netForensics for PCI DSS

Since the Payment Card Industry Data Security Standard (PCI DSS) was introduced, businesses have been striving to comply with a multitude of comprehensive technical, physical and administrative requirements designed to guard against online fraud, misuse of cardholder data & ID theft.

The manual information gathering, reporting and preparation processes involved in PCI DSS self-assessment and third-party audits however are significantly increasing IT staff workload.

Features of netForensics' nFX Cinxi solution fulfil more than 75 requirements of PCI DSS, saving time and money by automating and centralising elements of PCI compliance such as log management, event-correlation, alerting, remediation, and reporting. Cinxi provides over 66 packaged reports which are designed specifically for PCI DSS as well as other compliance standards. Cinxi maps to PCI DSS Requirement 10 very closely:

• R10.5 - Requires logs to be retained securely
• R10.6 - Requires daily review of audit trails and logs
• R10.7 - Requires 1 year of log retention with 3 months available "online"

R10.6 requires a daily review of audit trails and logs. Without Cinxi, even a small organisation would be overwhelmed with the number of events that this entails. Cinxi correlation automates and simplifies daily review so network teams need only to review a handful of security incidents rather than millions of events.

SIM also helps customers maintain secure firewalls (R1), secure data systems (R3), encryption tools (R4), AV systems (R5), custom applications and sites (R6) and access control systems (R7, 8 & 9).

Automatic integration, correlation and analysis of security data from multiple network sources can help network teams obtain instant views on security issues across the network environment and identify non-compliant systems, broken processes, and unresolved violations in real-time, ultimately improving the organisation’s overall security posture.