Alert Logic for PCI DSS Compliance
Organizations that process, store or transmit credit card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). With large data breaches affecting retailers in 2013 and the PCI DSS 3.0 January 1, 2015 deadline approaching; PCI DSS is an important topic for retailers in 2014.
PCI DSS requirements 6, 10 and 11 can be some of the most costly and resource intensive, requiring log management, vulnerability assessment, intrusion detection and a web application firewall. Alert Logic delivers solutions to meet these and other PCI DSS requirements, as the security industry’s only provider of on-demand log management, threat management, and web application security solutions.
- PCI DSS 3.0 RequirementsPenalties: Fines, loss of credit card processing and level 1 merchant requirements
- Threat Manager and ActiveWatch
- 5.1.1 – Monitor zero day attacks not covered by antivirus6.1 – Identify newly discovered security vulnerabilities11.2 – Perform network vulnerability scans by ASV at least quarterly or after any significant network change (Includes 11.2.1, 11.2.2 and 11.2.3)11.4 – Use intrusion-detection and/or intrusion-prevention techniques to detect and/or prevent intrusions into the network
- Log Manager and LogReview
- 10.2 – Automated audit trails10.3 – Capture audit trails10.5 – Secure Logs10.6 – Review logs at least daily10.7 – Maintain logs online for three months10.7 – Retain audit trail for at least one year
- Web Security Manager and ActiveWatch
- 6.5 – Have processes in place to protect applications from common vulnerabilities such as injection flaws, buffer overflows and others6.6 – Address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks