The governance, risk, and compliance (GRC) market has recently experienced significant growth as organizations seek to manage internal and external security threats, enforce internal policies, and comply with governmental regulations. For example, government agencies have faced significant challenges in implementing procedures to comply with regulations such as Homeland Security Presidential Directive (H.S.P.D.) 12, which provides a mandatory federal policy for establishing a common identification standard for federal employees and contractors. In this regard, H.S.P.D. 12 reflects an emerging trend in which GRC transcends mere information technology security in favor of a layered deterrence mechanism that can add security and ensure compliance for various areas of an organizational infrastructure.
As a result, organizations often have to sort through large amounts of data to ensure compliance with governmental regulations, internal controls or policies, risk strategies, or other security and compliance concerns. Thus, various solutions have emerged for correlating organizational data to provide policy enforcement and threat remediation by applying logic or rules to incoming data. However, existing solutions tend to focus on ensuring compliance with specific controls, regulations, or other policies for which the solutions were particularly tailored. Thus, in many cases, a given organization may have to deploy various different correlation engines to ensure compliance across distinct areas or organizational boundaries (e.g., separate correlation engines may provide correlation solutions to remediate intrusion detection, data integrity, network security, regulatory compliance, internal policies, or other governance, security, and compliance policies).
Thus, although many organizations require data correlation for a broad number of systems or applications, existing solutions tend to take a divide-and-conquer approach towards correlation. That is, existing correlation solutions tend to be limited to performing specific and isolated types of correlation, thus falling short in providing a comprehensive and future-proof correlation solution. However, governmental regulations, internal risk management strategies, and security threats often change on a continuing, ongoing, and dynamic basis, such that existing correlation solutions that operate in isolation may not adequately address all of an organization's compliance needs. Thus, because remediation of governance, risk, and compliance controls can only be considered as strong as the weakest link in a chain, existing GRC solutions that can only perform limited types of correlation cannot provide an integrated, one-stop, future-proof solution for real-time monitoring and remediation of various different governance, risk, and compliance concerns.
Existing systems suffer from these and other problems.