SlideShare une entreprise Scribd logo

EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCE

Alex Himmelberg
Alex Himmelberg
1  sur  4
Télécharger pour lire hors ligne
ARTICLE :: FEBRUARY 2016 For anyone tasked to ensure compliance with the 12 requirements contained in the Payment Card Industry Data Security Standard (PCI DSS), one requirement often causes unexpected difficulty, if only because of the variety of systems involved. Requirement 10 of the PCI DSS requires companies to track and monitor all access to network resources and to cardholder data. On the surface that seems pretty easy. Implement audit trails, record information about specific events, use time synchronization, write audit logs to a central log management system, monitor file integrity of audit logs, review audit logs daily and retain the log information for at least a year. But how can your company make it all work? It is fairly easy to get any individual system – Windows, Linux, AIX, Cisco IOS – to record the required audit trail information, and most modern systems are easy to configure to use time synchronization. That’s where it begins to become difficult. The challenges to meeting PCI compliance requirements are significant and can have both technical and financial impact. * Systems record log data in different formats – syslog, event log, SNMP trap, Cisco Netflow. Is there existing expertise to easily configure each of them to talk to and transfer data to a central log server? * What about collecting relevant application data and moving it from public servers such as Web Servers, DNS Servers, and Mail Servers promptly and securely into an internal environment? In a retail environment, are you prepared to collect and protect the log data from your Point of Sales systems? * If you store cardholder data do your Database Administrators and system administrators have time to add the necessary responsibilities to their workloads? * Where will you place and configure file integrity monitoring? * Do you have the resources to monitor the logs daily, recognize threats, and respond? * How much data will have to be stored to meet the retention requirements? The real question for any company dealing with compliance requirements is “how can we minimize the impact of compliance on our core business processes and budget and still maximize the results?” EASING THE COMPLIANCE BURDEN :: SAGAN SOLUTION & PCI COMPLIANCE Article published by: Drew Brunson, Senior Information Security Consultant, Quadrant Information Security quadrantsec.com
quadrantsec.com Quadrant Information Security and its Sagan Technology Security Information and Event Management (SIEM) system provides the answer to that question and makes compliance with Requirement 10 of the PCI Standard easy to achieve. Quadrant has the expertise to analyze your environment and implement our Sagan solution directly into your environment, configured to meet your exact need. By placing our Sagan appliance, or multiple appliances, in your environment we remove the need for sensitive information to ever leave your control and we have the expertise to bring audit information directly from your core systems and integrate it into the Sagan engine, where it is dynamically evaluated. Our Security Operations Center (SOC) monitors this process 24/7/365 and alerts for anomalies and threats are generated automatically and manually. Alerts can be tailored according to pre-defined levels. Some alerts may only be listed in a daily report, others in an email to on-call personnel, others may generate a phone call from our SOC to on-call and/or management to ensure immediate notification and response.
quadrantsec.com From a PCI requirement perspective, Quadrant helps your company address each of the sub- requirements of Requirement 10. 10.1 Inventory – We help you inventory your systems and ensure that all systems are generating the appropriate logs. 10.2 Event Reconstruction – We can help you “tune” the audit trails from each system to ensure that the information captured will allow the reconstruction of required security events. 10.3 Auditable Events – It’s easy to miss recording certain events and Quadrant can help you ensure and validate that each system is recording each of the events required by the PCI DSS. 10.4 Time Sync – Time synchronization is critical to Quadrant and we help ensure that time synchronization is active and accurate. 10.5 Secure Log Environment – Our Quadrant appliance provides a secure environment for all systems capable of writing syslog, event log, SNMP trap, or Cisco Netflow events. 10.6 Review and Monitoring – Our Security Operations Center provides around the clock real-time monitoring of the auditable events that are configurable according to your priorities. 10.7 Audit Retention – Our systems are configured to retain your log data for a minimum of 53 weeks. Well in compliance with the PCI DSS. 10.8 Policy & Process – While your company retains responsibility for the policy component of this sub-requirement, our processes for monitoring your network resources and cardholder data are documented and available in compliance with this area. We are flexible in our ability to manage events from a diverse population of assets. Some of the systems we can manage include: * Routers (Cisco, etc.) * Managed network switches * Firewalls (Sonicwall, Fortigate, etc.) * IDS/IPS systems (Cisco, Fortigate, etc.) * Linux and Unix systems (services, kernel messages, etc.) * Windows based networks (Event logs, etc.) * Specified Application events (Webservers, Point of Sale) * Wireless access points (Cisco, D-Link, etc.) * Host based IDS systems (HIDS) (AIDE, OSSEC, etc.) * Detection of rogue devices on networks (via Arpalert, etc.)
quadrantsec.com Our Sagan Technology SIEM, combined with our Managed Security Services solution, provides real time monitoring of your most valuable assets. Each event from an asset is written in real time to the Sagan appliance and these entries are evaluated as they come in on the wire. Combined with its clean and easy to use security console, available to authorized users in your company, it is a proven solution. We use the solution in house to manage our 24/7 Managed IDS / IPS services for customers. Sagan Technology gives us a broad range of devices, services, applications that we can monitor. For example, if your organization is a “Cisco shop” and you don’t want to deploy Snort based IDS/IPS sen- sors, it really doesn’t matter to our staff. We can monitor the Cisco devices just as we would a Snort based IDS/IPS solution. With our security console our users can take advantage of a number of unique features to strengthen their company’s security posture and remain within PCI DSS compliance. More specifically, we can provide robust reporting tools to report uniquely on PCI as well as overall network activity. The Sagan console also provides log search functionality, our reputation database and threat intelligence.

Recommandé

PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
PCI DSS Reporting Requirements for People Who Hate PCI DSS ReportingPCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
PCI DSS Reporting Requirements for People Who Hate PCI DSS ReportingAlienVault
 
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webDerrick McBreairty
 
PTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security PrimerPTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security PrimerPTC
 
Event log monitoring for the pci dss
Event log monitoring for the pci dssEvent log monitoring for the pci dss
Event log monitoring for the pci dssSarahLamusu
 
Will your cloud be compliant
Will your cloud be compliantWill your cloud be compliant
Will your cloud be compliantEvgeniya Shumakher
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
Pci dss intro v2
Pci dss intro v2Pci dss intro v2
Pci dss intro v2Torstein Hansen
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the CloudKimberly Simon MBA
 

Recommandé

PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
PCI DSS Reporting Requirements for People Who Hate PCI DSS ReportingPCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
PCI DSS Reporting Requirements for People Who Hate PCI DSS ReportingAlienVault
 
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webDerrick McBreairty
 
PTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security PrimerPTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security PrimerPTC
 
Event log monitoring for the pci dss
Event log monitoring for the pci dssEvent log monitoring for the pci dss
Event log monitoring for the pci dssSarahLamusu
 
Will your cloud be compliant
Will your cloud be compliantWill your cloud be compliant
Will your cloud be compliantEvgeniya Shumakher
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
Pci dss intro v2
Pci dss intro v2Pci dss intro v2
Pci dss intro v2Torstein Hansen
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the CloudKimberly Simon MBA
 
How to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMHow to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
SKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESSKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESwebhostingguy
 
Introduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationIntroduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationControlCase
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewisc2-hellenic
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Continual Compliance Monitoring
Continual Compliance MonitoringContinual Compliance Monitoring
Continual Compliance MonitoringKimberly Simon MBA
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS ComplianceKimberly Simon MBA
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the CloudKimberly Simon MBA
 
GDPR
GDPRGDPR
GDPRRajivarnan R
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safeJens Albrecht
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as UsualControlCase
 
ISE_Pub
ISE_PubISE_Pub
ISE_PubWill Hatcher
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the CloudControlCase
 
ZyLAB Security and Compliance
ZyLAB Security and ComplianceZyLAB Security and Compliance
ZyLAB Security and ComplianceZyLAB
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Wendy Knox Everette
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSSControlCase
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
Making PCI V3.0 Business as Usual (BAU)
Making PCI V3.0 Business as Usual (BAU)Making PCI V3.0 Business as Usual (BAU)
Making PCI V3.0 Business as Usual (BAU)ControlCase
 
CV of Orson UGALINO
CV of Orson UGALINOCV of Orson UGALINO
CV of Orson UGALINOOrson Brando Ugalino
 
Tablero didactico taller#1
Tablero didactico taller#1Tablero didactico taller#1
Tablero didactico taller#1Keila Ábrego
 

Contenu connexe

Tendances

How to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMHow to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
SKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESSKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESwebhostingguy
 
Introduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationIntroduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationControlCase
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewisc2-hellenic
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Continual Compliance Monitoring
Continual Compliance MonitoringContinual Compliance Monitoring
Continual Compliance MonitoringKimberly Simon MBA
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safeJens Albrecht
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as UsualControlCase
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the CloudControlCase
 
ZyLAB Security and Compliance
ZyLAB Security and ComplianceZyLAB Security and Compliance
ZyLAB Security and ComplianceZyLAB
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Wendy Knox Everette
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSSControlCase
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
Making PCI V3.0 Business as Usual (BAU)
Making PCI V3.0 Business as Usual (BAU)Making PCI V3.0 Business as Usual (BAU)
Making PCI V3.0 Business as Usual (BAU)ControlCase
 

Tendances (20)

How to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMHow to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USM
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
SKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESSKIRE HOSTING SERVICES
SKIRE HOSTING SERVICES
 
Introduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationIntroduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) Certification
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and review
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Continual Compliance Monitoring
Continual Compliance MonitoringContinual Compliance Monitoring
Continual Compliance Monitoring
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
 
GDPR
GDPRGDPR
GDPR
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safe
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as Usual
 
ISE_Pub
ISE_PubISE_Pub
ISE_Pub
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
 
ZyLAB Security and Compliance
ZyLAB Security and ComplianceZyLAB Security and Compliance
ZyLAB Security and Compliance
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSS
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
 
Making PCI V3.0 Business as Usual (BAU)
Making PCI V3.0 Business as Usual (BAU)Making PCI V3.0 Business as Usual (BAU)
Making PCI V3.0 Business as Usual (BAU)
 

En vedette

Tablero didactico taller#1
Tablero didactico taller#1Tablero didactico taller#1
Tablero didactico taller#1Keila Ábrego
 
500 17 review and rresolution of customer complaints regarding fees
500 17 review and rresolution of customer complaints regarding fees500 17 review and rresolution of customer complaints regarding fees
500 17 review and rresolution of customer complaints regarding feesNo Kill Shelter Alliance
 
WWI
WWI WWI
WWI cpl
 
assignment transactions
assignment transactionsassignment transactions
assignment transactionsyiota trafalee
 
Coral e luiza
Coral e luizaCoral e luiza
Coral e luizaNute JPA
 
Corproate & Institutional Training Catalogue 1.0
Corproate & Institutional Training Catalogue 1.0Corproate & Institutional Training Catalogue 1.0
Corproate & Institutional Training Catalogue 1.0Sonia Nagpal
 
Secuencias de aprendizaje bloque 1 libro 4 primaria
Secuencias de aprendizaje bloque 1 libro 4 primariaSecuencias de aprendizaje bloque 1 libro 4 primaria
Secuencias de aprendizaje bloque 1 libro 4 primariaJosé Eulalio Arreguin Perez
 
Projeto integrador - GRUPO NO NAME
Projeto integrador - GRUPO NO NAMEProjeto integrador - GRUPO NO NAME
Projeto integrador - GRUPO NO NAMESenac Casserengue
 

En vedette (16)

CV of Orson UGALINO
CV of Orson UGALINOCV of Orson UGALINO
CV of Orson UGALINO
 
Tablero didactico taller#1
Tablero didactico taller#1Tablero didactico taller#1
Tablero didactico taller#1
 
Informatica 2 plataformas
Informatica 2 plataformasInformatica 2 plataformas
Informatica 2 plataformas
 
Lotty Dotty Media
Lotty Dotty MediaLotty Dotty Media
Lotty Dotty Media
 
500 17 review and rresolution of customer complaints regarding fees
500 17 review and rresolution of customer complaints regarding fees500 17 review and rresolution of customer complaints regarding fees
500 17 review and rresolution of customer complaints regarding fees
 
WWI
WWI WWI
WWI
 
assignment transactions
assignment transactionsassignment transactions
assignment transactions
 
MY CURRICULUM VITAE
MY CURRICULUM VITAEMY CURRICULUM VITAE
MY CURRICULUM VITAE
 
Coral e luiza
Coral e luizaCoral e luiza
Coral e luiza
 
Corproate & Institutional Training Catalogue 1.0
Corproate & Institutional Training Catalogue 1.0Corproate & Institutional Training Catalogue 1.0
Corproate & Institutional Training Catalogue 1.0
 
Secuencias de aprendizaje bloque 1 libro 4 primaria
Secuencias de aprendizaje bloque 1 libro 4 primariaSecuencias de aprendizaje bloque 1 libro 4 primaria
Secuencias de aprendizaje bloque 1 libro 4 primaria
 
Sport is fun
Sport is funSport is fun
Sport is fun
 
Malware Awareness Training
Malware Awareness TrainingMalware Awareness Training
Malware Awareness Training
 
Projeto integrador - GRUPO NO NAME
Projeto integrador - GRUPO NO NAMEProjeto integrador - GRUPO NO NAME
Projeto integrador - GRUPO NO NAME
 
Educación a distancia modulo i
Educación a distancia modulo iEducación a distancia modulo i
Educación a distancia modulo i
 
Gi infections
Gi infectionsGi infections
Gi infections
 

Similaire à EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCE

SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
SIEM brochure A4 8pp FINAL WEB
SIEM brochure A4 8pp FINAL WEBSIEM brochure A4 8pp FINAL WEB
SIEM brochure A4 8pp FINAL WEBMerlin Govender
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the CloudRapidScale
 
KnightSentry 2.0 One Pager: Proprietary Security System Health Monitoring
KnightSentry 2.0 One Pager: Proprietary Security System Health MonitoringKnightSentry 2.0 One Pager: Proprietary Security System Health Monitoring
KnightSentry 2.0 One Pager: Proprietary Security System Health MonitoringKnight Security Systems
 
A Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive SecurityA Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive SecuritySébastien Tandel
 
GDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestGDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestAdrian Dumitrescu
 
Smart Analytics for The Big Unknown
Smart Analytics for The Big UnknownSmart Analytics for The Big Unknown
Smart Analytics for The Big UnknownAdrian Dumitrescu
 
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...Studio Fiorenzi Security & Forensics
 
Using Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI complianceUsing Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI complianceCisco Service Provider
 
Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]
Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]
Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]akquinet enterprise solutions GmbH
 
Maintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixMaintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixHCLSoftware
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소GE코리아
 
Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...akquinet enterprise solutions GmbH
 
Time to re think our security process
Time to re think our security processTime to re think our security process
Time to re think our security processUlf Mattsson
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
AWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container AdoptionAWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container AdoptionAlex Rhea
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementSatya Harish
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 

Similaire à EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCE (20)

SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
SIEM brochure A4 8pp FINAL WEB
SIEM brochure A4 8pp FINAL WEBSIEM brochure A4 8pp FINAL WEB
SIEM brochure A4 8pp FINAL WEB
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the Cloud
 
KnightSentry 2.0 One Pager: Proprietary Security System Health Monitoring
KnightSentry 2.0 One Pager: Proprietary Security System Health MonitoringKnightSentry 2.0 One Pager: Proprietary Security System Health Monitoring
KnightSentry 2.0 One Pager: Proprietary Security System Health Monitoring
 
A Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive SecurityA Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive Security
 
ITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet ENITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet EN
 
GDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestGDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & Cyberquest
 
Smart Analytics for The Big Unknown
Smart Analytics for The Big UnknownSmart Analytics for The Big Unknown
Smart Analytics for The Big Unknown
 
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
 
inSOC Sales Deck Dec 2020.pdf
inSOC Sales Deck Dec 2020.pdfinSOC Sales Deck Dec 2020.pdf
inSOC Sales Deck Dec 2020.pdf
 
Using Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI complianceUsing Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI compliance
 
Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]
Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]
Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]
 
Maintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixMaintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFix
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
 
Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...
 
Time to re think our security process
Time to re think our security processTime to re think our security process
Time to re think our security process
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
AWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container AdoptionAWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container Adoption
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event Management
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 

Plus de Alex Himmelberg

SecurityScorecard_2016_Financial_Report
SecurityScorecard_2016_Financial_ReportSecurityScorecard_2016_Financial_Report
SecurityScorecard_2016_Financial_ReportAlex Himmelberg
 
OUR SAGAN SOLUTION & PROFESSIONAL SERVICES
OUR SAGAN SOLUTION & PROFESSIONAL SERVICESOUR SAGAN SOLUTION & PROFESSIONAL SERVICES
OUR SAGAN SOLUTION & PROFESSIONAL SERVICESAlex Himmelberg
 
Corporate Presentation3.19.15
Corporate Presentation3.19.15Corporate Presentation3.19.15
Corporate Presentation3.19.15Alex Himmelberg
 
GSEP - PROCESS AND CHECKPOINT
GSEP - PROCESS AND CHECKPOINTGSEP - PROCESS AND CHECKPOINT
GSEP - PROCESS AND CHECKPOINTAlex Himmelberg
 

Plus de Alex Himmelberg (9)

SecurityScorecard_2016_Financial_Report
SecurityScorecard_2016_Financial_ReportSecurityScorecard_2016_Financial_Report
SecurityScorecard_2016_Financial_Report
 
9545-RR-Why-Use-MSSP
9545-RR-Why-Use-MSSP9545-RR-Why-Use-MSSP
9545-RR-Why-Use-MSSP
 
CO$T BENEFIT OF MSSP
CO$T BENEFIT OF MSSPCO$T BENEFIT OF MSSP
CO$T BENEFIT OF MSSP
 
Bluedot
BluedotBluedot
Bluedot
 
OUR SAGAN SOLUTION & PROFESSIONAL SERVICES
OUR SAGAN SOLUTION & PROFESSIONAL SERVICESOUR SAGAN SOLUTION & PROFESSIONAL SERVICES
OUR SAGAN SOLUTION & PROFESSIONAL SERVICES
 
GI Services Flyer (002)
GI Services Flyer (002)GI Services Flyer (002)
GI Services Flyer (002)
 
Dock-Flyer
Dock-FlyerDock-Flyer
Dock-Flyer
 
Corporate Presentation3.19.15
Corporate Presentation3.19.15Corporate Presentation3.19.15
Corporate Presentation3.19.15
 
GSEP - PROCESS AND CHECKPOINT
GSEP - PROCESS AND CHECKPOINTGSEP - PROCESS AND CHECKPOINT
GSEP - PROCESS AND CHECKPOINT
 

EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCE

  • 1. ARTICLE :: FEBRUARY 2016 For anyone tasked to ensure compliance with the 12 requirements contained in the Payment Card Industry Data Security Standard (PCI DSS), one requirement often causes unexpected difficulty, if only because of the variety of systems involved. Requirement 10 of the PCI DSS requires companies to track and monitor all access to network resources and to cardholder data. On the surface that seems pretty easy. Implement audit trails, record information about specific events, use time synchronization, write audit logs to a central log management system, monitor file integrity of audit logs, review audit logs daily and retain the log information for at least a year. But how can your company make it all work? It is fairly easy to get any individual system – Windows, Linux, AIX, Cisco IOS – to record the required audit trail information, and most modern systems are easy to configure to use time synchronization. That’s where it begins to become difficult. The challenges to meeting PCI compliance requirements are significant and can have both technical and financial impact. * Systems record log data in different formats – syslog, event log, SNMP trap, Cisco Netflow. Is there existing expertise to easily configure each of them to talk to and transfer data to a central log server? * What about collecting relevant application data and moving it from public servers such as Web Servers, DNS Servers, and Mail Servers promptly and securely into an internal environment? In a retail environment, are you prepared to collect and protect the log data from your Point of Sales systems? * If you store cardholder data do your Database Administrators and system administrators have time to add the necessary responsibilities to their workloads? * Where will you place and configure file integrity monitoring? * Do you have the resources to monitor the logs daily, recognize threats, and respond? * How much data will have to be stored to meet the retention requirements? The real question for any company dealing with compliance requirements is “how can we minimize the impact of compliance on our core business processes and budget and still maximize the results?” EASING THE COMPLIANCE BURDEN :: SAGAN SOLUTION & PCI COMPLIANCE Article published by: Drew Brunson, Senior Information Security Consultant, Quadrant Information Security quadrantsec.com
  • 2. quadrantsec.com Quadrant Information Security and its Sagan Technology Security Information and Event Management (SIEM) system provides the answer to that question and makes compliance with Requirement 10 of the PCI Standard easy to achieve. Quadrant has the expertise to analyze your environment and implement our Sagan solution directly into your environment, configured to meet your exact need. By placing our Sagan appliance, or multiple appliances, in your environment we remove the need for sensitive information to ever leave your control and we have the expertise to bring audit information directly from your core systems and integrate it into the Sagan engine, where it is dynamically evaluated. Our Security Operations Center (SOC) monitors this process 24/7/365 and alerts for anomalies and threats are generated automatically and manually. Alerts can be tailored according to pre-defined levels. Some alerts may only be listed in a daily report, others in an email to on-call personnel, others may generate a phone call from our SOC to on-call and/or management to ensure immediate notification and response.
  • 3. quadrantsec.com From a PCI requirement perspective, Quadrant helps your company address each of the sub- requirements of Requirement 10. 10.1 Inventory – We help you inventory your systems and ensure that all systems are generating the appropriate logs. 10.2 Event Reconstruction – We can help you “tune” the audit trails from each system to ensure that the information captured will allow the reconstruction of required security events. 10.3 Auditable Events – It’s easy to miss recording certain events and Quadrant can help you ensure and validate that each system is recording each of the events required by the PCI DSS. 10.4 Time Sync – Time synchronization is critical to Quadrant and we help ensure that time synchronization is active and accurate. 10.5 Secure Log Environment – Our Quadrant appliance provides a secure environment for all systems capable of writing syslog, event log, SNMP trap, or Cisco Netflow events. 10.6 Review and Monitoring – Our Security Operations Center provides around the clock real-time monitoring of the auditable events that are configurable according to your priorities. 10.7 Audit Retention – Our systems are configured to retain your log data for a minimum of 53 weeks. Well in compliance with the PCI DSS. 10.8 Policy & Process – While your company retains responsibility for the policy component of this sub-requirement, our processes for monitoring your network resources and cardholder data are documented and available in compliance with this area. We are flexible in our ability to manage events from a diverse population of assets. Some of the systems we can manage include: * Routers (Cisco, etc.) * Managed network switches * Firewalls (Sonicwall, Fortigate, etc.) * IDS/IPS systems (Cisco, Fortigate, etc.) * Linux and Unix systems (services, kernel messages, etc.) * Windows based networks (Event logs, etc.) * Specified Application events (Webservers, Point of Sale) * Wireless access points (Cisco, D-Link, etc.) * Host based IDS systems (HIDS) (AIDE, OSSEC, etc.) * Detection of rogue devices on networks (via Arpalert, etc.)
  • 4. quadrantsec.com Our Sagan Technology SIEM, combined with our Managed Security Services solution, provides real time monitoring of your most valuable assets. Each event from an asset is written in real time to the Sagan appliance and these entries are evaluated as they come in on the wire. Combined with its clean and easy to use security console, available to authorized users in your company, it is a proven solution. We use the solution in house to manage our 24/7 Managed IDS / IPS services for customers. Sagan Technology gives us a broad range of devices, services, applications that we can monitor. For example, if your organization is a “Cisco shop” and you don’t want to deploy Snort based IDS/IPS sen- sors, it really doesn’t matter to our staff. We can monitor the Cisco devices just as we would a Snort based IDS/IPS solution. With our security console our users can take advantage of a number of unique features to strengthen their company’s security posture and remain within PCI DSS compliance. More specifically, we can provide robust reporting tools to report uniquely on PCI as well as overall network activity. The Sagan console also provides log search functionality, our reputation database and threat intelligence.