Leveraging Centralized Log Management in a PCI DSS Environment
Enterprise environments generate vast amounts of log data on their own before even being required to meet PCI DSS section 10 logging requirements. When taking into account the volume of logs from the large variety of sources across a network it is important to find an effective and efficient manner to address this data. IT departments could easily dedicate one full time employee to this task alone when logs are decentralized across the organization and need to be reviewed, at times, on a daily basis. Admins also face the daunting task of having a working knowledge of the vast array of system interfaces used to access and review this data where it is stored by default. Obviously this configuration is highly inefficient as well as impractical. The only logical solution to meet the PCI DSS required logging volume as well as the review requirements is a centralized log management system. PathMaker Group offers such a solution, built on a SaaS platform, that can provide the necessary functionality, usability, and reporting that PCI DSS requires.
The Log Manager platform allows for agentless collection of data across the enterprise through the use of a single network appliance. This platform can collect, store, correlate, alert, generate reports and allow administrators to search logs for systems, servers, software, and appliances. All of the acquired logs are centralized into a single easy to use dashboard and portal where administrators can perform the necessary oversight of incoming data. This interface is user configurable allowing the dashboard to fit the needs of the employee accessing it. Log Manager can be configured to send alerts for all of the different data points it collects. The solution arrives preconfigured to work with certain network devices which can be quickly activated. For example you want to know when someone is attempting to access a checkpoint firewall by using a bruteforce password attack. Log Manager can send the responsible administrator an email alert as soon as it sees this attack underway.
Organizations subject to PCI requirements may be called upon to produce audit logs for your anti-virus solution as required by section 5.2.d. Under the Log Manager solution it is possible to simply log into the management console of the system and quickly drill down to produce evidence that these logs are currently being generated. If the next log requested is generated by a completely different system on the network, simply start a new search to produce the log entry without the need to hop system consoles. It is just that simple.
If your current staffing model does not support the ability to actively review the logs outlined in section 10 of the PCI DSS on a daily basis; it is possible to offload this task to the ActiveWatch and LogReview service teams. Staffed by credentialed experts, you can assure any unforeseen events will be promptly discovered and alerted to your staff for remediation activities.
This solution should be seriously considered in a PCI DSS or any other regulated environment. So pick up the phone and give PathMaker Group a call to find out more!
PathMaker Group is also available for all of your PCI DSS service needs. We provide the necessary guidance to bring your environment to compliance or perform your next PCI DSS audit. We also offer a variety of other security services and solutions from penetration testing to identity management solutions.
Thank you,
Ryker Exum
Security Consultant, Security Services
Sure, please feel free. We would appreciate your reply back with a link to your post!