ManageEngine,
the real-time IT management company, today announced the addition of
Payment Card Industry Data Security Standard (PCI DSS) 3.0 compliance
reporting to EventLog
Analyzer, its security information and event management (SIEM)
software. The move makes EventLog Analyzer users audit-ready to meet the
payment card safeguards defined by PCI DSS 3.0 requirements 10 and 11.5.
The ManageEngine white paper on PCI DSS 3.0 is available for download at http://www.manageengine.com/eventlog/pci-dss-compliance-whitepaper.html.
PCI DSS 3.0 became active on January 1, 2014, establishing 12 security
requirements that concern the protection of payment card data.
Businesses that accept, store, process or transmit customers’ card data
must adhere to the 12 requirements by January 1, 2015. Businesses that
do not comply with PCI DSS 3.0 requirements will face penalties ranging
from heavy fines to forfeiture of their licenses to process payment card
transactions. Most importantly, the brand and reputation of a business
will suffer if a data breach affects its customers’ payment card data.
“PCI DSS 3.0 compliance has become a crucial security element,” said
Chenthil Kumaran, product manager at ManageEngine. “The recent payment
card data breaches at retail giants such as Target and Home Depot have
elevated the need for organizations from various industries to secure
their customers’ payment card data from threats.”
Fulfilling PCI DSS 3.0 Requirements 10 and 11.5 with EventLog Analyzer
PCI DSS 3.0 requirements 10 and 11.5 are considered to be the most
challenging to fulfill for securing and protecting customers’ payment
card data from threats. PCI DSS 3.0 requirement 10 pushes enterprises to
gain security intelligence to know the “who, what, where and when” of
users accessing the network resources and cardholder data, whereas PCI
DSS 3.0 requirement 11.5 focuses on the protection of critical files
from unauthorized access.
-
Out-of-the-box reporting and requirement 10 – EventLog Analyzer
easily fulfills the PCI DSS 3.0 requirement 10 with the addition of
out-of-the-box reporting, which enables analysis of the complete user
audit trail to identify who is logging into their systems, when they
logged into the systems and what activities they carried out on the
systems.
-
File integrity monitoring and requirement 11.5 – EventLog
Analyzer’s new file integrity monitoring (FIM) reporting feature
fulfills PCI DSS 3.0 requirement 11.5. Now, businesses can track all
changes happening to their files in real time such as when payment
card data files are accessed, modified, deleted, renamed and created.
The file integrity monitoring capability is also intelligent and can
reveal the name of the person who made changes to the files.
The out-of-the-box PCI DSS 3.0 security report provided by EventLog
Analyzer lists down the PCI DSS 3.0 sections in a systematic manner with
the relevant sub-reports supporting those sections. This PCI DSS 3.0
compliance reporting tool also helps IT security managers effectively
conduct log forensics investigations, generate security reports, monitor
user activities, monitor servers, correlate events, receive alerts
during anomalous activities and much more.
Pricing and Availability
EventLog Analyzer prices start at $795, and a fully functional, 30-day
trial version is available for download at http://www.manageengine.com/products/eventlog/download.html.