EQALIS Splunk for PCI

Let splunk help you pass your PCI DSS audit and stay compliant.

EQALIS Splunk for PCI app takes the PCI requirement for "centralised collection of logs" and expands on it to give you a suite of useful tools to help you measure, trend and remediate any risks associated with PCI.  

Operations Manager, Large Retail Franchise:
“Splunk for PCI has proved more than just 'a tick in the box.' It has shown us where we were at risk and allowed us to plug holes before anyone could take advantage.”

Splunk Information Assurance
EQALIS Splunk for PCI is installed with the tenets of Information assurance in mind. These include:

 
    •    Confidentiality - No unauthorised access to your data.
    •    Integrity – Data will not be modified or destroyed without proper authority.
    •    Availability – Access to data and data services will be timely and reliable.
    •    Authentication – Validity checks performed against every access to verify authorisation.
    •    Non-repudiation – Audit trail is kept to prove that any questioned access occurred.

Splunk will be installed and hardened to splunk's security standards, data digitally signed at source and where possible encrypted in transmission. Our role based access can be tied into LDAP or other authentication methods and full audit trails are kept of all access, configurations and changes.

Data collection
Logs can be collected from POS terminals, servers, Firewalls, network devices, IDS, IPS, penetration testers, anti-virus and many other devices. These logs are digitally signed to ensure validity and where possible encrypted during transmission to ensure security. Splunk can monitor critical files (binaries, password files etc.) with a virtual trip wire to alert you if changes are detected. Scripts can monitor performance, interrogate databases or collect configurations and much more to add value.

Daily Review

EQALIS splunk for PCI has a single screen daily review that highlights the major issues, explaining their significance and giving advice on what should be done. This gives an immediate view of the most pressing tasks and can be updated to reflect your priorities.

Network Security

PCI DSS advise you to set your network up in zones with firewall or similar devices separating them to provide security.  Logs from these firewalls and scripts on servers can identify all traffic entering and leaving the PCI cardholder zone along with the ip addresses and network ports used. EQALIS Splunk for PCI has dashboards showing you these connections and highlighting any unexpected or unauthorised ones. Other reports show failed attempts along with their source details so they can be blocked further up the chain to increase your security. If someone, somehow, makes it through your firewall, IDS, IPS, authentication and security measures, EQALIS splunk for PCI will allow you to forensically piece together where they connected from, what they got to and allow you to show you were taking reasonable measures to prevent a breach.

Data Access

Much of PCI DSS concentrates on who has had access to cardholder data.  EQALIS Splunk for PCI provides dashboards showing what changes have been made to user accounts, what accounts have been used, where they were used and from what source. Trigers can be set to alert if specific accounts are used or new local accounts created. With these tools you can identify who had access where and when.

PCI Requirements
EQALIS splunk for PCI has over 100 searches and reports related to PCI available to you. A single dashboard lists searches grouped by the PCI requirement they are designed to address.  
    •    Req  1 - Firewall - "Install and maintain firewall configuration to protect cardholder data."
    •    Req  2 - Passwords - "Do not use vendor-supplied default passwords."
    •    Req  3 - Card Data - "Protect stored cardholder data."
    •    Req  4 - Encrypt Data - "Encrypt transmission of cardholder data over open, public networks."
    •    Req  5 - Anti Virus - "Use and regularly update anti-virus software programs."
    •    Req  6 - Secure Systems - "Develop and Maintain secure systems and applications."
    •    Req  7 - Restrict Access - "Restrict access to cardholder data by business need to know."
    •    Req  8 - Unique ID's - "Assign a unique ID to each person with computer access."
    •    Req  9 -  Physical Access - "Restrict Physical access to cardholder data."
    •    Req 10 - Track Access - "Monitor all access to network resources and cardholder data."
    •    Req 11 - Test Security - "Regularly test security systems and processes."
    •    Req 12 - Policy Mgmt. - "Maintain a policy that addresses information security for all."

EQALIS Ltd are certified Splunk partners, our consultants have completed full Splunk Architect certification training and we have undertaken official PCI Security Standards Council training to QSA standard. EQALIS Splunk for PCI has been developed in collaboration with large enterprise customers, but delivers value to the SME.