PCI
Verify PCI Controls Processes. Reduce PCI Compliance Costs.
“Customers typically experience a return on investment of three months or less by automating the collection and storage of log data for PCI compliance and then using that data for audit. LogLogic’s Compliance Suite: PCI edition automates the process of validating, reporting and alerting on business and IT policies related to PCI compliance at a fraction of the cost of homegrown solutions.”Pat Sueltz, CEO, LogLogic
LogLogic Compliance Suite: PCI Edition Instantly Turns Log Data Into Automated Reports and Alerts for Monitoring PCI compliance.
Whether you are selling books online or groceries at a local store, virtually every computer-based transaction results in a log data file that is a fingerprint of user and computer systems activity. LogLogic makes the billions of log messages generated by retailers and merchants using credit cards available for enforcing, auditing and automating the requirements and controls related to the Payment Card Industry (PCI) data security standard.
Enterprises recognize the critical role protecting information assets has on the success of their business and the importance of best-in-class corporate governance. LogLogic Compliance Suites enables best practices and processes to be easily implemented and enforced to support the IT governance requirements of executives and boards, while also addressing the more detailed requirements of those responsible for solution and service delivery. As a result, CIOs can optimize IT investments, ensure value delivery and mitigate IT risk in a transparent manner.
The LogLogic Compliance Suite: PCI Edition automates the process of using log data to evidence and enforce business and IT policies for the payment card industry data security standards (PCI DSS). LogLogic’s Compliance Suite: PCI Edition delivers more than 80 reports and alerts, all easily customizable, that run on LogLogic’s appliances to automate the process of collecting and storing log data in accordance with the requirements of PCI.
Enterprise data in the form of log files provides critical insight into the use of corporate assets, risks and IT performance. In addition to servers and applications, much valuable information comes from mining the log data from corporate firewalls, VPN concentrators, web proxies, IDS systems, E-mail servers and backup systems.
LogLogic’s Compliance Suite: PCI Edition utilizes LogLogic’s Agile Reporting Engine to allow easy customization of reporting and alerts and the development of custom dashboards based on industry standard processes. LogLogic’s Open Log Services enable raw data, alerts and reports to be easily routed to third-party management and compliance solutions to close the loop on, and constantly validate, business processes. Agile Reporting differentiates LogLogic’s compliance solution from industry alternatives based on static reports. Instead of having to write PERL scripts or SQL statements to customize reports, Agile Reports can be customized with a couple of simple mouse-clicks.
Provide Out-of-the-Box Validation
The LogLogic Compliance Suite is the first solution to provide out-of-the-box validation of PCI compliance using log data. Log data allows organizations to manage the challenges of meeting major PCI DSS requirements. LogLogic’s PCI compliance reports and alerts generally fall into the following categories:
- Security. Reports and alerts show that all network security devices, including firewalls and IDS systems, have been configured appropriately to allow only the requested and approved traffic in and out of the network
- Change Management. Reports and alerts show that all systems and system changes are appropriately requested, approved, tested, and validated by authorized personnel prior to implementation to the production environment.
- Identity and Access. Reports and alerts show that all PCI-related systems are appropriately secured to prevent unauthorized use, disclosure, modification, damage or loss of data, and that that division of roles and responsibilities have been implemented to reduce the possibility for a single individual to subvert a critical process
- Monitoring and Reporting. Reports and alerts to allow customers to continuously monitor the IT infrastructure for any security violations.