PCI Compliance Suite
Verify PCI Controls Processes. Reduce PCI Compliance Costs.
Whether you are selling books online or groceries at a local store, virtually every computer-based transaction results in a log data file that is a fingerprint of user and computer systems activity. LogLogic makes the billions of log messages generated by retailers and merchants using credit cards available for enforcing, auditing and automating the requirements and controls related to the Payment Card Industry (PCI) data security standard.
LogLogic Compliance Suite: PCI Edition Instantly Turns Log Data Into Automated Reports and Alerts for Monitoring PCI compliance.
Enterprises recognize the critical role protecting information assets has on the success of their business and the importance of best-in-class corporate governance. LogLogic Compliance Suites enables best practices and processes to be easily implemented and enforced to support the IT governance requirements of executives and boards, while also addressing the more detailed requirements of those responsible for solution and service delivery. As a result, CIOs can optimize IT investments, ensure value delivery and mitigate IT risk in a transparent manner.
“Customers typically experience a return on investment of three months or less by automating the collection and storage of log data for PCI compliance and then using that data for audit. LogLogic’s Compliance Suite: PCI edition automates the process of validating, reporting and alerting on business and IT policies related to PCI compliance at a fraction of the cost of homegrown solutions.”
Pat Sueltz, CEO, LogLogic
The LogLogic Compliance Suite: PCI Edition automates the process of using log data to evidence and enforce business and IT policies for the payment card industry data security standards (PCI DSS). LogLogic’s Compliance Suite: PCI Edition delivers more than 80 reports and alerts, all easily customizable, that run on LogLogic’s appliances to automate the process of collecting and storing log data in accordance with the requirements of PCI.
Enterprise data in the form of log files provides critical insight into the use of corporate assets, risks and IT performance. In addition to servers and applications, much valuable information comes from mining the log data from corporate firewalls, VPN concentrators, web proxies, IDS systems, E-mail servers and backup systems.
LogLogic’s Compliance Suite: PCI Edition utilizes LogLogic’s Agile Reporting Engine to allow easy customization of reporting and alerts and the development of custom dashboards based on industry standard processes. LogLogic’s Open Log Services enable raw data, alerts and reports to be easily routed to third-party management and compliance solutions to close the loop on, and constantly validate, business processes. Agile Reporting differentiates LogLogic’s compliance solution from industry alternatives based on static reports. Instead of having to write PERL scripts or SQL statements to customize reports, Agile Reports can be customized with a couple of simple mouse-clicks.
Provide Out-of-the-Box Validation
The LogLogic Compliance Suite is the first solution to provide out-of-the-box validation of PCI compliance using log data. Log data allows organizations to manage the challenges of meeting major PCI DSS requirements. LogLogic’s PCI compliance reports and alerts generally fall into the following categories:
- Security. Reports and alerts show that all network security devices, including firewalls and IDS systems, have been configured appropriately to allow only the requested and approved traffic in and out of the network
- Change Management. Reports and alerts show that all systems and system changes are appropriately requested, approved, tested, and validated by authorized personnel prior to implementation to the production environment.
- Identity and Access. Reports and alerts show that all PCI-related systems are appropriately secured to prevent unauthorized use, disclosure, modification, damage or loss of data, and that that division of roles and responsibilities have been implemented to reduce the possibility for a single individual to subvert a critical process
- Monitoring and Reporting. Reports and alerts to allow customers to continuously monitor the IT infrastructure for any security violations.
Protecting information assets has become a vital part of business today. Best-in-class corporate governance and adhering to PCI Compliance is vital to retailers and etailers who depend on payment card transaction.
Typical benefits for IT, auditors and financial execs include:
- Time savings of up to two weeks per report and a dramatic improvement in risk mitigation and accuracy. Typical return on investments (ROI) of 1-3 months based on reduced or eliminated consulting, personnel and infrastructure costs.
- No consultancy or rules writing required — eliminating deployment and set-up costs normally incurred with typical security event management solutions
- Ease of reporting and customization — reports load in seconds and immediately start generating results on terabytes of log data. Reports can be mapped to specific business and IT policies.
- Sustainable compliance and a significant reduction in risk by delivering real-time, automated alerting on policies and controls.
- Log Process Auditing to automatically evidence that processes are being completed on time.
- Protection of the integrity of log data for purposes of attestation and litigation. Many current solutions (homegrown and security information and event management) damage and reduce infrastructure data when processing it. They also fail to deliver a way of systematically capturing and securely storing critical infrastructure data spread across the enterprise (and, of enforcing and evidencing this process).
- Infrastructure in the form of log files provides critical insight into the use of corporate assets, risks and IT performance. In addition to servers and applications, much valuable information comes from mining the log data from corporate firewalls, VPN concentrators, web proxies, IDS systems, E-mail servers and backup systems, among devices.
Alerting & Reporting
The second of LogLogic’s Compliance Suites, the PCI Edition delivers more than 80 customizable PCI reports and alerts. The LogLogic Compliance Suite: PCI Edition utilizes log data from information technology to evidence, report and alert on more than 50 sub-requirements; and, specifically covers requirement number 10, pertaining to log data.
LogLogic Compliance Suite: PCI edition provides out-of-the-box support for Control Objectives for Information and Related Technology (COBIT) 4.0. The reports and alerts monitor and verify many of the controls defined in COBIT 4.0 specifically, and cover all four sections broadly. PCI compliance is achieved by meeting the specified requirement and satisfying business and IT controls. COBIT is the IT Governance Institute’s IT governance and control framework, most frequently used to help achieve Sarbanes-Oxley Act compliance, but also ensuring security and availability of IT assets in general.
By automating compliance reporting and alerting based on critical infrastructure data collected and stored by LogLogic’s appliances, the LogLogic Compliance Suite: PCI Edition removes the complexity and resource requirements from implementing PCI policies.
Compliance reporting and alerting from LogLogic is ideal for IT administrators, auditors, financial executives, merchants, card processors and all organizations who interface with cardholder data, who want to reduce time to compliance and realize dramatic improvements in risk mitigation and audit accuracy.
LogLogic allows for ongoing data monitoring and reporting and long-term archival so you can attest compliance activities on an ongoing basis. Breakthrough Log Learning technology delivers the industry’s first smart behavioral alerts, which can be set by device, device group or network. Adaptive baseline, network policy and ratio-based alerts are all powered by artificial intelligence and machine learning technology. Managers receive early warning of insider misuse and unusual or suspicious behavior they can act quickly.
Customizable Compliance Reporting
LogLogic Compliance Suite uses LogLogic’s unique Agile Reporting Engine to allow on-the-fly customization of templates. Using Agile Reporting functionality, customers can match information log data against specific corporate controls and policies. Agile Reporting differentiates LogLogic’s compliance solution from industry alternatives based on static reports. Instead of having to write Perl scripts of statements to customize reports, Agile Reports can be customized with a few simple mouse clicks.
50 Reports. 30 Alerts.
The LogLogic Compliance Suite is the first solution to provide out-of-the-box validation of PCI using log data. Log data allows organizations to manage the extreme challenges of meeting major PCI DSS requirements. The LogLogic Compliance Suite delivers more than 80 reports and alerts on four categories:
- Security. Reports and alerts show that all network security devices, including firewalls and IDS systems, have been configured appropriately to allow only the requested and approved traffic in and out of the network.
- Change Management. Reports and alerts show that all systems and system changes are appropriately requested, approved, tested, and validated by authorized personnel prior to implementation to the production environment.
- Identity and Access. Reports and alerts show that all PCI-related systems are appropriately secured to prevent unauthorized use, disclosure, modification, damage or loss of data, and that that division of roles and responsibilities have been implemented to reduce the possibility for a single individual to subvert a critical process.
- Monitoring and Reporting. Reports and alerts to allow customers to continuously monitor the IT infrastructure for any security violations.
Requirements Addressed by LogLogic for PCI DSS
LogLogic Compliance Suite: PCI Edition focuses on key requirements to regularly monitor all access to network resources and cardholder data (Requirement #10 of the PCI DSS). This includes establishing automated audit trails to reconstruct events, such as invalid access attempts, actions taken by individuals, creation and deletion of system-level objects and others. Additionally, it focuses on securing audit trails so that they cannot be altered, including limiting views, protecting them from unauthorized modifications, promptly backing them up, and establishing copies, among others.
| Category | PCI Data Security Standard | Control Header |
|---|---|---|
| Security | Requirement 1 | Install and maintain a firewall configuration to protect data |
| Requirement 2 | Do not use vendor-supplied defaults for system passwords and other security parameters | |
| Requirement 11 | Regularly test security systems and processes | |
| Change Management | Requirement 6 | Develop and maintain secure systems and applications |
| Identity and Access | Requirement 7 | Restrict access to data by business need-to-know |
| Requirement 8 | Assign a unique ID to each person with computer access | |
| Monitoring and Reporting | Requirement 10 | Track and monitor all access to network resources and cardholder data |
Contact me
Have someone contact you within 24-hours.
Weekly Webcast
Join our experts every Tuesday.
3-Minute Tour
View a LogLogic introductory tour
New White Paper
