Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
A few weeks ago we proudly announced the release of the Splunk App for PCI Compliance 3.0, which I will call in this post “the App”. The App, developed and supported by Splunk, helps organizations comply with PCI DSS, a global data security standard developed by a consortium of leading payment card companies to protect debit, credit and pre-paid card holder information.
We have many happy customers using this App and also many customers interested in evaluating it. This blog post addresses some of the most commonly asked questions around the App.
For the App to work, first you need to index in Splunk Enterprise the machine data/events relevant to your cardholder environment and the PCI DSS requirements that have to do with technical controls. This includes data sources such as anti-virus software, firewalls, authentication systems, vulnerability scan tools, and data loss prevention software. Secondly, you need to enable the App to perform lookups against external content such as asset, identity, and network segment information so the App can understand which specific assets, employees and network segments captured in your machine data are in-scope for PCI.
The App contains many pre-built, real-time correlation searches that then run against this underlying machine data/events from your cardholder environment to identify areas of PCI non-compliance for ten of the twelve requirements of PCI DSS that are technical and can be tracked in machine data.
Specific examples of PCI non-compliance that the App can detect include default credentials being used on systems in the PCI environment, credit card numbers moving unencrypted across the network, network connections going directly from the cardholder environment to an untrusted network segment, or outdated anti-virus software running on critical systems.
When the searches in the App identify PCI non-compliance, the App generates a “Notable Event” which in turn is mapped back to a specific PCI requirement and appears on a main PCI Compliance Posture page which shows overall compliance across all ten requirements and is shown below.
These Notable Events can then be investigated and remediated via an Incident Review page in the App. Lastly, the App contains many pre-built scorecards and reports for the 10 requirements so you can drill into areas of non-compliance or see the compliance history for each requirement.
Want more detail on what data sources the App needs so its scorecards and reports will populate and so all the correlation searches are looking at relevant data? Then see this page here in the documentation for detail and then click on the reports on the page.
Check out the following demo video for more information…
Key benefits include the ability for users to:
Plus, with the App monitoring your PCI compliance on a real-time, continuous basis, this means end-of-quarter or audit-time fire drills can be a thing of the past!
This App was built and tested by Splunk. It also is officially supported by Splunk and has a full set of documentation. Accordingly, it has a price and is not free. Please contact sales here to inquire about pricing or an evaluation. Once given access to the App, you can download it directly from Splunkbase.
So with that, hopefully you now have a better understanding of how the App works, the value it delivers, and will contact Splunk to learn more.
Happy Splunking!
Joe Goldberg
Sr. Product Marketing Manager, Security and Compliance
Splunk Inc.
----------------------------------------------------
Thanks!
Joe Goldberg
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.