Each year, US consumers purchase more than $3 trillion in goods with their payment cards, according to US Consumer Financial Protection Bureau. As a result, financial institutions need to take steps to protect those transactions, and a SIEM (Security Information and Event Management) solution creates a strong foundation for them.More than a decade ago, the payment card industry, which consists of all the organizations processing cardholder debit and credit cards data, created the Payment Card Industry Data Security Standards (PCI DSS), which protects consumer purchasing information.
PCI DSS standards, which has been expanded through the years, was designed to increase the technical controls around cardholder data, reduce credit card fraud, and protect cardholder data wherever it is processed, stored or transmitted.
Start at the Network
So, what steps should a financial organization take to meet those requirements? PCI DSS recommends that these enterprises begin by monitoring all of their network configurations, which means tracking any changes made to their routers, switches, and firewalls. The standard even outlines how to properly create a DMZ (Demilitarized Zone), a barrier between an enterprise network and all outside connections.
Companies need to look inward as well. Potential problems come from insiders as well as outsiders, so banks must monitor their outbound traffic as well as their inbound messages.
The process begins with SIEM products. They combine Security Information Management (SIM) and Security Event Management (SEM) solutions to deliver real-time security protection.
A strong SIEM solution collects logs from all perimeter security devices. The solution monitors and ideally detects any attempts at unauthorized network connections. To help remove any false positives from system reports, these tools correlate the results of unauthorized access with their change management systems.
In addition, organizations need to track insecure protocols, services and ports opened on terminal devices. SIEM services check how traffic flows across the DMZ to/from the internal network to publicly accessible services. In that way, they catch traffic not destined for legitimate servers.
Managing User Identity
PCI-DSS also emphasizes managing users’ identities, such as the addition, modification, and deletion of user credentials. A financial services company needs to take into account the monitoring of partner, vendor, and guest accounts.
Finally, companies need to keep a close eye on all authentication events made by terminated users and monitor all activity related to their supposedly dormant accounts. In some cases, financial organizations do not purge these users’ credentials from their systems, so they sneak back in and cause significant damage.
Businesses need to take a closer look at their end point security because the standard has some exacting requirements for those devices. All unnecessary services and scripts must be disabled from all endpoints. In addition, PCI-DSS emphasizes the use of antivirus solutions on the host. Such solutions need to not only be deployed but also maintained and fully patched.
Banks must make sure that their SIEM solution collects all antivirus logs and then look for flags, such as protection being disabled in the logs. A reference list can be made which lists any insecure ports or services. Third party feeds should be integrated, which will also detect any port/protocols and services known for vulnerabilities.
PCI-DSS includes strict auditing requirements related to the handling of cardholder data. A company must monitor all root and administrative privileges, and the creation and the deletion of any system level object. More importantly, PCI-DSS looks for any interference with the systems logs.
A sound SIEM solution helps in many ways. The systems logs outline what any individual with root or admin privileges did with the system. The system enables auditing of the audit files themselves and support for checking any access related events.
These systems generate alert when system-level objects, such as database, tables or stored procedures, are created, modified, or deleted. To capture information about these events, systems often include an Enable auditing function. Administrators can search for the events related to creation and deletion of system-level objects, and then include those events in the rule. These solutions also generate alerts when audit services are stopped on a host.
Help is on the Way
Making your systems PCI DSS compliant is a significant undertaking, and a financial institution may lack the needed expertise. DataComm works with financial services companies to deploy SIEM solutions, so you secure your systems in the right way with the right tools. DataComm helps its clients prevent, detect, and proactively respond to any potential threats.
DataComm works as an extension of your organization in the way that you most feel comfortable with. The business provides ancillary support to in-house staff for some customers and manages the entire network security infrastructure for others. Its SecurSuite of services bridge the gap between security and operations, manage risk, and promote regulatory compliance without impacting network performance.