By: Owen Dubiel
July 7, 2021
Best SIEM For Security And Requirements For PCI Compliance
By: Owen Dubiel
July 7, 2021
It can be troublesome to satisfy security and compliance, especially if Payment Card Industry Data Security Standard (PCI DSS) is a compliance framework that must be met. One of the more unique requirements for PCI compliance includes having a logging solution to carry out a slew of controls. These controls must be tested annually to achieve PCI certification. Some of these tests may show that specific log retention is in place or certain alerting is set for particular data sources. The process of setting up and then gathering this evidence can be time-consuming for a security team. Sumo Logic, as an example, is Security Information and Event Management (SIEM) provider with an all-in-one package for PCI compliance. This article reviews some of the built-in benefits that Sumo Logic offers to its customers that need to achieve PCI DSS.
Sumo Logic provides a handful of free-to-use dashboards for streamlining PCI evidence gathering. These dashboards are tailored around both windows and Linux operating systems and are properly pre-labeled according to each PCI requirement number. These labels allow quick evidence gathering and even enable auditors to have direct access to dashboards for viewing. The only primary requirement for tuning and configuring the dashboard is to ensure both Linux Syslog and Microsoft Windows events are ingested using the preferred Sumo collector.
PCI DSS Suite of Apps
Sumo Logic can take care of PCI logging setup and management with a unique suite of apps for a more hands-off approach. The PCI suite add-on is a fully managed solution for enterprises concerned with Sumo's compliance rather than direct security. The app is broken into three categories for easy evidence gathering. The categories are as follows:
- Dashboards by requirement number
- Incident Searches by requirement number
- Reports categorized by activity type
The PCI app also includes a handful of supporting documents around the schemas used for each set of dashboards; this way, they could be tweaked to accommodate end-user requirements, if needed.
Easy on the eyes
For any other audit deliverables that need to be gathered manually, the Sumo Logic Cloud SIEM Enterprise (CSE) console is the place to do it. The entire platform is aesthetic and provides a clean, concise view of data. Suppose live sessions are ever needed to give evidence to PCI auditors. In that case, the CSE search function provides a quick way to search on a hostname or IP address and categorizes all related activity by the record source type (activity, network, audit, etc.). It is also possible to search on specific rules as well that are generated within the solution. For example, suppose the auditor wants a screenshot showing all the File Integrity Monitoring (FIM) rules triggered in the past month. In that case, CSE provides a quick and effective way to display these rules in a timeline ladder style.
PCI compliance is nothing to take lightly. Sumo Logic takes great pride in providing several different ways for its customers to collect and display any evidence required. The above-described solutions are tailored for customers in various Sumo subscription plans (Core Management or CSE) to provide an opportunity for all to benefit from its PCI monitoring capabilities. Usually, when an in-person audit is in session, managers have limited time (about a week) to gather and provide the evidence needed. In some situations, the auditors will ask for a live demonstration of a logging solution and ask for on-demand proof to be gathered. Having a solution like Sumo Logic makes this process as stress-free as possible. For more information on PCI compliance or Sumo Logic, head over to Cybrary to check out what is offered in the courses section.