Sarbanes-Oxley Act (SOX) is overseen by the US Securities and Exchange Commission (SEC) and safeguards against accounting errors and fraud management practices. The regulation was a response to corporate accounting scandals of 2001 and 2002, offering consumers protection from unscrupulous acts by public companies and their accounting firms. SOX applies to publicly traded companies that are listed on US-based financial exchanges and some private companies.

Section 302 of the Sarbanes-Oxley Act requires that the Chief Executive Officer and the Chief Financial Officer must certify that they:

• Are responsible for establishing and maintaining internal controls.
• Have designed such internal controls to ensure that material information (about the company and its subsidiaries) is made known to such officers by others within those entities.
• Have evaluated the effectiveness of the (company’s) internal controls as of a date within 90 days prior to the report (in which their certification appears).
• Have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date.

Section 404 requires that each company annually assess “the effectiveness of the internal control structure and procedures... for financial reporting” for purposes of its annual “internal controls report.”

Section 409 of SOX contains an ongoing requirement to quickly report unfolding events that may affect the company’s financials or operations. It also requires companies to disclose to the public “on a rapid and current basis” any information concerning material changes to financial conditions or operations of the company. From an IT perspective, this may require companies to report a breach of security or a security vulnerability that might materially affect a company’s financial conditions or operations.

Activeworx’s real time event collection, correlation, reporting and alerting provides essential data to company managers who face real jeopardy in the face of SOX violations. Enterprise data in the form of log files provides critical insight into the use of corporate assets, risks and IT performance. In addition to servers and applications, much valuable information comes from mining the log data from corporate firewalls, VPN concentrators, web proxies, IDS systems, E-mail servers, backup systems and syslog devices. Activeworx’s heterogeneous collectors can collect some or all pertinent information from a wide range of sources.

To help automate the process of using log data to evidence and enforce business and IT policies for SOX, Activeworx Audit Logging engine collects raw events in excess of 50,000 EPS, encrypted and compressed and writes them as check summed flat files for historical storage. These logs can be saved for a month, a year, or forever, and can always be accessed and reported on. In addition, Activeworx delivers more than 100 compliance tasks, reports, alerts and correlation rules out of the box for application to current or historical data.

Activeworx reports can be based on many aspects from specific devices, groups of devices, classifications, or even specific actions such as after hour’s logon activity. Its reporting engine is also optimized for speed and size, is 64 bit compatible and allows the ability to easily add reporting filters to custom tailor the reports for any environment.

Activeworx SOX Benefits

• ROI - Typical return on investments (ROI) of 1-3 months based on reduced or eliminated consulting, personnel and infrastructure costs.
• Easy Deployment - No consultancy or rules writing required — eliminating deployment and set-up costs normally incurred with typical security event management solutions
• Ease of reporting and customization - Reports load in seconds and immediately start generating results on terabytes of log data.
• Sustainable compliance - Significant reduction in risk by delivering real-time, automated alerting on policies and controls.
• Data Integrity Protection - Collection of logs in raw format provides proof of the integrity of log data for purposes of attestation and litigation. Many current solutions (homegrown and security information and event management) damage and reduce infrastructure data when processing it. They also fail to deliver a way of systematically capturing and securely storing critical infrastructure data spread across the enterprise (and, of enforcing and evidencing this process).
• Security - Reports and alerts show that all network security devices, including firewalls and IDS systems, have been configured appropriately to allow only the requested and approved traffic in and out of the network
• Monitoring and Reporting - Reports and alerts to allow customers to continuously monitor the IT infrastructure for any security violations.