PCI-DSS, or The Payment Card Industry Data Security Standard, is an international standard ensuring the protection of cardholder’s data against potential misuse or theft.
For organizations handling payment card transactions, complying with the Payment Card Industry–Data Security Standard (PCI DSS) is essential to stay in business. To stay compliant, PCI-DSS requires its subjects to:
Track and monitor all access to network resources and cardholder data
Secure audit trails so they cannot be altered.
Regularly test security systems and processes.
Deploy file integrity monitoring tools to alert personnel to unauthorized modification of critical system files, configuration files or content files.
Configure the software to perform critical file comparisons at least weekly.
Meeting these expectations can difficult, time-consuming and expensive, but it does not have to be this way for LogPoint users.
LogPoint SIEM’s native log-retention makes it possible for alert and event information to be stored for later forensic analysis of incidents or suspicious activity. This way, meeting compliance objectives for change audit and log retention, such as the PCI DSS is made significantly easier.
User activity monitoring
User Activity Monitoring has long been the cornerstone of any efficient defence strategy. By design, LogPoint provides analysts with an intuitive and powerful tool to identify malicious activities, create alerts, dashboards and reports, so they can get an overview and counteract immediately.
Primarily for data privacy and regulations, user activity monitoring focuses on activities associated with file access. LogPoint can monitor this using native object access audit records. Additionally, LogPoint’s FIM application monitors any access attempts to privileged file share systems and provides information on the type of access and the actions performed in the file. Additionally, the original and the altered checksums can also be compared to better understand access behavior.
Example: Object access attempts
Log sources: Windows Server
label=Object label=Access | chart count() by user, access, object order by count() desc
Identifying threat indicators associated with an executed malware payload
LogPoint’s FIM is an effective tool to monitor the creation of new files or change in file’s extension indicating malware payload execution. The hash value given by the Integrity Monitor can be compared to the Virus total database, identifying the associated threat.
Log sources: FIM, Virus Total
LogPoint by design enables you to detect any suspicious and/or unauthorized network behavior such as connection attempts on closed ports, blocked internal connections, connections made to known-bad destinations, requests initiated from untrusted zones, suspicious system access and many more.
Example: Denied connections from the internet
label=Connection label=Deny | process compare_network(source_address, destination_address) | search source_address_public=true | chart count() by source_address order by count() desc limit 10