Payment security compliance is experiencing a steep decline, which suggests that organizations worldwide are either unwilling or unable to keep up with the ongoing effort required to achieve and maintain compliance. Security information and event management (SIEM) solutions can help organizations get back on track.
Launched in 2004, the Payment Card Industry Data Security Standard (PCI DSS) is meant to ensure that companies adequately secure their customers’ payment card information. After years of steady improvement in compliance rates, the numbers have dropped considerably. According to Verizon’s 2019 Payment Security Report, global compliance has dropped from 55.4 percent in 2016 to a low of just 36.7 percent.
Verizon analysts say the drop suggests that too many organizations are treating compliance as a one-off task rather than an ongoing process. However, compliance issues must be addressed regularly and modified frequently.
A major flaw in many compliance programs involves the collection and monitoring of security event logs, one of the central requirements of the PCI DSS. While most organizations do a good job of capturing security logs, they often have no plan in place for actively reviewing and analyzing those logs to quickly detect attacks and launch countermeasures.
Many organizations still manually collect and review log data, but that’s becoming less practical with every passing day. Servers and other systems generate an overwhelming amount of log information, with detailed information about tens of thousands of events and transactions taking place on the system. It’s estimated that a typical enterprise operation will accumulate up to 4GB of log data daily.
Given the sheer quantity of data being generated, it isn’t humanly possible to manually meet PCI DSS requirements for reviewing logs daily, preferably in near real time. However, SIEM solutions allow organizations to overcome that challenge.
SIEM systems collect real-time log data from a wide range of network hardware and software resources. This data is then forwarded to a central console for inspection and analysis to identify any unusual patterns that could signal a security threat.
Here are 5 Ways SIEM Improves PCI DSS Compliance:
Centralized log collection. SIEM aggregates log data from all network systems and devices that fall under the scope of PCI DSS. This simplifies the process of tracking events and activity on network resources that involve cardholder data.
Log analysis and reporting. Most SIEM solutions use two techniques to analyze log data. Statistical correlation compares data to a known normal system to spot anomalies, and vulnerability scanning searches for known attack patterns and vulnerabilities. More advanced solutions use machine learning and behavioral analytics to identify suspicious behaviors.
Log archival. PCI DSS requires organizations to retain an audit history for one year, but many logging mechanisms will overwrite log entries after they reach a prescribed limit. SIEM solutions can be configured to retain log data for any desired period.
File integrity monitoring (FIM). PCI DSS requires organizations to track changes to log data to prevent unauthorized modifications. FIM tracks and records when logs are accessed, who accessed them and what changes were made in order to protect the integrity of cardholder data.
Real-time alerts. PCI DSS requires organizations to assign someone to monitor and analyze security alerts. SIEM automatically generates real-time alerts based on predefined conditions, such as configuration changes to firewalls or routers. Security teams typically receive these alerts through email or text messages.
The decline in PCI DSS compliance is a troubling trend for businesses and consumers alike. According to the Verizon study, organizations without the required data protection controls are far more likely to experience a data breach that exposes cardholder information. Give us a call to learn how SIEM solutions can help your company achieve regulatory compliance.