Alert Logic for PCI DSS Compliance

Organizations that process, store or transmit credit card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). With large data breaches affecting retailers in 2013 and the PCI DSS 3.0 January 1, 2015 deadline approaching; PCI DSS is an important topic for retailers in 2014.

PCI DSS requirements 6, 10 and 11 can be some of the most costly and resource intensive, requiring log management, vulnerability assessment, intrusion detection and a web application firewall. Alert Logic delivers solutions to meet these and other PCI DSS requirements, as the security industry’s only provider of on-demand log management, threat management, and web application security solutions.

  • PCI DSS 3.0 Requirements
    Penalties: Fines, loss of credit card processing and level 1 merchant requirements
  • Threat Manager and ActiveWatch
  • 5.1.1 - Monitor zero day attacks not covered by antivirus

    6.1 - Identify newly discovered security vulnerabilities

    11.2 - Perform network vulnerability scans by ASV at least quarterly or after any significant network change (Includes 11.2.1, 11.2.2 and 11.2.3)

    11.4 - Use intrusion-detection and/or intrusion-prevention techniques to detect and/or prevent intrusions into the network
  • Log Manager and LogReview
  • 10.2 - Automated audit trails

    10.3 - Capture audit trails

    10.5 - Secure Logs

    10.6 - Review logs at least daily

    10.7 - Maintain logs online for three months

    10.7 - Retain audit trail for at least one year
  • Web Security Manager and ActiveWatch
  • 6.5 - Have processes in place to protect applications from common vulnerabilities such as injection flaws, buffer overflows and others

    6.6 - Address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks

© 2010-2013