The old way: Complex, deficient PCI log management.

Collecting and retaining audit trails for at least a year is among the most daunting requirements for PCI compliance. It's difficult to access, analyze and manage all the data. Legacy solutions demand constant maintenance and are open to question by auditors. Implementing adequate integrity controls is a significant technical challenge.

The new way: Comply without disrupting operations.

With Splunk you can Search, alert and report on any type of IT data to address the complete range of PCI related IT data issues and requirements. Generate reports in seconds to prove compliance with any PCI control, from password policy to firewall configuration. Comply with PCI’s explicit IT data control requirements including log collection, review and retention requirements across all of your infrastructure as well as file integrity monitoring.

Benefits

• Rapid compliance with PCI requirements for audit trail collection, retention and review
• Meet requirements for file integrity monitoring
• Prove compliance with all PCI controls
• Answer any auditor data request in seconds
• Increase availability by overcoming PCI-mandated access restrictionsv
• Control access to sensitive data

Use Splunk for:

Secure central log collection (Requirement 10.5)
Splunk provides the most comprehensive solution for PCI's explicit requirement for secure log collection.

Daily log review (Requirement 10.6)
Makes the chore of daily log review easy with fast search, visualization and tagging and track your daily review history for your auditors.

Secure remote access (Requirement 7.1)
Splunk eliminates the hidden toll PCI takes on availability by providing secure, remote access to all IT data despite strict production controls.

Audit trail retention (Requirement 10.7)
Keep the cost and hassle of retaining logs for PCI under control. Splunk stores your data in an efficient, compressed format and lets you control data retention by age.

File integrity monitoring (Requirements 10.2.2, 11.5, 10.5.5)
You don't need to buy one tool for configuration auditing and another for log management. Capture and index changed files for audit trails and administrative actions.

PCI control reporting (All requirements)
Splunk not only gives you compliance with key PCI requirements, but it lets you demonstrate compliance quickly and easily across all PCI-mandated controls.