PCI-DSS compliance

PCI-DSS, or The Payment Card Industry Data Security Standard, is an international standard ensuring the protection of cardholder’s data against potential misuse or theft.

For organizations handling payment card transactions, complying with the Payment Card Industry–Data Security Standard (PCI DSS) is essential to stay in business. To stay compliant, PCI-DSS requires its subjects to:

  • Track and monitor all access to network resources and cardholder data.
  • Secure audit trails so they cannot be altered.
  • Regularly test security systems and processes.
  • Deploy file integrity monitoring tools to alert personnel to unauthorized modification of critical system files, configuration files or content files.
  • Configure the software to perform critical file comparisons at least weekly.

Meeting these expectations can difficult, time-consuming and expensive, but it does not have to be this way for LogPoint users.

Audit support

LogPoint SIEM’s native log-retention makes it possible for alert and event information to be stored for later forensic analysis of incidents or suspicious activity. This way, meeting compliance objectives for change audit and log retention, such as the PCI DSS is made significantly easier.

User activity monitoring

User Activity Monitoring has long been the cornerstone of any efficient defence strategy. By design, LogPoint provides analysts with an intuitive and powerful tool to identify malicious activities, create alerts, dashboards and reports, so they can get an overview and counteract immediately.

Primarily for data privacy and regulations, user activity monitoring focuses on activities associated with file access. LogPoint can monitor this using native object access audit records. Additionally, LogPoint’s FIM application monitors any access attempts to privileged file share systems and provides information on the type of access and the actions performed in the file. Additionally, the original and the altered checksums can also be compared to better understand access behavior.

Example

Object access attempts

LogPoint SIEM use cases: Object access attempts

Log sources: Windows Server

Query

label=Object label=Access | chart count() by user, access, object order by count() desc

Identifying threat indicators associated with an executed malware payload

LogPoint’s FIM is an effective tool to monitor the creation of new files or change in file’s extension indicating malware payload execution. The hash value given by the Integrity Monitor can be compared to the Virus total database, identifying the associated threat.

LogPoint SIEM use cases: Executed malware payload
LogPoint SIEM use cases: Executed malware payload

Log sources: FIM, Virus Total

Monitoring unauthorized and suspicious network connections

LogPoint by design enables you to detect any suspicious and/or unauthorized network behavior such as connection attempts on closed ports, blocked internal connections, connections made to known-bad destinations, requests initiated from untrusted zones, suspicious system access and many more.

Example

Denied connections from the internet

LogPoint SIEM use cases: Denied connections from the internet

Log sources: Firewall

Query

label=Connection label=Deny | process compare_network(source_address, destination_address) | search source_address_public=true | chart count() by source_address order by count() desc limit 10