Achieving PCI Compliance with Log Management
|
|
- Dylan Joseph
- 8 years ago
- Views:
Transcription
1 Achieving PCI Compliance with Log Management
2 TABLE OF CONTENTS Introduction.. Page 3 PCI DSS Requirement Page 3 Log Management and PCI..... Page 4 Data Collection... Page 5 Data Storage.... Page 6 Analyzing the Data... Page 7 SenSage for PCI Compliance..... Page 8 Collecting the Data... Page 9 Storing the Data... Page 9 Analyzing the Data... Page 10 SenSage for PCI and the Total Cost of Ownership Page 13 Achieving PCI Compliance with Log Management 2
3 Introduction Credit card theft and exposure incidents have risen sharply in the last several years, and the pace of these incidents continues to accelerate. The cost of financial fraud associated with these transgressions reaches into the millions of dollars, and the resulting identity theft victimizes millions of people annually. To decide how to protect customer account data when processing credit card transactions, a posse of major credit card companies gathered and issued the Payment Card Industry Data Security Standard ( PCI DSS ). The PCI Standard is comprised of 12 separate standards organized into six different control objectives. Basically, these objectives are to: 1. Build and maintain a secure network 2. Protect cardholder data 3. Manage ongoing vulnerabilities 4. Control access to cardholder data 5. Regularly monitor and test networks, and 6. Maintain an information security policy. In essence, the requirements demand that a number of security controls be implemented. However, simply deploying controls is not sufficient to reach compliance with PCI DSS. These controls must be monitored on a regular basis to ensure their continued effectiveness and to identify any potential threats to the cardholder processing environment. As a matter of fact, tracking and monitoring these security countermeasures is so important to the goal of securing the PCI environment that one of the 12 requirements addresses it directly. This white paper will review what is specifically called for in PCI DSS Requirement 10, explore the technical considerations of the requirement, and consider some different approaches to addressing the requirement. In addition, it will introduce SenSage for PCI Compliance and illustrate that it not only meets and exceeds PCI DSS Requirement 10, but can also effectively address additional PCI DSS requirements. PCI DSS Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 10 states it is not enough to simply put the PCI controls in place and walk away. Rather, these controls must be monitored, and any anomalies investigated. PCI Achieving PCI Compliance with Log Management 3
4 states that logging mechanisms to track user activities are critical. Instating logs in all environments permits thorough tracking and analysis if something does go wrong. In addition, determining the cause of a compromise is made possible by system activity logs. The logs referred to are the audit trails that each IT device in the cardholder processing environment generates to record user, system and network activity. As previously stated, the other 11 Requirements of the PCI Standard mandate the deployment and implementation of many security-related IT controls. Each of these controls, whether intrusion detection systems, networking equipment, operating systems on servers, or even the payment card business application itself, generate logs. Requirement 10 describes in detail how to manage the logs and how to extract the information in them to keep systems safe. While the necessary tracking and monitoring could conceivably be performed by individuals, this option poses a number of problems. The first is the cryptic nature of log records each device has its own log format, organization, and content. Reviewers must be extremely familiar with the log format to understand the content. Even a senior technician has difficulty understanding more than one or two different log formats. The second problem with reviewing these logs manually is the sheer volume of data. Many sources, such as firewalls and servers, can generate millions of individual log entries. Clearly, it is practically impossible for a single human being to adequately review and identify anomalies. This brings us to the final problem in manually reviewing the logs correlating the information. With the increased sophistication of security attacks, rarely does one event, or even one data source for that matter, yield the necessary insight to identify and scope a security incident. Doing so commonly requires multiple sources, which means involving multiple administrator groups to get a full picture of what occurred. It s likely that the PCI Security Standards Council noted these problems as well because they attached the following note to Requirement 10.6 to help. In fact, they went so far as to recommend log harvesting, parsing, and alerting tools to achieve compliance with Requirement Log Management and PCI Log harvesting, parsing and alerting tools are also known as log management, security information management (SIM), security event management (SEM), or some combination of these (SIEM). Since Requirement 10 specifically mentions logs, this paper will refer to them as log management tools. Achieving PCI Compliance with Log Management 4
5 As noted above, manual review of logs is not feasible. Therefore, organizations may wish to invest in a log management tool that automates the collection of these logs from wherever they may reside; stores them in a centralized, secure repository; and provides the required analysis to support the business objective -- in this case, complying with PCI DSS. Log management can greatly assist companies in transforming log data into actionable information. This information can then be used to monitor controls, identify security threats, conduct investigations, satisfy auditors, answer legal requests, and manage security. But just as there are a number of different names for tools like these, there are a number of different ways to provide the basic functions of collection, storage and analysis. Although many vendors use the same messages and product descriptions, there are significant technical differences between the tools. Data Collection There are a number of different ways to collect data. Agent vs. Agentless: Refers to the method used to move the log data from a system component into the repository. While agents can be used to encrypt data before the data is sent for loading, providing a layer of security, agentless solutions are preferable. agentless solutions collect remotely by using industry accepted protocols such as SCP, SFTP or HTTPS to gather the data. They also employ SCP, SFTP and HTTPS also provide a secure method of transporting the data. Parsed vs. Indexed Log Entries: Refers to how the log data is organized for loading and later analysis. Parsed data requires breaks each log entry into distinct pieces of information (fields/columns). Meta data, such as column names, are provided to give relevancy and meaning to the individual pieces of parsed information. Parsing also allows each piece of information to be the axis from which a report, trend or investigation can be generated. Indexed logs: Utilize proprietary algorithms to create internal indexes of what the vendor considers to be the most important data in each log record. Indexing is a general approach applied against specific log sources that contain different pieces of information, so data that is not indexed may not be available for further analysis. Indexed log sources are generally analyzed via Google-like searches rather than formatted reports. Achieving PCI Compliance with Log Management 5
6 Data Storage It is critical to understand data storage. Deciding where data is to be kept and how it will be organized in the repository is crucial. These factors will directly affect how easy or difficult it is to analyze the data once it has been collected and stored. The PCI Standard, coupled with the highly distributed architecture of today s business applications, requires the collection, storage, analysis, and retention of numerous logs from numerous devices up and down the application stack for at least one year. This Herculean effort may well represent one of the largest data management problems an organization will ever face. The following diagram provides an overview of different data sources involved in PCI Compliance. Some log management solutions still store log data in commercial RDBMS solutions (e.g., Oracle, SQL Server, or MySQL). While traditional database solutions are excellent for storing business transaction data, log data is not transactional. Transactions can be updated or deleted within a database, but audit trails should not be. In addition, RDBMS solutions involve expensive licensing and DBA support costs and generally don t scale to the volume and query requirements required by PCI DSS. Online retention of these solutions is generally 30 to 90 days before data must be archived. While this technically meets the PCI requirements, it has operational consequences that are not ideal. Achieving PCI Compliance with Log Management 6
7 Some solutions offer a two-tier approach to storing data. These generally consist of a short-term database where reporting and alerting occur and a long-term log depot where the logs are stored for retention purposes. Again, while this will satisfy the technical requirements of PCI DSS, it is not without a high operational price. Some vendors understand that data management has become one of the biggest challenges for organizations today. These vendors created columnar-based data repositories that stored the log data in a series of compressed flat files but enabled that data to be queried by a single reporting mechanism. These flat file repositories solve the security and operational weaknesses of the RDBMS solutions. More importantly, they give customers a single repository with a single method for extracting data. Further, they organize the data in a way that will scale to handle both volume and retention requirements without the need for archiving. Analyzing the Data Today, almost all log management solutions provide out-of-the-box reports to address PCI DSS monitoring. However, to do more than just generate reports review, track and investigate the information presented in the reports, then consider the following differences in log management approaches. Most of these differences relate to the way data is organized in the repository (parsed vs. indexed), as well as where the data is located (short-term vs. long-term repository). In a nutshell, queries against parsed data return standard formatted reports. This is what 99% of log management solutions provide, for the short-term data, anyway. However, queries against indexed data are akin to Google-like searches that return raw log entries where the matched search criteria are highlighted. These Google-like searches require the user to sift through individual raw log entries to find the relevant ones. Further, they must understand the native format of each log source that is returned in order to obtain the information needed. While this might work for technically-minded users, even they would have trouble manually analyzing and correlating the information. For less technical users, it would be a near impossibility. Another set of solutions stores data in two different repositories include both scenarios: Formatted reports on data contained in the short-term RDBMS Indexed searches on data kept in the log depot To access both devices, a user must import the required timeframe of data from the log depot into the short-term RDBMS and run a formatted report or indexed search across both repositories. This takes time and sometimes requires a separate short-term database to handle the data importing and analysis (so as not to interfere with the standard log loading and Achieving PCI Compliance with Log Management 7
8 reporting) as well as DBA support. Or, a user can sift through the different log entries presented by the indexed search. Another consideration is how often you expect to have to deal with data stored in the long-term log depot. PCI Requirement 10.7 calls for data to remain at least 90 days online and prefers even longer. A recent study conducted by the FBI and Computer Security Institute found that 70% of security incidents involved authorized personnel and that the average insider security incident lasted nine to 18 months. This means that the average insider security incident automatically brings the long-term log depot with its indexed searches into play. What about solutions that archive data on to a storage device? Doesn t this remove the long-term log depot and its indexed searches? Unfortunately, no, it s worse. While many log management solutions will play up their storage partner integration, it is almost always a one-way integration. To perform an investigation involving archived data stored on a network addressable storage device you have to take the following steps: Steps (and Costs) to Query Data Contained in an Archive: Find a spare server (server cost, sysadmin involvement). Create a database instance on the server (DB license cost, DBA involvement). Create the necessary tables on the database (DBA involvement). Take one archived file at a time (DBA involvement) and: o Uncompress archive o Load archive into appropriate tables o Run query against that data (DBA involvement) o Save results to a temporary dataset (DBA involvement) o Repeat for duration of archive investigation (DBA involvement, TIME) What if any of the resulting information spurs additional questions? Must do entire process all over again Must incur all of the costs all over again So what is becoming evident is the more data you can have on-line and available for query the better. And if those queries return exact answers in formatted reports that provide relevance to the information contained on them, then that is preferable to indexed searches. SenSage for PCI Compliance The SenSage for PCI Compliance solution not only meets but exceeds PCI DSS Requirement 10, as well as many of the other PCI DSS requirements. By integrating the collection, storage and analysis functions and designing the solution specifically for log data, SenSage offers a simple and comprehensive way to monitor, analyze and ultimately comply with PCI requirements. Achieving PCI Compliance with Log Management 8
9 Collecting the Data SenSage supports the collection of over 200 commercial products through the use of Log Adapters. A separate Log Adapter for each supported log source understands the log format of that source and contains the parsing mechanism required to split each log entry into its separate pieces of information. Log Adapters exist for all of the security control categories called for by PCI DSS, ranging from the external (e.g., firewalls) through the server layer (e.g., zos, Tandem/Non-Stop, AS400/iSeries) all the way through to the internal (databases and commercial applications like SAP). For a custom data source not supported out-of-the-box, such as a PCI-related business application, a user simply creates a custom Log Adapter with a Regular Expression parsing statement for the data, and then lists the column names the data should be parsed into. SenSage does the rest. SenSage s patented data repository builds all data tables dynamically at load time, allowing for full field-level reporting, analysis and investigations. Not only does the Log Adapter provide the necessary information for SenSage to dynamically construct the data table at load time (eliminating the need for costly DBA services), but it also provides cross-source and cross-vendor reporting with a feature called IntelliSchema. IntelliSchema offers reporting views, similar to traditional RDBMS table views. There is no need for professional services. No need for a DBA. No need for indexed searches. SenSage for PCI Compliance collects the data, parses it for easy analysis, and incorporates the custom data sources not only in the collection process, but in the reporting process as well. Storing the Data SenSage stores its collected log data in a patented data repository. As data management becomes an increasingly large hurdle for organizations to leap, SenSage understands that relational databases are poorly designed for event (log) data. The issues of scale, security and analysis require a new type of database. Therefore, SenSage delivers just that. Based on a columnar design (columns are the stored elements rather than rows), SenSage created a single, centralized data repository designed specifically for log data. Data is compressed and stored in a hierarchical series of folders and flat files on each node s local disk, with a backup copy of each node s data stored on another node for data redundancy and automatic failover. Scaling is provided by adding nodes to the cluster. Security is ensured by eliminating the DBA function (there is no privileged user for SenSage) as well as the ALTER and DELETE functions providing write-once-read-many (WORM) functionality. And, sophisticated analysis is made possible through the use of SQL as the data extraction Achieving PCI Compliance with Log Management 9
10 language, enabling the Oracle-style analysis required by compliance and forensic investigations. PCI DSS demands companies collect, retain and analyze terabytes of audit trail history for at least one year, with a minimum of three months of on-line availability. SenSage s patented data repository ensures organizations a minimum of one year s worth of data online, without archiving. However, SenSage s unique design means that multiple years worth of data can remain online and fully queriable. SenSage s customers have taken advantage of these capabilities and are running deployments that manage three, five or seven years of data -- all on-line. No tiered storage is required. No restoring from archives or compressed media. How much data can realistically be stored in this manner? SenSage hasn t yet reached its limit. With data fully queriable at all times, trending and investigations become questions of intent, rather than of data availability. Analyzing the Data SenSage for PCI Compliance provides three different methods for analyzing the data it collects from an organization s cardholder processing environments: dynamically, historically, and ad-hoc. Dynamically refers to the real-time correlation rules that SenSage uses to identify suspected security breaches. This feature partially addresses PCI Requirement 11.4 that recommends network intrusion detection systems and intrusion prevention systems to alert personnel to suspected compromises. SenSage correlation rules look for attack behavior patterns rather than distinct signatures. This reduces the total number of rules required and enables organizations to catch suspicious activities without having to write specific rules for each variation of an attack. For example, when an attack occurs, the following behaviors can be detected: Some form of reconnaissance (e.g., port scans, network sweeps, logon attempts) An action exploiting a weakness or exposure Actions to cover tracks (e.g., turning off monitoring and logging, killing processes or programs) Ensuring the perpetrator owns the machine so they can gain access again (e.g., creating/compromising an account, outbound connection for root kits) Achieving PCI Compliance with Log Management 10
11 Once a correlation rule fires, users can drill down into a graphical representation of the attack and step through it, event by event, to understand what happened. Users can also initiate an investigation report against historical data directly from the correlated event to begin the process of scoping the exposure and its effects. Compliance with PCI DSS requires not only deploying the mandated security countermeasures, but also frequent reviews of those controls to ensure their continued effectiveness. This is where audit logs come in. As both controls and evidence of controls, event logs detail system and user activity to: Document who is accessing the cardholder data environment Monitor privileged user activity Analyze the logs of the PCI security countermeasures to detect anomalies Understand the scope of those anomalies Comply with PCI Requirement 10.6 to review logs daily Provide auditors with the data and information they seek The SenSage Compliance Analytics package, a series of reports mapped directly against the specific sections of the PCI DSS, provides these capabilities to ensure proper coverage. The final part of data analysis is ad-hoc reporting, or executing out-of-the-box Investigative Reports to create custom reports beyond what is already provided by SenSage. Investigative Reports are a necessary part of a PCI DSS monitoring program. The SenSage for PCI Compliance analytic reports are automatically run on a regular basis and distributed to the appropriate personnel for review and analysis. If a report recipient notices something unusual -- an exception or anomaly -- he must comply with the PCI Audit Procedures for Requirement 10.6 and investigate the exception. SenSage s Investigative Reports for users, machines and IP addresses make this possible. Achieving PCI Compliance with Log Management 11
12 (Figure 1) Figure 1 shows an IP Investigation Report looking for log entries where the IP address of is either the destination IP address or the source IP address. With year s worth of SenSage data always available on-line, there is no need to know where the data is stored. Just choose the time frame and without fail SenSage will return a formatted report (similar to Figure 2) over one day, one year or five years. (Figure 2) Achieving PCI Compliance with Log Management 12
13 And because SenSage uses SQL, the reports are 100% accurate. The same can not be said for indexed searches that return raw log entries to sift through. SenSage provides answers, while other solutions provide possibilities. Further the Investigative Reports are fully customizable. Remove conditions or add new ones. Save changes as a new report, or simply revert back to the original report. Even out-of-the-box reports contain dynamic qualities that will be essential for efficient and effective investigations. SenSage makes custom reporting possible in several ways. First, SenSage exposes the SQL logic so that reports can be changed with ease. SenSage for PCI Compliance comes with a Wizard Report Builder that allows a non-technical user to create sophisticated reports. The user is guided through the four GUI screens and the Wizard generates the appropriate SQL report for them. SenSage for PCI and the Total Cost of Ownership Many organizations believe the initial price tag of a product is the cost of that product. But what they often forget is that once the product is installed, it must be administered and supported. Some organizations fail to take into account all aspects of using the product. Those using long-term log depots don t realize how much time it will take to find the answers they need, or perform investigations involving data that has been archived. With that in mind, here are some things to keep in mind in judging the cost of SenSage for PCI Compliance: SenSage runs on inexpensive, general purpose hardware (approximately $6K/server). SenSage stores data on flat-files, for standard flat-file based easy backups. Data redundancy is built in, so there is no need for additional devices. No RDBMS, so DB licenses or maintenance charges are eliminated. No need for costly DBA resources because: o No indexes to build and maintain o No partitions o No tuning o No replication o No archiving Optimized query capability finds answers in minutes instead of hours or days. 8 billion records are analyzed in 2.5 minutes. 100 billion records representing two years of data are analyzed in 6.8 minutes. Column headings give parsed data relevance for better understanding. No backups or data restores required for long-term historical investigations and forensic analysis since online storage of years of information is possible. Now, consider the consequences of not having data on-line: Achieving PCI Compliance with Log Management 13
14 Average length of security incidents involving insiders is nine to 19 months. Trend analysis requires a long period of data. Extent and scope of security incidents need to be completely identified to ensure proper remediation. Data analysis of archived data is slow, expensive and inefficient. Sophisticated attacks and internal violations can bring a company to its knees, breaking trust with customers and tarnishing reputations. In addition, regulatory compliance requires 100% accuracy. Failing audits is time-consuming and expensive. SenSage s sophisticated solution enables companies to meet regulatory compliance and maintain system availability through granular analysis of privileged user behavior and rapid detection of anomalies across networks, systems, and applications. With SenSage, hundreds of organizations now enjoy peace of mind knowing they are effectively managing vast amounts of data and confronting head-on internal and external threats to data integrity. Corporate Headquarters: SenSage, Inc. 55 Hawthorne Street, Suite 700 San Francisco, CA (415) Achieving PCI Compliance with Log Management 14
August 2011. Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach
August 2011 A Sensage TechNote highlighting the essential workflow involved in a potential insider breach Table of Contents Executive Summary... 1... 1 What Just Happened?... 2 What did that user account
More informationSafeNet DataSecure vs. Native Oracle Encryption
SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises
More informationTeleran PCI Customer Case Study
Teleran PCI Customer Case Study Written by Director of Credit Card Systems for Large Credit Card Issuer Customer Case Study Summary A large credit card issuer was engaged in a Payment Card Industry Data
More informationScalability in Log Management
Whitepaper Scalability in Log Management Research 010-021609-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters: 1-888-415-ARST EMEA Headquarters:
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationTripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER
Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER Introduction A decade or more ago, logs of events recorded by firewalls, intrusion detection systems and other network devices were
More informationTripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER
Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER Introduction A decade or more ago, logs of events recorded by firewalls, intrusion detection systems and other network devices were
More informationEnterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
More informationThe Sumo Logic Solution: Security and Compliance
The Sumo Logic Solution: Security and Compliance Introduction With the number of security threats on the rise and the sophistication of attacks evolving, the inability to analyze terabytes of logs using
More informationReal-Time Database Protection and. Overview. 2010 IBM Corporation
Real-Time Database Protection and Monitoring: IBM InfoSphere Guardium Overview Agenda Business drivers for database security InfoSphere Guardium architecture Common applications The InfoSphere portfolio
More information2014 ZOHO Corp, Inc. All Rights Reserved
2014 ZOHO Corp, Inc. All Rights Reserved Introduction Security Information and Event Management (SIEM) solutions provide enterprises with network security intelligence and real-time monitoring for network
More informationFeature. Log Management: A Pragmatic Approach to PCI DSS
Feature Prakhar Srivastava is a senior consultant with Infosys Technologies Ltd. and is part of the Infrastructure Transformation Services Group. Srivastava is a solutions-oriented IT professional who
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationThe Comprehensive Guide to PCI Security Standards Compliance
The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationPCI DSS Best Practices with Snare Enterprise Agents PCI DSS Best Practices with Snare Enterprise Agents
PCI DSS Best Practices with Snare Enterprise InterSect Alliance International Pty Ltd Page 1 of 9 About this document The PCI/DSS documentation provides guidance on a set of baseline security measures
More informationDATABASE AUDITING TOOLS AND STRATEGIES
DATABASE AUDITING TOOLS AND STRATEGIES Authored by: Ed Chopskie, Vice President SenSage, Inc. TABLE OF CONTENTS Introduction.. Page 3 Native Database Auditing.... Page 4 Vendor Native Auditing Capabilities...
More informationLOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility
More informationEnforcive / Enterprise Security
TM Enforcive / Enterprise Security End to End Security and Compliance Management for the IBM i Enterprise Enforcive / Enterprise Security is the single most comprehensive and easy to use security and compliance
More informationWhen it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs
White Paper Meeting PCI Data Security Standards with Juniper Networks SECURE ANALYTICS When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright 2013, Juniper Networks,
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationLogInspect 5 Product Features Robust. Dynamic. Unparalleled.
LogInspect 5 Product Features Robust. Dynamic. Unparalleled. Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics, eg: Top 10
More informationPCI DSS Top 10 Reports March 2011
PCI DSS Top 10 Reports March 2011 The Payment Card Industry Data Security Standard (PCI DSS) Requirements 6, 10 and 11 can be the most costly and resource intensive to meet as they require log management,
More informationCorreLog Alignment to PCI Security Standards Compliance
CorreLog Alignment to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationDefending the Database Techniques and best practices
ISACA Houston: Grounding Security & Compliance Where The Data Lives Mark R. Trinidad Product Manager mtrinidad@appsecinc.com March 19, 2009 Agenda Understanding the Risk Changing threat landscape The target
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationData Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan
WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data
More informationLogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.
LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled. LOGPOINT Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics,
More informationEXPERT STRATEGIES FOR LOG COLLECTION, ROOT CAUSE ANALYSIS, AND COMPLIANCE
EXPERT STRATEGIES FOR LOG COLLECTION, ROOT CAUSE ANALYSIS, AND COMPLIANCE A reliable, high-performance network is critical to your IT infrastructure and organization. Equally important to network performance
More informationWhite Paper. What Auditors Want Database Auditing. 5 Key Questions Auditors Ask During a Database Compliance Audit
5 Key Questions Auditors Ask During a Database Compliance Audit White Paper Regulatory legislation is increasingly driving the expansion of formal enterprise audit processes to include information technology
More informationFairWarning Mapping to PCI DSS 3.0, Requirement 10
FairWarning Mapping to PCI DSS 3.0, Requirement 10 Requirement 10: Track and monitor all access to network resources and cardholder data Logging mechanisms and the ability to track user activities are
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationLog Management How to Develop the Right Strategy for Business and Compliance. Log Management
Log Management How to Develop the Right Strategy for Business and Compliance An Allstream / Dell SecureWorks White Paper 1 Table of contents Executive Summary 1 Current State of Log Monitoring 2 Five Steps
More informationLOG MANAGEMENT: BEST PRACTICES
LOG MANAGEMENT: BEST PRACTICES TABLE OF CONTENTS Why Log Management?...2 Which Logs Should Be Collected?...3 Log Management Challenges...5 Automated Log Management...7 Summary...8 LOG MANAGEMENT: BEST
More informationSecurity management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.
Security management solutions White paper IBM Tivoli and Consul: Facilitating security audit and March 2007 2 Contents 2 Overview 3 Identify today s challenges in security audit and compliance 3 Discover
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationExporting IBM i Data to Syslog
Exporting IBM i Data to Syslog A White Paper from Safestone Technologies By Nick Blattner, System Engineer www.safestone.com Contents Overview... 2 Safestone... 2 SIEM consoles... 2 Parts and Pieces...
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationAutomate PCI Compliance Monitoring, Investigation & Reporting
Automate PCI Compliance Monitoring, Investigation & Reporting Reducing Business Risk Standards and compliance are all about implementing procedures and technologies that reduce business risk and efficiently
More informationTop Three POS System Vulnerabilities Identified to Promote Data Security Awareness
CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA
More informationOvercoming PCI Compliance Challenges
Overcoming PCI Compliance Challenges Randy Rosenbaum - Security Services Exec. Alert Logic, CPISM Brian Anderson - Product Manager, Security Services, SunGard AS www.sungardas.com Goal: Understand the
More informationAPPLICATION COMPLIANCE AUDIT & ENFORCEMENT
TELERAN SOLUTION BRIEF Building Better Intelligence APPLICATION COMPLIANCE AUDIT & ENFORCEMENT For Exadata and Oracle 11g Data Warehouse Environments BUILDING BETTER INTELLIGENCE WITH BI/DW COMPLIANCE
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationGETTING MORE FOR LESS AS LOG MANAGEMENT AND SIEM CONVERGE
GETTING MORE FOR LESS AS LOG MANAGEMENT AND SIEM CONVERGE AN IANS INTERACTIVE PHONE CONFERENCE FEBRUARY 11, 2009 CHRIS PETERSON, CTO, FOUNDER, LOGRHYTHM NICK SELBY, IANS FACULTY SUMMARY OF FINDINGS Underwritten
More informationIntroduction to the Event Analysis and Retention Dilemma
Introduction to the Event Analysis and Retention Dilemma Introduction Companies today are encountering a number of business imperatives that involve storing, managing and analyzing large volumes of event
More informationHow to Develop a Log Management Strategy
Information Security Services Log Management: How to develop the right strategy for business and compliance The purpose of this whitepaper is to provide the reader with guidance on developing a strategic
More informationDetect & Investigate Threats. OVERVIEW
Detect & Investigate Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide
More informationPCI DSS Reporting WHITEPAPER
WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationMeeting PCI Data Security Standards with
WHITE PAPER Meeting PCI Data Security Standards with Juniper Networks STRM Series Security Threat Response Managers When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright
More informationTOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series
TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE ebook Series 2 Headlines have been written, fines have been issued and companies around the world have been challenged to find the resources, time and capital
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationEvent Log Monitoring and the PCI DSS
Event Log Monitoring and the PCI DSS Produced on behalf of New Net Technologies by STEVE BROADHEAD BROADBAND TESTING 2010 broadband testing and new net technologies www.nntws.com Striking a Balance Between
More informationCompliance Management, made easy
Compliance Management, made easy LOGPOINT SECURING BUSINESS ASSETS SECURING BUSINESS ASSETS LogPoint 5.1: Protecting your data, intellectual property and your company Log and Compliance Management in one
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationUsing Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4
WHITEPAPER Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 An in-depth look at Payment Card Industry Data Security Standard Requirements 10, 11,
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More information<COMPANY> PR11 - Log Review Procedure. Document Reference Date 30th September 2014 Document Status. Final Version 3.
PR11 - Log Review Procedure Document Reference PR11 - Log Review Procedure Date 30th September 2014 Document Status Final Version 3.0 Revision History 1.0 12 January 2010 - Initial release. 1.1 14 September
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationSecuring SharePoint 101. Rob Rachwald Imperva
Securing SharePoint 101 Rob Rachwald Imperva Major SharePoint Deployment Types Internal Portal Uses include SharePoint as a file repository Only accessible by internal users Company Intranet External Portal
More informationRule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)
Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose
More informationJuly 2013. Security Intelligence. Essential Decision Support for Security, Risk Management, and Compliance Operations
July 2013 Security Intelligence Essential Decision Support for Security, Risk Management, and Compliance Operations Executive Summary The digital infrastructure used today by businesses and governments
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationAchieving PCI COMPLIANCE with the 2020 Audit & Control Suite. www.lepide.com/2020-suite/
Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite 7. Restrict access to cardholder data by business need to know PCI Article (PCI DSS 3) Report Mapping How we help 7.1 Limit access to system
More informationProduct white paper. ROI and SIEM. How the RSA envision platform delivers an Industry-leading ROI
Product white paper ROI and SIEM How the RSA envision platform delivers an Industry-leading ROI This paper examines the Return on Investment (ROI) that a quality security information & event management
More informationNetwork Segmentation
Network Segmentation The clues to switch a PCI DSS compliance s nightmare into an easy path Although best security practices should be implemented in all systems of an organization, whether critical or
More informationDatabase Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions
Database Auditing & Security Brian Flasck - IBM Louise Joosse - BPSolutions Agenda Introduction Drivers for Better DB Security InfoSphere Guardium Solution Summary Netherlands Case Study The need for additional
More informationDMZ Gateways: Secret Weapons for Data Security
A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security EXECUTIVE
More informationCompliance Guide: PCI DSS
Compliance Guide: PCI DSS PCI DSS Compliance Compliance mapping using Huntsman INTRODUCTION The Payment Card Industry Data Security Standard (PCI DSS) was developed with industry support by the PCI Security
More informationBoosting enterprise security with integrated log management
IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise
More informationRSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More informationMaking Database Security an IT Security Priority
Sponsored by Oracle Making Database Security an IT Security Priority A SANS Whitepaper November 2009 Written by Tanya Baccam Security Strategy Overview Why a Database Security Strategy? Making Databases
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationDatabase Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com
Database Auditing: Best Practices Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com Verizon 2009 Data Breach Investigations Report: 285 million records were compromised
More informationAdvanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know
Whitepaper Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know Phone (0) 161 914 7798 www.distology.com info@distology.com detecting the unknown Integrity
More informationDiscover & Investigate Advanced Threats. OVERVIEW
Discover & Investigate Advanced Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics
More informationNetwrix Auditor for Active Directory
Netwrix Auditor for Active Directory Quick-Start Guide Version: 7.1 10/26/2015 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment
More informationScaling Analytics to Meet Real-Time Threats in Large Enterprises: A Deep Dive into LogRhythm s Security Analytics Platform
Sponsored by LogRhythm Scaling Analytics to Meet Real-Time Threats in Large Enterprises: A Deep Dive into LogRhythm s Security Analytics Platform September 2013 A SANS Analyst Program Review Written by
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationHow To Manage Log Management
: Leveraging the Best in Database Security, Security Event Management and Change Management to Achieve Transparency LogLogic, Inc 110 Rose Orchard Way, Ste. 200 San Jose, CA 95134 United States US Toll
More informationNitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring
NitroView Unified Security and Compliance Unmatched Speed and Scale Application Data Monitoring Database Monitoring Log Management Content Aware SIEM TM IPS Today s security challenges demand a new approach
More informationNetwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure
Netwrix Auditor Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure netwrix.com netwrix.com/social 01 Product Overview Netwrix Auditor
More informationThe Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention
Whitepaper The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention May 2007 Copyright Sentrigo Ltd. 2007, All Rights Reserved The Challenge: Securing the Database Much of the effort
More informationE-Guide Log management best practices: Six tips for success
E-Guide Log management best practices: Six tips for success The right log management tool can go a long way toward reducing the burden of managing enterprise system log data. However, the right tool can
More informationAlienVault for Regulatory Compliance
AlienVault for Regulatory Compliance Overview of Regulatory Compliance in Information Security As computers and networks have become more important in society they and the information they contain have
More informationSIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security
SIEM Optimization 101 ReliaQuest E-Book Fully Integrated and Optimized IT Security Introduction SIEM solutions are effective security measures that mitigate security breaches and increase the awareness
More informationAn Oracle White Paper June 2009. Oracle Database 11g: Cost-Effective Solutions for Security and Compliance
An Oracle White Paper June 2009 Oracle Database 11g: Cost-Effective Solutions for Security and Compliance Protecting Sensitive Information Information ranging from trade secrets to financial data to privacy
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationPCI Wireless Compliance with AirTight WIPS
A White Paper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Introduction Although [use
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationBendigo and Adelaide Bank Ltd Security Incident Response Procedure
Bendigo and Adelaide Bank Ltd Security Incident Response Procedure Table of Contents 1 Introduction...1 2 Incident Definition...2 3 Incident Classification...2 4 How to Respond to a Security Incident...4
More informationWhite Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere
Protecting Databases from Unauthorized Activities Using Imperva SecureSphere White Paper As the primary repository for the enterprise s most valuable information, the database is perhaps the most sensitive
More informationMaking Data Security The Foundation Of Your Virtualization Infrastructure
Making Data Security The Foundation Of Your Virtualization Infrastructure by Dave Shackleford hytrust.com Cloud Under Control P: P: 650.681.8100 Securing data has never been an easy task. Its challenges
More information