9 release, Q-Compliance now enables you to create integrated machine and human workflow actions to monitor, detect, and remediate compliance issues. Continuously monitor your systems’ control compliance and effectiveness using data in Splunk that represents an accurate up-to-the-minute view of your IT environment.

Figure 1: System Continuous Monitoring

Let’s walk through a short example.  In Figure 1, we see that the “CM-08 Information System Component Inventory” control is failing.  Using Splunk’s alerting workflows in conjunction with an extensive library of prebuilt compliance analytics from Q-Compliance (shown in Figure 2), we have detected that there are unauthorized software installations on the devices in the Qmulos Windows system. Q-Compliance has built-in custom alert actions to automatically pass or fail security controls based on the findings detected by the analytics. 

Figure 2: Analytics and visualizations to detect compliance findings

System owners will be automatically notified of any alerts on the System Actions dashboard (shown in Figure 3) where they can drill into the alerts to see the details of the findings. Any controls that failed as a result of those findings will also be displayed along with the compliance scores so system owners can see how the findings have impacted their system’s overall compliance posture. In our example, the Qmulos Windows system owner can use the new ticketing feature in Q-Compliance to create a ticket to assign someone to investigate and remediate the discovery of unauthorized software on the Windows machines. In many cases, users install unapproved software because they have a legitimate use for it so it is important to put a human in the loop to investigate before trying to automatically remediate the issue. With its compliance analytics, custom alert actions, and ticketing features, Q-Compliance enables you to combine the speed and automation of machine workflows based on Splunk’s alerting framework with human workflows to make controlled changes for compliance automation.

Figure 3: System Actions and Workflows to Investigate and Remediate Compliance Findings

Combining and automating machine and human workflows in this way has enabled our customers to monitor all relevant technical controls in near-real time, achieving true ongoing assessment, and turning compliance into real operational security!