PCI Compliance Log Retention

AlienVault USM™ provides simplified log management and essential security controls for compliance with PCI DSS log retention and management.

Requirement 10 of PCI DSS compliance tests security professionals’ ability to properly manage their log data. This requirement states that organizations must “track and monitor all access to network resources and cardholder data.”

In order to meet this requirement, security professionals must manage a massive volume of logs that their security tools generate every day. This is one of the most challenging aspects of PCI DSS compliance.

Virtually every system and application running in your network generates logs, so the problem IT teams with limited resources face is not PCI DSS log retention. The problem is determining which logs to retain and how to manage them for compliance with PCI DSS requirement 10.

AlienVault Unified Security Management™(USM™) provides you with the essential PCI DSS log retention and management capabilities you need for compliance and improved overall security.

Simplify PCI DSS Log Retention and Analysis

  • Log retention, management, and analysis—all in one platform
  • Analyze logs automatically to detect malicious behavior directed at in-scope devices
  • Integrate data from legacy security tools

Automate Log Aggregation & Protection

  • Automatically aggregate and correlate access data
  • Digital signatures and File Integrity Monitoring (FIM) ensure integrity of raw log data for forensic analysis
  • Integrated storage enables on-premise (hardware or virtual appliance) or in the cloud

Easily Review Logs from In-Scope Systems and Files

  • Automated monitoring eliminates the need for manual log reviews
  • Alerts to modifications of key system configurations
  • File Integrity Monitoring (FIM) watches sensitive data on in-scope systems and who accesses those systems

Simplify PCI DSS Log Retention and Analysis

The AlienVault USM™ platform automatically collects and retains the logs from its built-in data sources, eliminating the need for your IT team to collect, manage, and analyze separate logs from stand-alone data sources.

USM™ ’s five essential security capabilities monitor and analyze your in-scope devices, simplifying your path to meeting PCI log retention requirements. It automatically correlates and analyzes the logs from these different data sources, accelerating your ability to detect malicious behavior on your network directed at in-scope devices.

You can also quickly add log files from existing security tools to supplement the data collected by the USM platform’s built-in data sources and preserve the investment in those tools. Additionally, AlienVault USM includes an extensive Plugin library to incorporate log data from third party sources.

Automate Log Aggregation & Protection

One of the biggest challenges that organizations of all sizes face in meeting their PCI log retention policy is the aggregation and correlation of access data for in-scope devices. The built-in SIEM (Security Information and Event Management) capability of AlienVault USM accelerates and simplifies that process by automatically correlating log data, and applying more than 2,000 correlation rules to the data to identify threats targeting your in-scope systems.

The AlienVault USM™ platform also protects raw log data by digitally signing each raw log message for secure storage in the AlienVault Logger. AlienVault USM also uses File Integrity Monitoring (FIM) to ensure the integrity of the raw log data for later forensic analysis and law enforcement purposes.

The AlienVault Logger, the secure data archive component of the USM platform, gives you the flexibility to forensically store all of the logs in either on-premise appliance (hardware or virtual) or in the cloud.

Easily Review Logs from In-Scope Systems and Files

The AlienVault USM™ platform automates the tedious job of daily log monitoring usually required to meet PCI DSS log retention guidelines. This eliminates the need for you to conduct manual log reviews of your in-scope network, and enables you to respond to the threats facing your network.

The built-in Host IDS capability in the AlienVault USM platform detects and alerts you to any modifications of key system configurations, giving you granular insight into the health of critical in-scope systems. At the same time, AlienVault USM’s built-in FIM technology keeps watch on your sensitive files located on in-scope systems.

Together, these integrated security capabilities put time back in your day and remove much of the pain associated with complying with the PCI DSS log retention and management guidelines.