PCI Compliance

Log Data Suspect, Poor Visibility into System Access

Collecting and retaining audit trails for at least a year is among the most daunting requirements for PCI compliance. It's difficult to access, analyze and manage all the data. Legacy solutions demand constant maintenance and are open to question by auditors. Implementing adequate integrity controls is a significant technical challenge.

PCI Compliance Without Disrupting Ongoing Operations

With Splunk you can securely collect all PCI-relevant data and then search, alert and report on it to address the complete range of PCI related issues and requirements. Generate reports in seconds to prove compliance with any PCI control, from password policy to firewall configuration. Comply with PCI’s explicit IT data control requirements including log collection, review and retention requirements across all of your infrastructure as well as file integrity monitoring.

Benefits

• Rapid compliance with PCI requirements for audit trail collection, retention and review
• Meet requirements for file integrity monitoring
• Prove compliance with all PCI controls
• Answer any auditor data request in seconds
• Increase availability by overcoming PCI-mandated access restrictions
• Control access to sensitive data

Use Splunk for:

Secure Central Log Collection (Requirement 10.5)
Splunk provides the most comprehensive solution for PCI's explicit requirement for secure log collection.

Daily Log Review (Requirement 10.6)
Makes the chore of daily log review easy with fast search, visualization and tagging and track your daily review history for your auditors.

Secure Remote Access (Requirement 7.1)
Splunk eliminates the hidden toll PCI takes on availability by providing secure, remote access to all IT data despite strict production controls.

Audit Trail Retention (Requirement 10.7)
Keep the cost and hassle of retaining logs for PCI under control. Splunk stores your data in an efficient, compressed format and lets you control data retention by age.

File Integrity Monitoring (Requirements 10.2.2, 11.5, 10.5.5)
You don't need to buy one tool for configuration auditing and another for log management. Capture and index changed files for audit trails and administrative actions.

PCI Control Reporting (All requirements)
Splunk not only gives you compliance with key PCI requirements, but it lets you demonstrate compliance quickly and easily across all PCI-mandated controls.

Splunk PCI Compliance Suite

Splunk PCI Compliance Suite covers all the relevant PCI DSS requirements including live controls monitoring, process workflow, checklists and reporting. Co-developed with our partner Glasshouse Technologies, a global provider of data center infrastructure consulting services, the Splunk PCI Compliance Suite provides a broader and deeper view of your compliance posture across all in-scope data sources including complex application logs and configurations. Collect and retain all your log and configuration data even if your PCI domains are generating terabytes every day. Efficient workflows for audit-trail review and built in change monitoring eliminate the need for additional technologies and point product purchases to pass your PCI DSS audit. Eliminate unnecessary developer and IT access to production systems keeping PCI DSS exceptions to a minimum. PCI uses the Splunk Common Information Model (SCIM) to integrate with other Splunk Solution Suites and external systems. And it is backed by Splunk Professional Services delivery. Contact us and we'll show you how Splunk PCI Compliance Suite can help you meet your compliance goals.