1. Blackpoint LogIC FAQ

Overview

Powered by our proprietary SNAP-Defense technology, Blackpoint LogIC is a logging with integrated compliance MDR add-on built to be hyper-efficient and provide real-time data collection. With LogIC, collect the right data you need for future audits. LogIC auto-maps against hundreds of compliance requirements all at once, so you can understand where your current security products and services are covering you in terms of compliance. Trust LogIC to make your journey towards regulatory compliance easier.

LogIC was designed and built to be affordable for MSPs and their partners. Currently, it supports compliance tracking and reporting for PCI-DSS, HIPPA, CMMC (Levels 1, 2, and 3), and CISv8 (IG1, 2, and 3). Collected logs are stored with backups and encryption compliant with SEC rule 17a-4, PCIDSS, HIPAA/HITECH, FedRAMP, EU GDPR, and FISMA data storage regulations.

Important. Blackpoint LogIC’s logging architecture bolsters your cybersecurity posture by supporting real-time collection of file integrity monitoring (FIM) events, device logs, and any other application or system that supports syslog. While LogIC collects key data to assist users in understanding where they are covered in terms of compliance, users must consult with a regulatory compliance authority and/or compliance auditor to guide them through the official assessment.

LogIC Highlights

  • Leverages Blackpoint’s nation-state grade MDR technology for easy, push-button setup, eliminating the additional hardware, appliances, installs, and agent rollouts usually required.
  • Self-serve Compliance Report web application allows real-time management, control, and customization of log collection.
  • Collected logs are stored read-only in three (3) different zones and encrypted with 256-bit Advanced Encryption Standard (AES-256) and compliant with SEC rule 17a-4, PCIDSS, HIPAA/HITECH, FedRAMP, EU GDPR, and FISMA data storage regulations.
  • Includes 365 days of hyper-optimized, complimentary log storage with options for additional log retention durations.
  • Automatically maps hundreds of compliance controls to Blackpoint technology and services, reducing reporting and assessment efforts.
  • Embeds LogIC information to Blackpoint’s monthly MDR reports.
  • Complimentary updates to future LogIC features (extensive enhancements planned throughout 2021 and 2022).

Frequently Asked Questions

Is Blackpoint MDR required for LogIC?

Yes. Although LogIC helps satisfy some compliance requirements, both are necessary to ensure the most comprehensive security and compliance coverage.

How will LogIC be priced?

Please contact your Blackpoint partner success manager to learn about pricing.

How will I be charged?

Your LogIC costs will be calculated based on your monthly device usage as well as any storage and retrieval surcharges included in your standard monthly Blackpoint MDR bill.

What are Blackpoint’s storage options after the initial one-year offering?

Blackpoint LogIC supports flexible storage durations. It includes 365 days of complimentary log storage and affordable pricing for longer durations. For more information, please contact your account executive.

Will there be limits on data collection?

For Windows OS-based devices, no. For syslog, each syslog source will be limited to 100 GB/month which should be sufficient for almost all use cases. 100 GB/month is equivalent to approximately 80 standard syslog messages per second.

Is there a total number of syslog sources we can collect?

No. However, syslog message frequency and size vary greatly across customers and infrastructures and also may impact collection performance. As a result, we generally advise that any single SNAP Agent:

  • Receives no more than 680 syslog messages per second and
  • Receives data from four (4) or fewer unique syslog sources.

If you need to collect more than 680 syslog messages per second or more than four (4) unique syslog sources, then we suggest configuring some of your syslog sources to send messages to a second SNAP Agent when setting up your LogIC syslog collection.

Syslog source data will allow 100GB of event data per month. Utilization above this will be charged in $25 increments per 100GB.

Which reports will the Compliance Report web application initially support?

To date, PCI-DSS, CMMC up to level 3, HIPAA, and CISv8 (IG1, 2, and 3) are supported. Additional compliance standards will be added in subsequent months. If you need to satisfy specific compliance frameworks that are not currently supported, please contact us to identify the additional framework(s).

Will Blackpoint add more compliance report frameworks?

Yes, additional compliance standards will be added in future releases of Blackpoint LogIC. If you need to satisfy specific compliance frameworks that are not currently supported, please contact us to identify the specific framework(s) you require.

If I deploy less than the minimum cost, or just don't have that many devices, is there a partial discount?

No. The minimum cost ensures Blackpoint can meet its costs and covers onboarding assistance, technical support, future LogIC updates and releases, as well as access to the Compliance Web application where partners and customers can manage compliance reports.

What are Syslog, Windows Events, and Windows FIM?

Syslog (system logging protocol) is a standard protocol used to send a system log or event message to a specific server. It is used primarily to collect various device logs from different machines into a central location for system management including monitoring and security auditing.

Windows Events capture changes and events in the Microsoft Windows operating system running on a device. They may include application, service, user, and security related events.

Windows FIM (file integrity monitoring) collects events on operating system files that are created, accessed, or modified as they may indicate a security breach or compromise. FIM audit trails can be helpful in identifying who accessed what and when especially during digital forensics and incident response activities.

What is the LogIC file integrity monitoring (FIM) capability?

The FIM capability in LogIC monitors the following changes to files: Created, Deleted, Accessed, Modified, Shortcut Link Created. It can be configured to monitor specific directories and/or file extensions. Please contact your Blackpoint account manager for additional details.

Why aren't my devices visible?

Please ensure that you have whitelisted the following domains. This ensures that the SNAP Agent can communicate with our servers.

  • agent.sega.production.snap.bpcyber.com
  • agent.siem.production.snap.bpcyber.com