News and blog
NXLog main page
  • Products
    NXLog Platform
    Log collection
    Log management and analytics
    Log storage
    NXLog Community Edition
    Integrations
    Professional Services
  • Solutions
    Use cases
    Specific OS support
    SCADA/ICS
    Windows event log
    DNS logging
    MacOS logging
    Solutions by industry
    Financial Services
    Government & Education
    Entertainment & Gambling
    Telecommunications
    Medical & Healthcare
    Military & Defense
    Law Firms & Legal Counsel
    Industrial & Manufacturing
  • Plans
  • Partners
    Find a Reseller
    Partner Program
  • Resources
    Documentation
    Blog
    White papers
    Videos
    Webinars
    Case Studies
    Community Program
    Community Forum
  • About
    Company
    Careers
  • Support
    Support portals
    Contact us

NXLog Platform
Log collection
Log management and analytics
Log storage
NXLog Community Edition
Integrations
Professional Services

Use Cases
Specific OS support
SCADA/ICS
Windows event log
DNS logging
MacOS logging
Solutions by industry
Financial Services
Government & Education
Entertainment & Gambling
Telecommunications
Medical & Healthcare
Military & Defense
Law Firms & Legal Counsel
Industrial & Manufacturing


Find a Reseller
Partner Program

Documentation
Blog
White papers
Videos
Webinars
Case Studies
Community Program
Community Forum

Company
Careers

Support portals
Contact us
Let's Talk Start free
NXLog search
  • Loading...
Let's Talk Start free
January 11, 2024 compliancestrategy

The story of the $1,900,000 penalty for insufficient log management

By Roman Krasnov

Share
ALL SIEM STRATEGY SECURITY ANNOUNCEMENT DEPLOYMENT COMPLIANCE COMPARISON RSS

It was late March 2021 when a phishing email was sent to a network administrator of TTEC Healthcare Solutions, Inc. (TTEC HS) - an integrated healthcare CX solutions provider - and a threat actor gained highly privileged access to the network. On September 12, 2021, a common ransomware scenario was triggered, with approximately 1,800 devices compromised via the access channel obtained almost 5 months earlier.

Prior to executing the ransomware attack, the threat actor successfully exfiltrated data from the TTEC HS network, containing non-public information (NPI) of current and former employees of TTEC HS, and for individuals who were insured by one of TTEC HS’s clients, including, importantly, some New York residents. TTEC HS was licensed to sell life and health insurance in New York State, so an investigation into the breach was started by The New York State Department of Financial Services (NYSDFS) per cybersecurity regulation, 23 NYCRR Part 500.

An investigation into the incident found that, at the time of the breach and ransomware event, TTEC HS only maintained active audit trail records for 90 days, with archived audit trail records maintained for an additional 15 months. The audit trail records were insufficient to effectively assist TTEC in detecting and responding to the incident, and it was also not enough to stay compliant with the 23 NYCRR Part 500 regulation.

As a result, TTEC HS had to pay “a total civil monetary penalty pursuant to Financial Services Law § 408 to the Department in the amount of One Million Nine Hundred Thousand U.S. Dollars ($1,900,000.00).”

What is 23 NYCRR 500?

Alongside different nationwide (GDPR, NIS, DPA, etc.) and industry-specific (PCI DSS, HIPAA, GLBA, NRCRG5.71, etc.) cybersecurity regulations, many local rules affect a security strategy and must be taken into account. The NYDFS Cybersecurity Regulation (23 NYCRR 500) is an example.

Back in 2017, the State of New York Department of Financial Services imposed new requirements on financial institutions that are authorized to run business in the state. “Title 23 New York Codes, Rules, and Regulation Part 500: Cybersecurity Requirements for Financial Services Companies” was designed to protect customer data. It’s applies to all entities operating under NYDFS licensure, registration, charter, or that are otherwise NYDFS-regulated, including those third parties working with regulated entities.

Banks, both state-chartered, international and private, mortgage brokers, and insurance companies are good examples of regulated entities.

The regulation enforces strict rules on covered organizations, including CISO appointment (or third-party equivalent), a detailed cybersecurity plan enablement, the enactment of a comprehensive cybersecurity policy, and ongoing reporting for cybersecurity events.

23 NYCRR 500 and log management

23 NYCRR 500 is based on the NIST Cybersecurity Framework (CSF) and provides direct guidance on log management as a crucial part of a cybersecurity strategy through a number of its sections:

  • Section 500.6 Audit trail

Each covered entity shall securely maintain systems that are designed to reconstruct material financial transactions and audit trails designed to detect and respond to cybersecurity events.

Transaction records shall be maintained for not fewer than five years and audit trails for not fewer than three years.

  • 500.14 Monitoring and training

As part of its cybersecurity program, each covered entity shall monitor the activity of authorized users and detect unauthorized access or use of, or tampering with, nonpublic information by such authorized users.

Each class A company (one with at least $20,000,000 in gross annual revenue) shall implement an endpoint detection and response solution to monitor anomalous activity and a solution that centralizes logging and security event alerting.

How NXLog helps with compliance

NXLog helps organizations stay 23 NYCRR 500 compliant by providing a centralized security observability solution. Collect and analyze audit logs across disparate systems to aid in real-time threat detection and response, and ensure you always stay compliant with the State of New York Department of Financial Services cybersecurity regulation.

  • Enable audit log centralization with nothing missed

NXLog supports all popular and advanced log data collection methods. It seamlessly integrates with various data sources, including databases, network appliances, SIEM, and APM systems to ensure a compliant log management process.

  • Enable cost-efficient audit log retention

According to 23 NYCRR 500, audit trails must be retained for three years - a huge storage capacity problem. NXLog provides log filtration, flexible retention, and routing mechanisms, creating a cost-efficient retention process.

  • Enforce audit log and system file monitoring against unauthorized changes

NXLog provides a File Integrity Monitoring (FIM) module that detects when files are changed and promptly triggers a security event. This helps to protect both critical system files and retained logs from unauthorized tampering.

  • Simplify processes with unified log collection infrastructure

NXLog allows an organization to define a unified log collection mechanism across an entire infrastructure, including system and operational components. Unified log collection helps design comprehensive technical solutions and simplify routines and policies that must be documented and communicated to staff.

NXLog Platform is an on-premises solution for centralized log management with
versatile processing forming the backbone of security monitoring.

With our industry-leading expertise in log collection and agent management, we comprehensively
address your security log-related tasks, including collection, parsing, processing, enrichment, storage, management, and analytics.

Start free Contact us
  • compliance
  • local legislation
Share

Facebook Twitter LinkedIn Reddit Mail
Related Posts

Making the most of Windows Event Forwarding for centralized log collection
6 minutes | December 17, 2018
DNS Log Collection on Windows
8 minutes | May 28, 2020
The benefits of log aggregation
8 minutes | August 1, 2022

Stay connected:

Sign up

Keep up to date with our monthly digest of articles.

By clicking singing up, I agree to the use of my personal data in accordance with NXLog Privacy Policy.

Featured posts

Announcing NXLog Platform 1.6
April 22, 2025
Announcing NXLog Platform 1.5
February 27, 2025
Announcing NXLog Platform 1.4
December 20, 2024
NXLog redefines log management for the digital age
December 19, 2024
2024 and NXLog - a review
December 19, 2024
Announcing NXLog Platform 1.3
October 25, 2024
NXLog redefines the market with the launch of NXLog Platform: a new centralized log management solution
September 24, 2024
Welcome to the future of log management with NXLog Platform
August 28, 2024
Announcing NXLog Enterprise Edition 5.11
June 20, 2024
Raijin announces release of version 2.1
May 31, 2024
Ingesting log data from Debian UFW to Loki and Grafana
May 21, 2024
Announcing NXLog Enterprise Edition 6.3
May 13, 2024
Raijin announces release of version 2.0
March 14, 2024
NXLog Enterprise Edition on Submarines
March 11, 2024
The evolution of event logging: from clay tablets to Taylor Swift
February 6, 2024
Migrate to NXLog Enterprise Edition 6 for our best ever log collection experience
February 2, 2024
Raijin announces release of version 1.5
January 26, 2024
2023 and NXLog - a review
December 22, 2023
Announcing NXLog Enterprise Edition 5.10
December 21, 2023
Raijin announces release of version 1.4
December 12, 2023
Announcing NXLog Enterprise Edition 6.2
December 4, 2023
Announcing NXLog Manager 5.7
November 3, 2023
Announcing NXLog Enterprise Edition 6.1
October 20, 2023
Raijin announces release of version 1.3
October 6, 2023
Upgrading from NXLog Enterprise Edition 5 to NXLog Enterprise Edition 6
September 11, 2023
Announcing NXLog Enterprise Edition 6.0
September 11, 2023
The cybersecurity challenges of modern aviation systems
September 8, 2023
Raijin announces release of version 1.2
August 11, 2023
The Sarbanes-Oxley (SOX) Act and security observability
August 9, 2023
Log Management and PCI DSS 4.0 compliance
August 2, 2023
Detect threats using NXLog and Sigma
July 27, 2023
HIPAA compliance logging requirements
July 19, 2023
Announcing NXLog Enterprise Edition 5.9
June 20, 2023
Industrial cybersecurity - The facts
June 8, 2023
Raijin announces release of version 1.1
May 30, 2023
CISO starter pack - Security Policy
May 2, 2023
Announcing NXLog Enterprise Edition 5.8
April 24, 2023
CISO starter pack - Log collection fundamentals
April 3, 2023
Raijin announces release of version 1.0
March 9, 2023
Avoid vendor lock-in and declare SIEM independence
February 13, 2023
Announcing NXLog Enterprise Edition 5.7
January 20, 2023
NXLog - 2022 in review
December 22, 2022
Need to replace syslog-ng? Changing to NXLog is easier than you think
November 23, 2022
The EU's response to cyberwarfare
November 22, 2022
Looking beyond Cybersecurity Awareness Month
November 8, 2022
GDPR compliance and log data
September 23, 2022
NXLog in an industrial control security context
August 10, 2022
Raijin vs Elasticsearch
August 9, 2022
NXLog provides native support for Google Chronicle
May 11, 2022
Aggregating macOS logs for SIEM systems
February 17, 2022
How a centralized log collection tool can help your SIEM solutions
April 1, 2020

Categories

  • SIEM
  • STRATEGY
  • SECURITY
  • ANNOUNCEMENT
  • DEPLOYMENT
  • COMPLIANCE
  • COMPARISON
logo

Subscribe to our newsletter to get the latest updates, news, and products releases. 

© Copyright 2024 NXLog FZE.

Privacy Policy. General Terms of Use

Follow us

  • Product
  • NXLog Platform 
  • Log collection
  • Log management and analysis
  • Log storage
  • Integration
  • Professional Services
  • Plans
  • Resources
  • Documentation
  • Blog
  • White papers
  • Videos
  • Webinars
  • Case studies
  • Community Program
  • Community forum
  • Support
  • Getting started guide
  • Support portals
  • About NXLog
  • About us
  • Careers
  • Find a reseller
  • Partner program
  • Contact us