Alert Logic for PCI DSS Compliance
Organizations that process, store or transmit credit card data must comply with the strict regulations and requirements of the Payment Card Industry Data Security Standards (PCI DSS). Failure to comply could result in devastating consequences, such as fines of up to $500,000, expensive litigation costs and lengthy lawsuits. But what many businesses find even more crippling is the resulting brand damage and loss of consumer confidence that security breaches and compliance lapses may bring.
Because PCI DSS mandates that security operations adequately protect customer information, many organizations are now faced with the difficult prospect of embracing new policies and implementing changes to network configurations, all while ensuring that technology is in place to keep cardholder data secure.
Threat Manager, Log Manager, and Web Security Manager provide an easy, affordable solution for PCI DSS compliance and network security. Providing intrusion detection, vulnerability assessment, web application security, and log management in a Security-as-a-Service model reduces PCI DSS compliance burdens in ways that traditional security approaches can’t match.
- PCI DSS 2.0 RequirementsPenalties: Fines, loss of credit card processing and level 1 merchant requirements
- ThreatManager and ActiveWatch
- 5.1.1 - Monitor zero day attacks not covered by antivirus6.5 - Identify newly discovered security vulnerabilities11.2 - Perform network vulnerability scans quarterly by ASV (also available as standalone ScanWatch service) 11.4 - Maintain IDS/IPS to monitor and alert personnel; keep engines up to date
- LogManager and LogReview
- 10.2 - Automated audit trails10.3 - Capture audit trails10.5 - Secure Logs10.6 - Review logs at least daily10.7 - Maintain logs online for three months10.7 - Retain audit trail for at least one year
- Web Security Manager and ActiveWatch
- 6.6 - Install a web application firewall