SlideShare a Scribd company logo

PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting

Download as PPTX, PDF
AlienVault
AlienVault

This document summarizes a presentation about using AlienVault's Unified Security Management (USM) platform to generate PCI DSS compliance reports. The presentation discusses key logging and reporting requirements of the PCI standard, and how USM can collect log data from systems using its sensors and correlate events to detect threats and anomalies. It demonstrates how pre-configured reports in USM map directly to each PCI requirement and can be automated and scheduled to produce evidence for auditors, showing compliance on an ongoing basis in just minutes.

Technology
1 of 66
@AlienVault PCI DSS Reporting Requirements for People Who Hate PCI Reporting
@AlienVault@AlienVault2 Meet today’s presenters Introductions Patrick Bedwell VP, Product Marketing AlienVault Brian Saenz SOC Supervisor Terra Verde Hoyt Kesterson Senior Security Architect & QSA Terra Verde
@AlienVault@AlienVault Key reporting requirements of the PCI DSS standard Security technologies needed to collect the required data How AlienVault USM generates these reports in minutes, not days How to use your audit reports to improve security on an on-going basis Agenda
@AlienVault@AlienVault Key reporting requirements of the PCI DSS standard
@AlienVault
@AlienVault Make an audit trail—follow the user 10.1 Establish a process for linking all access to system components (especially access done with administrative privileges such as root) to each individual user. 10.2 Implement automated audit trails for all system components to reconstruct the following events: • 10.2.2 All actions taken by any individual with root or administrative privileges • 10.2.4 Invalid logical access attempts • 10.2.5 Use of identification and authentication mechanisms • 10.2.7 Creation and deletion of system level objects
@AlienVault Make an audit trail—and protect it 10.2.3 Verify that access to all audit trails is logged. 10.2.6 Verify that initialization of audit logs is logged. 10.5.1 Verify that only individuals who have a job-related need can view audit trail files. 10.5.2 Verify that current audit trail files are protected from unauthorized modifications 10.5.5 Verify the use of file-integrity monitoring or change-detection software for logs
@AlienVault Stuff to record 10.3.1 User identification 10.3.2 Type of event 10.3.3 Date and time • Time must be synchronized across all systems—10.4 10.3.4 Success or failure indication 10.3.5 Origination of event 10.3.6 Identity or name of affected data, system component, or resource.
@AlienVault Log Records
@AlienVault Gather ye log records while ye may 10.5.3 Promptly back up audit trail files to a centralized log server or media that is difficult to alter. 10.5.4 Write logs for external-facing technologies onto a log server on the internal LAN. 10.7 Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis.
@AlienVault
@AlienVault Gaze upon your log records 10.6 Review logs for all system components at least daily. Log reviews must include those servers that perform security functions like intrusion-detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for example, RADIUS). This is tough for a human to do. It’s been compared to drinking from a fire hose. Acquire a Security Information and Event Management tool and/or service. Its purpose is to continually analyze log records across all the systems. If it detects anomalous behavior, it will send a signal to someone.
@AlienVault@AlienVault
@AlienVault Pay attention to the bat signal 12.5.2 Monitor and analyze security alerts and information, and distribute to appropriate personnel. That’s it—there’s no requirement to have a documented process to handle the alert. 12.5.3 Establish, document, and distribute security incident response and escalation procedures to ensure timely and effective handling of all situations. How does an alert become an incident?
@AlienVault Oh No! Not Another Version!
@AlienVault Version 3.0 Three year development cycle Available for compliance in 2014 Mandatory for compliance beginning 2015
@AlienVault Pay better attention to the bat signal The PCI Security Standards Council is concerned that logs are used more for forensics after an attack instead of detecting and blocking the attack. They wanted to improve the “slow detection of compromise”. Version 3 of the PCI Data Security Standard provides more guidance on log reviews. New sub-requirement 10.6.3.a requires that procedures are defined for following up on exceptions and anomalies identified during the review process. New sub-requirement 11.5.1 requires the implementation of a process to respond to any alerts generated by the change-detection mechanism Revised sub-requirements 12.5.2–3 requires that • responsibilities are assigned for monitoring and analyzing security alerts and for informing the people responding to those alerts; and that the, • responsibility for establishing, documenting, and distributing the procedures to handle those alerts are also assigned.
@AlienVault One more thing about logging AlienVault USM can only operate on the log records provided. 10.2.1 [Implement automated audit trails for all system components to reconstruct] All individual accesses to cardholder data User access to cardholder data (CHD) is typically implemented as follows: • User is authenticated • User’s request is processed by one or more intermediate applications. • These applications are well known, e.g. WebLogic, bespoke, or legacy. • Those applications send commands, typically SQL, to access the database and potentially CHD. Each of these components must generate log records that link the identity of the user to the specific CHD accessed.
@AlienVault Looking for bad stuff Look for unauthorized wireless access points • 11.1.d If automated monitoring is utilized (for example, wireless IDS/IPS, NAC, etc.), verify the configuration will generate alerts to personnel. 11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network … • 11.2.1 Perform quarterly internal vulnerability scans. • 11.2.1.c [The scan must be] performed by a qualified internal resource(s) or qualified external third party, and if applicable, organizational independence of the tester exists (not required to be a QSA or ASV).
@AlienVault What you need from a SIEM You need to be told if a critical event has been detected. You need reports to help manage the environment. You need reports to be provided as evidence to an auditor.
@AlienVault@AlienVault Security technologies needed to collect the required data
@AlienVault@AlienVault What functionality do I need for PCI DSS?
@AlienVault@AlienVault Identify systems & applications What functionality do I need for PCI DSS?
@AlienVault@AlienVault Identify systems & applications Document vulnerable assets What functionality do I need for PCI DSS?
@AlienVault@AlienVault Identify systems & applications Document vulnerable assets Find threats on your network What functionality do I need for PCI DSS?
@AlienVault@AlienVault Identify systems & applications Document vulnerable assets Find threats on your network Look for unusual behavior What functionality do I need for PCI DSS?
@AlienVault@AlienVault Correlate the data & respond Identify systems & applications Document vulnerable assets Find threats on your network Look for unusual behavior What functionality do I need for PCI DSS?
@AlienVault@AlienVault The AlienVault approach
@AlienVault@AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Host-based Software Inventory The AlienVault approach
@AlienVault@AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification The AlienVault approach
@AlienVault@AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring The AlienVault approach
@AlienVault@AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring The AlienVault approach
@AlienVault@AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring Security Intelligence • SIEM Event Correlation • Incident Response The AlienVault approach
@AlienVault@AlienVault AlienVault Server to aggregate data and manage the deployment AlienVault Sensor to collect data from the infrastructure AlienVault Logger for long term storage and reporting AlienVault All-in-One to collect, aggregate, and store data as well as manage Three components
@AlienVault@AlienVault Three components, three form factors AlienVault Server to aggregate data and manage the deployment AlienVault Sensor to collect data from the infrastructure AMIVirtual AppliancePhysical Appliance AlienVault Logger for long term storage and reporting AlienVault All-in-One to collect, aggregate, and store data as well as manage
@AlienVault@AlienVault Integrated threat intelligence 36 • Free Tools • OSSIM • USM
@AlienVault@AlienVault AlienVault Labs threat intelligence Coordinated analysis, actionable guidance  Weekly updates to coordinated rule sets:  Network IDS  Host IDS  Asset discovery / inventory database  Vulnerability database  Event correlation  Report modules and templates  Incident response templates / “how to” guidance for each alarm  Plug-ins to accommodate new data sources
@AlienVault@AlienVault Unified Security Management in action
@AlienVault@AlienVault How AlienVault USM generates these reports in minutes, not days
@AlienVault Log correlation is critical Log correlation is about constructing rules that look for sequences and patterns in log events that are not visible in the individual log sources. System logs don’t say “Help! I’m being broken into with a compromised account!” • They say “Successful Login from Authenticated User” They describe analysis patterns that would require human interpretation otherwise, tied together by Logical Operators. • “IF a new user IS created on the domain AND a new change control ticket IS NOT created in the change control database”
@AlienVault Why You Need Log Correlation It monitors incoming logs for logical sequences, patterns and values to identify events that are invisible to individual systems. Log correlation: • Performs analysis that would otherwise be done by repetitive human analysis. • Identify things happening that are unusual for your business processes. • Provide more context and certainty as to what is happening on your infrastructure by comparing events from multiple sources • Prioritize investigation and analysis work by filtering log events into meaningful alerts and reports
@AlienVault Different, Everybody is the Same Log correlation allows for the creation of alerts that represent what is important to your business processes and security risks. Done correctly, Log Correlation is the difference between reacting to:  “POSSIBLE-EXPLOIT: mssql improperly formed packet headers” Or  “User In Accounting Department seen logging into Financial Database from a workstation in Customer Support Department”
@AlienVault@AlienVault Quickly create groups of assets • E.g., in-scope devices Enables, fast, easy analysis • Run vulnerability scans against this host group • Create reports only for hosts belonging to the host group. • Review all alarms, events, other data just for that group Power of groups
@AlienVault@AlienVault How to use your reporting to demonstrate PCI DSS compliance
@AlienVault@AlienVault Reports are easily configured and customized. Key is mapping signatures to requirements. Using views to limit what you want to see then create reporting modules. Insert and group reporting modules together to build a report with the information you require. Easily automate and schedule reports. Reports
@AlienVault@AlienVault AlienVault allows you to quickly generate a report to track actions taken by AlienVault Web interface users. Provides accountability. Value extends out of PCI such as when investigating sources of activity. AlienVault User Activity Report – PCI 10.2.3
@AlienVault@AlienVault AlienVault User Activity Report – PCI 10.2.3
@AlienVault@AlienVault AlienVault User Activity Report – PCI 10.2.3
@AlienVault@AlienVault PCI requirement of 1 year of log retention. Report will show aggregate count of total logs per month for 365 days as bar graph. Allows for quick review of compliance. New configuration allows for log expiration. AlienVault Log Retention - PCI 10.7.b
@AlienVault@AlienVault AlienVault Log Retention - PCI 10.7.b
@AlienVault@AlienVault AlienVault Log Retention - PCI 10.7.b
@AlienVault@AlienVault Mapping requirements to modules is key. One module per requirement to demonstrate compliance. Can combine modules together to create one report with pertinent information. Access Control Report - PCI 10.2.X
@AlienVault@AlienVault Access Control Report - PCI 10.2.X
@AlienVault@AlienVault Access Control Report - PCI 10.2.X
@AlienVault@AlienVault Easy to follow, available in different formats. Preference of PDF versus Excel. Must have run at least one scan or imported a previous scan. Vulnerability Scanning Report 11.X
@AlienVault@AlienVault Vulnerability Scanning Report 11.X
@AlienVault@AlienVault Vulnerability Scanning Report 11.X
@AlienVault@AlienVault Vulnerability Scanning Report 11.X
@AlienVault@AlienVault View date and time, host, what was changed, and statistics such as size and hash values. Easy to set up with OSSEC. OSSEC FIM - PCI 10.5.5
@AlienVault@AlienVault OSSEC FIM - PCI 10.5.5
@AlienVault@AlienVault OSSEC FIM - PCI 10.5.5
@AlienVault@AlienVault Schedule reports and send to email. Full report will be attached. Scheduling Reports
@AlienVault@AlienVault Scheduling Reports
@AlienVault@AlienVault In summary The evidence the QSA wants What to give the QSA Logs are held for one year Report showing 12 months of log counts Modifications of, access to, and actions on, logs are restricted and reported AlienVault User Activity report of recent authentications and actions is example Recorded events—who had access to CHD, login success or failure, privileged access, creation or deletion of system objects, User account enabled or created, Windows Logon Failure and Success, Log file size reduced, User account enabled or created, FIM as examples Each record shows who did what to what, when, was successful or not Show any log record like Access Control Report to demonstrate compliance Logs reviewed daily with events reported Show example of automated alert that triggers investigation
@AlienVault@AlienVault
@AlienVault@AlienVault Now for some Q&A… Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site

Recommended

How to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMHow to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021
Wendy Knox Everette
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance Strategy
AlienVault
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
AlienVault
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Wendy Knox Everette
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safe
Jens Albrecht
 
PCI DSS and Logging: What You Need To Know by Dr. Anton Chuvakin
PCI DSS and Logging: What You Need To Know by Dr. Anton ChuvakinPCI DSS and Logging: What You Need To Know by Dr. Anton Chuvakin
PCI DSS and Logging: What You Need To Know by Dr. Anton Chuvakin
Anton Chuvakin
 

Recommended

How to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMHow to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021
Wendy Knox Everette
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance Strategy
AlienVault
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
AlienVault
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Wendy Knox Everette
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safe
Jens Albrecht
 
PCI DSS and Logging: What You Need To Know by Dr. Anton Chuvakin
PCI DSS and Logging: What You Need To Know by Dr. Anton ChuvakinPCI DSS and Logging: What You Need To Know by Dr. Anton Chuvakin
PCI DSS and Logging: What You Need To Know by Dr. Anton Chuvakin
Anton Chuvakin
 
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Aggregage
 
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantRequirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Olivia Grey
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton Chuvakin
Anton Chuvakin
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
AlienVault
 
Kofax Document Security
Kofax Document Security Kofax Document Security
Kofax Document Security
Kofax
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVault
AlienVault
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
MHumaamAl
 
Event log monitoring for the pci dss
Event log monitoring for the pci dssEvent log monitoring for the pci dss
Event log monitoring for the pci dssSarahLamusu
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
ControlCase
 
SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis
AlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCE
EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCEEASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCE
EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCEAlex Himmelberg
 
A Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsA Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security Standards
Victor Oluwajuwon Badejo
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security Controls
BSides Delhi
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
NetStandard
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for Defense
EnclaveSecurity
 
GDPR
GDPRGDPR
GDPR
Rajivarnan R
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
AlienVault
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
AlienVault
 
PCI COMPLIANCE REPORT
PCI COMPLIANCE REPORTPCI COMPLIANCE REPORT
PCI COMPLIANCE REPORT
at MicroFocus Italy ❖✔
 

More Related Content

What's hot

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Aggregage
 
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantRequirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Olivia Grey
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton Chuvakin
Anton Chuvakin
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
AlienVault
 
Kofax Document Security
Kofax Document Security Kofax Document Security
Kofax Document Security
Kofax
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVault
AlienVault
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
MHumaamAl
 
Event log monitoring for the pci dss
Event log monitoring for the pci dssEvent log monitoring for the pci dss
Event log monitoring for the pci dssSarahLamusu
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
ControlCase
 
SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis
AlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCE
EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCEEASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCE
EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCEAlex Himmelberg
 
A Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsA Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security Standards
Victor Oluwajuwon Badejo
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security Controls
BSides Delhi
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
NetStandard
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for Defense
EnclaveSecurity
 
GDPR
GDPRGDPR
GDPR
Rajivarnan R
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
AlienVault
 

What's hot (20)

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
 
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantRequirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton Chuvakin
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
 
Kofax Document Security
Kofax Document Security Kofax Document Security
Kofax Document Security
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVault
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
 
Event log monitoring for the pci dss
Event log monitoring for the pci dssEvent log monitoring for the pci dss
Event log monitoring for the pci dss
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
 
EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCE
EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCEEASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCE
EASING THE COMPLIANCE BURDEN SAGAN SOLUTION & PCI COMPLIANCE
 
A Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsA Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security Standards
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security Controls
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for Defense
 
GDPR
GDPRGDPR
GDPR
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
 

Viewers also liked

PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
AlienVault
 
PCI COMPLIANCE REPORT
PCI COMPLIANCE REPORTPCI COMPLIANCE REPORT
PCI COMPLIANCE REPORT
at MicroFocus Italy ❖✔
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certification
hodonoghue
 
SFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveSFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveMark Akins
 
Pci dss v2
Pci dss v2Pci dss v2
Pci dss v2
LeviKnight
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
InMobi Technology
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSS
Kimberly Simon MBA
 
Tackling Card not present Fraud
Tackling Card not present FraudTackling Card not present Fraud
Tackling Card not present Fraud
Stefano Maria De' Rossi
 
Electronic transactions 123
Electronic transactions 123Electronic transactions 123
Electronic transactions 123
Deva Prasad
 
GrowthStack 2016 — Rapid Response To Mobile Fraud
GrowthStack 2016 — Rapid Response To Mobile FraudGrowthStack 2016 — Rapid Response To Mobile Fraud
GrowthStack 2016 — Rapid Response To Mobile Fraud
Grow.co
 
Final Project Report-SIEM
Final Project Report-SIEMFinal Project Report-SIEM
Final Project Report-SIEMRangan Yoga
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity Monitoring
Kimberly Simon MBA
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
Jim Manico
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM Success
AlienVault
 
PCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionPCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed Introduction
ControlCase
 
7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough
CloudAccess
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2
Kimberly Simon MBA
 
Implementing ossec
Implementing ossecImplementing ossec
Implementing ossec
Jeronimo Zucco
 

Viewers also liked (18)

PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
 
PCI COMPLIANCE REPORT
PCI COMPLIANCE REPORTPCI COMPLIANCE REPORT
PCI COMPLIANCE REPORT
 
PCI DSS Certification
PCI DSS CertificationPCI DSS Certification
PCI DSS Certification
 
SFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveSFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA Perspective
 
Pci dss v2
Pci dss v2Pci dss v2
Pci dss v2
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSS
 
Tackling Card not present Fraud
Tackling Card not present FraudTackling Card not present Fraud
Tackling Card not present Fraud
 
Electronic transactions 123
Electronic transactions 123Electronic transactions 123
Electronic transactions 123
 
GrowthStack 2016 — Rapid Response To Mobile Fraud
GrowthStack 2016 — Rapid Response To Mobile FraudGrowthStack 2016 — Rapid Response To Mobile Fraud
GrowthStack 2016 — Rapid Response To Mobile Fraud
 
Final Project Report-SIEM
Final Project Report-SIEMFinal Project Report-SIEM
Final Project Report-SIEM
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity Monitoring
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM Success
 
PCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionPCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed Introduction
 
7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2
 
Implementing ossec
Implementing ossecImplementing ossec
Implementing ossec
 

Similar to PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting

ISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdfISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdf
Gurvinder Singh, CISSP, CISA, ITIL v3
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watch
Jim Porell
 
SGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securitySGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securityAndy Bochman
 
Security Framework from SANS
Security Framework from SANSSecurity Framework from SANS
Security Framework from SANS
Jeffrey Reed
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Deepak Mishra
 
CIS_Controls_v7.1_Implementation_Groups.pdf
CIS_Controls_v7.1_Implementation_Groups.pdfCIS_Controls_v7.1_Implementation_Groups.pdf
CIS_Controls_v7.1_Implementation_Groups.pdf
NesterWare
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
AlienVault
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
Ben Rothke
 
MIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxMIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptx
Couronne1
 
Supporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 ComplianceSupporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 Compliance
SolarWinds
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02technext1
 
Critical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseCritical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseRishu Mehra
 
PCI presentation
PCI presentationPCI presentation
PCI presentation
Mahmoud Salaheldin
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
AlienVault
 
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
Lisa Niles
 
2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vmazfayel
 
IRJET - IDS for Wifi Security
IRJET - IDS for Wifi SecurityIRJET - IDS for Wifi Security
IRJET - IDS for Wifi Security
IRJET Journal
 

Similar to PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting (20)

ISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdfISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdf
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watch
 
SGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securitySGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data security
 
Security Framework from SANS
Security Framework from SANSSecurity Framework from SANS
Security Framework from SANS
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overview
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
 
CIS_Controls_v7.1_Implementation_Groups.pdf
CIS_Controls_v7.1_Implementation_Groups.pdfCIS_Controls_v7.1_Implementation_Groups.pdf
CIS_Controls_v7.1_Implementation_Groups.pdf
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
 
MIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxMIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptx
 
Supporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 ComplianceSupporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 Compliance
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
File000138
File000138File000138
File000138
 
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02
 
Critical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseCritical Controls Of Cyber Defense
Critical Controls Of Cyber Defense
 
PCI presentation
PCI presentationPCI presentation
PCI presentation
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
 
2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm
 
IRJET - IDS for Wifi Security
IRJET - IDS for Wifi SecurityIRJET - IDS for Wifi Security
IRJET - IDS for Wifi Security
 

More from AlienVault

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?
AlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
AlienVault
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
AlienVault
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
AlienVault
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
AlienVault
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
AlienVault
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
AlienVault
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHIC
AlienVault
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
AlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
AlienVault
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
AlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
AlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
AlienVault
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDS
AlienVault
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
AlienVault
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligence
AlienVault
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue TeamsSecurity by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue Teams
AlienVault
 

More from AlienVault (20)

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHIC
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDS
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligence
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue TeamsSecurity by Collaboration: Rethinking Red Teams versus Blue Teams
Security by Collaboration: Rethinking Red Teams versus Blue Teams
 

Recently uploaded

Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 

Recently uploaded (20)

Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 

PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting

  • 1. @AlienVault PCI DSS Reporting Requirements for People Who Hate PCI Reporting
  • 2. @AlienVault@AlienVault2 Meet today’s presenters Introductions Patrick Bedwell VP, Product Marketing AlienVault Brian Saenz SOC Supervisor Terra Verde Hoyt Kesterson Senior Security Architect & QSA Terra Verde
  • 3. @AlienVault@AlienVault Key reporting requirements of the PCI DSS standard Security technologies needed to collect the required data How AlienVault USM generates these reports in minutes, not days How to use your audit reports to improve security on an on-going basis Agenda
  • 6. @AlienVault Make an audit trail—follow the user 10.1 Establish a process for linking all access to system components (especially access done with administrative privileges such as root) to each individual user. 10.2 Implement automated audit trails for all system components to reconstruct the following events: • 10.2.2 All actions taken by any individual with root or administrative privileges • 10.2.4 Invalid logical access attempts • 10.2.5 Use of identification and authentication mechanisms • 10.2.7 Creation and deletion of system level objects
  • 7. @AlienVault Make an audit trail—and protect it 10.2.3 Verify that access to all audit trails is logged. 10.2.6 Verify that initialization of audit logs is logged. 10.5.1 Verify that only individuals who have a job-related need can view audit trail files. 10.5.2 Verify that current audit trail files are protected from unauthorized modifications 10.5.5 Verify the use of file-integrity monitoring or change-detection software for logs
  • 8. @AlienVault Stuff to record 10.3.1 User identification 10.3.2 Type of event 10.3.3 Date and time • Time must be synchronized across all systems—10.4 10.3.4 Success or failure indication 10.3.5 Origination of event 10.3.6 Identity or name of affected data, system component, or resource.
  • 10. @AlienVault Gather ye log records while ye may 10.5.3 Promptly back up audit trail files to a centralized log server or media that is difficult to alter. 10.5.4 Write logs for external-facing technologies onto a log server on the internal LAN. 10.7 Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis.
  • 12. @AlienVault Gaze upon your log records 10.6 Review logs for all system components at least daily. Log reviews must include those servers that perform security functions like intrusion-detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for example, RADIUS). This is tough for a human to do. It’s been compared to drinking from a fire hose. Acquire a Security Information and Event Management tool and/or service. Its purpose is to continually analyze log records across all the systems. If it detects anomalous behavior, it will send a signal to someone.
  • 14. @AlienVault Pay attention to the bat signal 12.5.2 Monitor and analyze security alerts and information, and distribute to appropriate personnel. That’s it—there’s no requirement to have a documented process to handle the alert. 12.5.3 Establish, document, and distribute security incident response and escalation procedures to ensure timely and effective handling of all situations. How does an alert become an incident?
  • 16. @AlienVault Version 3.0 Three year development cycle Available for compliance in 2014 Mandatory for compliance beginning 2015
  • 17. @AlienVault Pay better attention to the bat signal The PCI Security Standards Council is concerned that logs are used more for forensics after an attack instead of detecting and blocking the attack. They wanted to improve the “slow detection of compromise”. Version 3 of the PCI Data Security Standard provides more guidance on log reviews. New sub-requirement 10.6.3.a requires that procedures are defined for following up on exceptions and anomalies identified during the review process. New sub-requirement 11.5.1 requires the implementation of a process to respond to any alerts generated by the change-detection mechanism Revised sub-requirements 12.5.2–3 requires that • responsibilities are assigned for monitoring and analyzing security alerts and for informing the people responding to those alerts; and that the, • responsibility for establishing, documenting, and distributing the procedures to handle those alerts are also assigned.
  • 18. @AlienVault One more thing about logging AlienVault USM can only operate on the log records provided. 10.2.1 [Implement automated audit trails for all system components to reconstruct] All individual accesses to cardholder data User access to cardholder data (CHD) is typically implemented as follows: • User is authenticated • User’s request is processed by one or more intermediate applications. • These applications are well known, e.g. WebLogic, bespoke, or legacy. • Those applications send commands, typically SQL, to access the database and potentially CHD. Each of these components must generate log records that link the identity of the user to the specific CHD accessed.
  • 19. @AlienVault Looking for bad stuff Look for unauthorized wireless access points • 11.1.d If automated monitoring is utilized (for example, wireless IDS/IPS, NAC, etc.), verify the configuration will generate alerts to personnel. 11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network … • 11.2.1 Perform quarterly internal vulnerability scans. • 11.2.1.c [The scan must be] performed by a qualified internal resource(s) or qualified external third party, and if applicable, organizational independence of the tester exists (not required to be a QSA or ASV).
  • 20. @AlienVault What you need from a SIEM You need to be told if a critical event has been detected. You need reports to help manage the environment. You need reports to be provided as evidence to an auditor.
  • 26. @AlienVault@AlienVault Identify systems & applications Document vulnerable assets Find threats on your network Look for unusual behavior What functionality do I need for PCI DSS?
  • 27. @AlienVault@AlienVault Correlate the data & respond Identify systems & applications Document vulnerable assets Find threats on your network Look for unusual behavior What functionality do I need for PCI DSS?
  • 29. @AlienVault@AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Host-based Software Inventory The AlienVault approach
  • 30. @AlienVault@AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification The AlienVault approach
  • 31. @AlienVault@AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring The AlienVault approach
  • 32. @AlienVault@AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring The AlienVault approach
  • 33. @AlienVault@AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring Security Intelligence • SIEM Event Correlation • Incident Response The AlienVault approach
  • 34. @AlienVault@AlienVault AlienVault Server to aggregate data and manage the deployment AlienVault Sensor to collect data from the infrastructure AlienVault Logger for long term storage and reporting AlienVault All-in-One to collect, aggregate, and store data as well as manage Three components
  • 35. @AlienVault@AlienVault Three components, three form factors AlienVault Server to aggregate data and manage the deployment AlienVault Sensor to collect data from the infrastructure AMIVirtual AppliancePhysical Appliance AlienVault Logger for long term storage and reporting AlienVault All-in-One to collect, aggregate, and store data as well as manage
  • 37. @AlienVault@AlienVault AlienVault Labs threat intelligence Coordinated analysis, actionable guidance  Weekly updates to coordinated rule sets:  Network IDS  Host IDS  Asset discovery / inventory database  Vulnerability database  Event correlation  Report modules and templates  Incident response templates / “how to” guidance for each alarm  Plug-ins to accommodate new data sources
  • 39. @AlienVault@AlienVault How AlienVault USM generates these reports in minutes, not days
  • 40. @AlienVault Log correlation is critical Log correlation is about constructing rules that look for sequences and patterns in log events that are not visible in the individual log sources. System logs don’t say “Help! I’m being broken into with a compromised account!” • They say “Successful Login from Authenticated User” They describe analysis patterns that would require human interpretation otherwise, tied together by Logical Operators. • “IF a new user IS created on the domain AND a new change control ticket IS NOT created in the change control database”
  • 41. @AlienVault Why You Need Log Correlation It monitors incoming logs for logical sequences, patterns and values to identify events that are invisible to individual systems. Log correlation: • Performs analysis that would otherwise be done by repetitive human analysis. • Identify things happening that are unusual for your business processes. • Provide more context and certainty as to what is happening on your infrastructure by comparing events from multiple sources • Prioritize investigation and analysis work by filtering log events into meaningful alerts and reports
  • 42. @AlienVault Different, Everybody is the Same Log correlation allows for the creation of alerts that represent what is important to your business processes and security risks. Done correctly, Log Correlation is the difference between reacting to:  “POSSIBLE-EXPLOIT: mssql improperly formed packet headers” Or  “User In Accounting Department seen logging into Financial Database from a workstation in Customer Support Department”
  • 43. @AlienVault@AlienVault Quickly create groups of assets • E.g., in-scope devices Enables, fast, easy analysis • Run vulnerability scans against this host group • Create reports only for hosts belonging to the host group. • Review all alarms, events, other data just for that group Power of groups
  • 44. @AlienVault@AlienVault How to use your reporting to demonstrate PCI DSS compliance
  • 45. @AlienVault@AlienVault Reports are easily configured and customized. Key is mapping signatures to requirements. Using views to limit what you want to see then create reporting modules. Insert and group reporting modules together to build a report with the information you require. Easily automate and schedule reports. Reports
  • 46. @AlienVault@AlienVault AlienVault allows you to quickly generate a report to track actions taken by AlienVault Web interface users. Provides accountability. Value extends out of PCI such as when investigating sources of activity. AlienVault User Activity Report – PCI 10.2.3
  • 49. @AlienVault@AlienVault PCI requirement of 1 year of log retention. Report will show aggregate count of total logs per month for 365 days as bar graph. Allows for quick review of compliance. New configuration allows for log expiration. AlienVault Log Retention - PCI 10.7.b
  • 52. @AlienVault@AlienVault Mapping requirements to modules is key. One module per requirement to demonstrate compliance. Can combine modules together to create one report with pertinent information. Access Control Report - PCI 10.2.X
  • 55. @AlienVault@AlienVault Easy to follow, available in different formats. Preference of PDF versus Excel. Must have run at least one scan or imported a previous scan. Vulnerability Scanning Report 11.X
  • 59. @AlienVault@AlienVault View date and time, host, what was changed, and statistics such as size and hash values. Easy to set up with OSSEC. OSSEC FIM - PCI 10.5.5
  • 62. @AlienVault@AlienVault Schedule reports and send to email. Full report will be attached. Scheduling Reports
  • 64. @AlienVault@AlienVault In summary The evidence the QSA wants What to give the QSA Logs are held for one year Report showing 12 months of log counts Modifications of, access to, and actions on, logs are restricted and reported AlienVault User Activity report of recent authentications and actions is example Recorded events—who had access to CHD, login success or failure, privileged access, creation or deletion of system objects, User account enabled or created, Windows Logon Failure and Success, Log file size reduced, User account enabled or created, FIM as examples Each record shows who did what to what, when, was successful or not Show any log record like Access Control Report to demonstrate compliance Logs reviewed daily with events reported Show example of automated alert that triggers investigation
  • 66. @AlienVault@AlienVault Now for some Q&A… Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site

Editor's Notes

  1. Need to add their photos