PCI Compliance

Log Data Suspect, Poor Visibility into System Access

Collecting and retaining audit trails for at least a year is among the most daunting requirements for PCI compliance. It's difficult to access, analyze and manage all the data. Legacy solutions demand constant maintenance and are open to question by auditors. Implementing adequate integrity controls is a significant technical challenge.

PCI Compliance Without Disrupting Ongoing Operations

With Splunk you can securely collect all PCI-relevant data and then search, alert and report on it to address the complete range of PCI related issues and requirements. Generate reports in seconds to prove compliance with any PCI control, from password policy to firewall configuration. Comply with PCI’s explicit IT data control requirements including log collection, review and retention requirements across all of your infrastructure as well as file integrity monitoring.

Benefits

• Rapid compliance with PCI requirements for audit trail collection, retention and review
• Meet requirements for file integrity monitoring
• Prove compliance with all PCI controls
• Answer any auditor data request in seconds
• Increase availability by overcoming PCI-mandated access restrictions
• Control access to sensitive data

Use Splunk for:

Secure Central Log Collection (Requirement 10.5)
Splunk provides the most comprehensive solution for PCI's explicit requirement for secure log collection.

Daily Log Review (Requirement 10.6)
Makes the chore of daily log review easy with fast search, visualization and tagging and track your daily review history for your auditors.

Secure Remote Access (Requirement 7.1)
Splunk eliminates the hidden toll PCI takes on availability by providing secure, remote access to all IT data despite strict production controls.

Audit Trail Retention (Requirement 10.7)
Keep the cost and hassle of retaining logs for PCI under control. Splunk stores your data in an efficient, compressed format and lets you control data retention by age.

File Integrity Monitoring (Requirements 10.2.2, 11.5, 10.5.5)
You don't need to buy one tool for configuration auditing and another for log management. Capture and index changed files for audit trails and administrative actions.

PCI Control Reporting (All requirements)
Splunk not only gives you compliance with key PCI requirements, but it lets you demonstrate compliance quickly and easily across all PCI-mandated controls.