Wednesday 12 January 2011

PCI DSS Requirement 10: Track and monitor all access to network resources and cardholder data

Here's a new video overview explaining the background to the PCI DSS 2.0 requirements for event log centralization and secure storage. The video also shows how to implement a solution that will make it easy to gather all audit logs from Windows, Unix, Linux, firewalls, routers, switches - even mainframes.

But that's the easy part! The main problem is that the PCI DSS 2.0 (Section 10.6) mandates the requirement for YOU to "Review logs for all system components at least daily". Seriously? Review all my Event Logs - 'At least Daily'?!

This is why you need some Security Information and Event Management technology - automatic analysis of event logs and intelligence to bring your attention to the genuinely serious or unusual events. This approach has a double-impact. First of all, the obvious benefit is that you can still continue your current day-job and meet the requirements of the PCI DSS! Secondly, it means that the events that are determined as 'significant' can realistically be investigated PROPERLY.

Implemented and used correctly, SIEM technology like NNT's Log Tracker, ensures you not only meet your PCI DSS obligations to the letter, but in the spirit of the standard too. You will get intimate with how your network really behaves on a daily basis, which in turn means you will spot a real security threat if you are ever breached.

The PCI Event Log video is here (it is the second video clip on the lower half of the page, although it is worth watching our 6 Steps to PCI Compliance video too if you have time) - contact me if you want a live overview or trial and we can fix it up!