The Payment Card Industry (PCI) Data Security Standards (PCI DSS) standards have become the primary blueprint outlining how financial services organizations must protect payment card information. With threats continually changing, the standard is regularly updated, meaning that financial services organizations need to periodically examine their security controls. When they do, they find that the key to building a compliant systems architecture begins with a SIEM solution.
American Express, Discover Financial Services, JCB International, MasterCard, and Visa founded the Payment Card Industry Security Standards Council more than 15 years ago. These companies worked together to strengthen security policies and prevent data breaches. The group delivered the PCI DSS standards, which consist of about a dozen requirements and maintain the standards: as recently as May 2018.
A Security Information and Event Management (SIEM) solution features many of the capabilities that the standards demand. SIEM products and services combine Security Information Management (SIM) and Security Event Management (SEM) solutions to deliver real-time security protection. Here are a few examples of how a SIEM solution can promote compliance with PCI DSS specifications.
The Importance of Logging Solutions
PCI DSS requires that financial institutions regularly monitor access to network resources and cardholder data. To meet this requirement, SIEM systems include various logging mechanisms that track user activity. Security teams must first identify the different systems in their environment that store or process cardholder data, and then configure the logging processes for them. The logging processes should be enabled for all payment network systems and devices. This step allows IT security professionals to track access and other activities concerning network resources that deal with cardholder data.
Effective SIEM solutions monitor users in real time, provide alerts of anomalous activity and provide a complete audit trail of all user activities. They can focus on tracking privileged users' actions, including any critical changes they make to system configurations. These steps ensure that access and modifications made to data are authorized and that the integrity of cardholder data is maintained. The logs answer the four vital security questions:
Who accessed an object,
Which object was accessed,
When was the operation done, and
What is the new value of an object.
The solution may go one step further and include user behavior analytics (UBA) features, which profile user behavior and identify anomalies using artificial intelligence, machine learning, and statistical analysis. This step allows security teams to instantly detect suspicious login and file activities.
Maintaining File Integrity
PCI DSS also demands that companies use a change tracking tool, like a file integrity monitoring (FIM) product. These solutions alert security teams about unauthorized modifications of critical system files. With the tool, security professionals centrally track changes made to sensitive files and folders being created, accessed, viewed, deleted, modified, or renamed.
The SIEM solutions generate alerts whenever critical events occur that may jeopardize the security of the systems that store or process payment card data. The PCI DSS alerts can be enabled, and alert profiles can be customized, based on various company defined thresholds. Security teams receive these alerts either through email or text.
Not only do companies need to track changes, but they also must collect that information for reporting purposes. The SIEM reports functions can transform the collected raw log data into actionable information. For instance, audit information is presented as graphs and dashboards. Often, security teams can schedule reports to review security events on a daily basis.
A SIEM solution's log search engine allows security personnel to pick out and analyze events of interest while investigating a security incident. Search feature includes basic functionalities, such as the use of phrases and boolean operators as well as advanced capabilities, like correlating multiple events and attributes.
Taking a Few Precautions
Malicious actors often try to modify audit logs so that their activity goes unnoticed. PCI DSS demands that log data is protected and tamper-proof. A SIEM system can encrypt the archived log files to ensure their security. Further, the system can employ techniques, such as hashing and time stamping, to confirm that the archived logs are accurate.
Finally, PCI DSS requires collected log data to be stored for at least one year. The stored log data should be easily accessible when needed for events such as a forensic investigation. A log management system can be configured to retain collected log data for any desired retention period. If a forensic investigation needs to be carried out, the archived log data needs to be reloaded into a database so search operations can be performed on it.
Where to Find Assistance
PCI DSS outlines a series of specific steps that financial services companies must take to protect financial information. DataComm can help financial services companies deploy SIEM solutions that provide a solid foundation for meeting these requirements.
DataComm’s broad suite of security services includes 24/7 network monitoring, log monitoring, intrusion detection and prevention, data loss prevention, encryption, and reporting services. By using these services, financial institutions comply with PCI DSS but more importantly, they protect customers’ network from sophisticated attacks, so accurate financial data only makes its way into the right hands.
To learn more about how DataComm solutions can help your firm meet PCI DSS regulations contact us.