How Panther Helps With SOC 2

What is SOC 2?

SOC 2, or Service Organization Control Type 2, is a voluntary security compliance framework created by the AICPA (American Institute of Certified Public Accountants). SOC 2 defines criteria for the secure management of business data, and SOC 2 certification is often looked for by consumers of SaaS products as it provides a level of trust over the software’s security.

Trust Principles

Organizations can engage an outside entity to perform a SOC 2 audit against any combination of the five trust principles laid out by the AICPA: Security, Availability, Confidentiality, Processing Integrity, and/or Privacy. These audits evaluate whether proper controls have been implemented to address the trust principles.

Report Types

SOC 2 reports can come in two types:

  • SOC 2 type 1 – Report on the design effectiveness of controls the organization has implemented against principles.
  • SOC 2 type 2 – Report on the operating effectiveness of controls the organization has implemented against principles.

How Panther Helps with SOC 2

Panther is a security tool that can help with meeting SOC 2 requirements such as the following:

CC 7.1

Requirement Description
To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities.

How Panther Helps
Panther allows for security teams to write detections to obtain real-time alerts from log sources. Many of the out-of-the-box detections are for changes to configurations that result in the introduction of new vulnerabilities in cloud accounts (such as AWS), applications (such as Okta, GitHub, and GSuite), and hosts (through applications such as CrowdStrike, Osquery, and SentinelOne).

CC 7.2

Requirement Description
The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity’s ability to meet its objectives; anomalies are analyzed to determine whether they represent security events.

How Panther Helps
Panthers detections are created to monitor for anomalies that may be indicative of malicious acts or errors, and provides real-time alerting to analyze security events. Some examples of these events include CrowdStrike Events, MFA being disabled on O365, and GuardDuty Findings.

CC 7.3

Requirement description
The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or address such failures.

How Panther Helps
In Panther, raw logs are transformed into a structured data lake, providing the ability to immediately run large queries in minutes, and allowing for quicker determination of whether events could have resulted in a security incident. If an incident is detected, a custom detection can be developed to help prevent future incidents by identification of events leading to the incident, which allows for quicker response.

CC 7.4

Requirement description
The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents, as appropriate.

How Panther Helps
Panther alerts allow for tracking of issues through configured destinations such as Slack or Asana, which enables teams to track communications around the security event and to manage response efforts.

Panther and SOC 2 Compliance

Panther’s data lake architecture, out-of-the-box detections, real-time alerts, and issue-tracking features allow organizations to quickly cover a number of requirements for SOC 2 certification. If you’re interested in learning more about how Panther can help your organization meet SOC 2 requirements, request a demo today.

Recommended Resources

Escape Cloud Noise. Detect Security Signal.
Request a Demo