Mission critical systems with sensitive or classified information need to have a comprehensive auditing capability to detect anomalous activities and attacks, identify misuse or exploitation of information resources, and support forensic analysis, investigations, and official inquiries. Q-Audit, Qmulos’ real-time auditing solution powered by Splunk, provides an enterprise-grade solution that meets all of these requirements while being fast to install and configure, easy to operate and maintain, and flexible to accommodate evolving standards and new data sources. Q-Audit satisfies the most stringent audit standards, is built upon a solid audit policy that is defensible and implementable, and provides security value through actionable insight.

Based on the Gold Standard for Audit Events

Q-Audit is built in accordance with the Intelligence Community Standard (ICS) 500-27 Enterprise Audit. ICS 500-27 was developed to ensure that intelligence systems are monitoring privileged activities to identify potential events of concern and is a required component of Insider Threat programs in the intelligence community. This standard is considered a best practice and gold standard for enterprise audit for both federal agencies and critical infrastructure sector companies. The standard specifies a prescriptive policy for the required audit events, as well as a standard set of metadata for each event.

Real-Time Event-Driven Audit Analytics

Built on top of Splunk’s massively scalable data-to-everything platform, Q-Audit can integrate with any cybersecurity tool, application, device, and platform from on-premises or in the cloud to monitor the events required for auditing. Q-Audit uses this real-time data to drive the analytics, visualizations, and alerts built specifically for the event families and events defined in ICS 500-27. The visualizations provide at-a-glance trends with granular drill-downs to monitor and alert on auditable events and audit sources.

Identify and Investigate Risky or Malicious Behavior

Q-Audit’s analytics help to identify attacks, anomalies, outliers, and risky behavior. The risk scoring algorithms automatically score users and hosts to identify potential insider threats or high value individuals and assets that may be targets of external attacks. Once these suspicious activities are identified, use the User/Host Investigation capabilities to investigate if they are malicious events or just users with poor cyber awareness exhibiting risky behavior. To make things even more actionable, Q-Audit integrates with Q-Ticket, another Qmulos Splunk application, to allow users to create and track service tickets to investigate risky users and hosts.

You are now leaving Qmulos

Qmulos provides links to web sites of other organizations in order to provide visitors with certain information. A link does not constitute an endorsement of content, viewpoint, policies, products or services of that web site. Once you link to another web site not maintained by Qmulos, you are subject to the terms and conditions of that web site, including but not limited to its privacy policy.

You will be redirected to
in 7 seconds...

Click the link above to continue or CANCEL