Evaluate your SIEM
Get the guideComplete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.
December 22, 2014
Welcome to the demo of the Sumo Logic Application for PCI Compliance.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store, or transmit credit card information maintain a secure environment.
PCI is an essential part of any organization’s IT strategy that handles credit card information.
PCI = Costly + Complex Compliance
However, meeting PCI requirements can be costly and complex.
Any organization that handles payment cards, including debit and credit cards has to comply. Must meet 12 stringent requirements with ~200 control requirements. Merchants pay an average of $225,000 per year for audits. 2% of businesses outright fail compliance audits. Compliance challenges proliferate with hybrid infrastructures.
Sumo Logic App for PCI simplifies monitoring of the requirements while reducing the complexity associated with generating reports and satisfying order to specific requirements.
Demonstrate compliance with Sumo Logic:
The PCI app is an extension of our security analytics capabilities, including machine data intelligence, pattern recognition, and unique anomaly detection capabilities that enable you to find things you didn’t even know to look for.
Sumo Logic Meets Key PCI Requirements:
By monitoring all of your relevant machine data, this app helps you identify potential compliance issues in real time and on a scheduled basis, and it enables you to take action to identify root cause and resolve issues quickly.
Let’s take a brief look at the application, which is included in the Enterprise Edition of the Sumo Logic service. When I log into my application, I see a pre-built summary dashboard of my position against all PCI requirements. I see my current state, an ordered list by requirement, and a histogram of incidents by day. I can see that I have a number of incidents I need to look at. My focus is on understanding root cause behind these issues. Sumo Logic has crunched through hundreds of millions of log lines to identify these potential issues and it helps me prioritize and focus on what’s most relevant.
Let’s drill down one level to understand what’s behind this number. This is another pre-built dashboard where I can easily see each of the requirements and the number of incidents associated with them. The first thing I notice is the high number of potential issues against requirement 3, protecting stalled cardholder data. Let’s look at that first. We apply the luhn algorithm to the incoming data so we’re only looking at log entries that contain potential credit card numbers. This dashboard shows me the different classifications of incidents, in this case all related to data leaks, but it could show other classifications such as encryption key protection. Now, despite the high incident number, typically this issue comes from only a small number of root causes. It could be one system generating logs, a number of logs, with credit card entries in it. Across the dashboard, I can review the full list of incidents as well as analyze over time by source host, funnel name, and collector of source. And finally I can compare today’s data against the history to assess if this is unusual.
Let’s use Sumo Logic to quickly get to the root cause of these issues. I can immediately see from the list of incidents that some of them are nothing to worry about. Despite passing the luhn test, they are not credit card details. I’ll need to filter those out of the underlying search query, so that in the future, they do not appear. When I look at the incidents over time, I can see that most incidents are coming from a single collector. Let’s drill into this. Now I can see the same chart with the underlying log messages and I can begin some analysis. Switching to the actual log messages, I want to filter on just the appending collector source. In Sumo Logic, this is simple: I can simply click on the category, rerun the query, and now I’m filtered on just that collector. Looking at the results now, I can see that there is something that looks like customer cardholder data being captured in the logs. This could be development data, it could be completely innocent, but I need to be sure. I am going to take a copy and I’m going to attach is to our ticketing system and send it to the team that handles this application. Leveraging the ServiceNow integration with Sumo Logic, this step could be set up automatically, so it would raise a ServiceNow incident ticket.
That took me no time at all. Sumo Logic customers have dramatically reduced mean time to investigate on their issues, and I’ve just tackled the majority of the incidents in minutes. I know that with Sumo Logic, I will get to root cause on others equally quickly.
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.
Start free trial