PCI
Automate Alerting & Reporting
“Customers typically experience a return on investment of three months or less by automating the collection and storage of log data for PCI compliance and then using that data for audit. LogLogic’s Compliance Suite: PCI edition automates the process of validating, reporting and alerting on business and IT policies related to PCI compliance at a fraction of the cost of homegrown solutions.”Pat Sueltz, CEO, LogLogic
The second of LogLogic’s Compliance Suites, the PCI Edition delivers more than 80 customizable PCI reports and alerts. The LogLogic Compliance Suite: PCI Edition utilizes log data from information technology to evidence, report and alert on more than 50 sub-requirements; and, specifically covers requirement number 10, pertaining to log data.
LogLogic Compliance Suite: PCI edition provides out-of-the-box support for Control Objectives for Information and Related Technology (COBIT) 4.0. The reports and alerts monitor and verify many of the controls defined in COBIT 4.0 specifically, and cover all four sections broadly. PCI compliance is achieved by meeting the specified requirement and satisfying business and IT controls. COBIT is the IT Governance Institute’s IT governance and control framework, most frequently used to help achieve Sarbanes-Oxley Act compliance, but also ensuring security and availability of IT assets in general.
By automating compliance reporting and alerting based on critical infrastructure data collected and stored by LogLogic’s appliances, the LogLogic Compliance Suite: PCI Edition removes the complexity and resource requirements from implementing PCI policies.
Compliance reporting and alerting from LogLogic is ideal for IT administrators, auditors, financial executives, merchants, card processors and all organizations who interface with cardholder data, who want to reduce time to compliance and realize dramatic improvements in risk mitigation and audit accuracy.
LogLogic allows for ongoing data monitoring and reporting and long-term archival so you can attest compliance activities on an ongoing basis. Breakthrough Log Learning technology delivers the industry’s first smart behavioral alerts, which can be set by device, device group or network. Adaptive baseline, network policy and ratio-based alerts are all powered by artificial intelligence and machine learning technology. Managers receive early warning of insider misuse and unusual or suspicious behavior they can act quickly.
Customizable Compliance Reporting
LogLogic Compliance Suite uses LogLogic’s unique Agile Reporting Engine to allow on-the-fly customization of templates. Using Agile Reporting functionality, customers can match information log data against specific corporate controls and policies. Agile Reporting differentiates LogLogic’s compliance solution from industry alternatives based on static reports. Instead of having to write Perl scripts of statements to customize reports, Agile Reports can be customized with a few simple mouse clicks.
50 Reports. 30 Alerts.
The LogLogic Compliance Suite is the first solution to provide out-of-the-box validation of PCI using log data. Log data allows organizations to manage the extreme challenges of meeting major PCI DSS requirements. The LogLogic Compliance Suite delivers more than 80 reports and alerts on four categories:
- Security. Reports and alerts show that all network security devices, including firewalls and IDS systems, have been configured appropriately to allow only the requested and approved traffic in and out of the network.
- Change Management. Reports and alerts show that all systems and system changes are appropriately requested, approved, tested, and validated by authorized personnel prior to implementation to the production environment.
- Identity and Access. Reports and alerts show that all PCI-related systems are appropriately secured to prevent unauthorized use, disclosure, modification, damage or loss of data, and that that division of roles and responsibilities have been implemented to reduce the possibility for a single individual to subvert a critical process.
- Monitoring and Reporting. Reports and alerts to allow customers to continuously monitor the IT infrastructure for any security violations.
Requirements Addressed by LogLogic for PCI DSS
LogLogic Compliance Suite: PCI Edition focuses on key requirements to regularly monitor all access to network resources and cardholder data (Requirement #10 of the PCI DSS). This includes establishing automated audit trails to reconstruct events, such as invalid access attempts, actions taken by individuals, creation and deletion of system-level objects and others. Additionally, it focuses on securing audit trails so that they cannot be altered, including limiting views, protecting them from unauthorized modifications, promptly backing them up, and establishing copies, among others.
| Category | PCI Data Security Standard | Control Header |
|---|---|---|
| Security | Requirement 1 | Install and maintain a firewall configuration to protect data |
| Requirement 2 | Do not use vendor-supplied defaults for system passwords and other security parameters |
|
| Requirement 11 | Regularly test security systems and processes |
|
| Change Management | Requirement 6 | Develop and maintain secure systems and applications |
| Identity and Access | Requirement 7 | Restrict access to data by business need-to-know |
| Requirement 8 | Assign a unique ID to each person with computer access |
|
| Monitoring and Reporting | Requirement 10 | Track and monitor all access to network resources and cardholder data |