Complying with the payment card industry data security standard (PCI DSS) doesn’t stop at payment systems. While keeping the network perimeter hardened is good security practice, it doesn’t completely prevent malicious activity. Threats can come from anywhere, so IT must focus on detecting anomalies and intrusions inside the network.
Many of the most devastating breaches occur when hackers break into the network through non-PCI segments. This is why you must protect all of your endpoints and monitor your complete environment, not just the assets that fall under PCI-compliance requirements.
SNARE’s Desktop Agent collects and analyzes logs from often-forgotten workstations where many threats and breaches originate. The SNARE Enterprise agents address and support your PCI DSS security strategies with a key focus on meeting the logging requirements in the security standard, including logging each event according to:
- type of event
- date and time
- success or failure indication
- origination of event
- identity or name of the affected data, system component, or resources
- anytime any user accesses cardholder data
- root or administrative privileges
- access to all audit trails
- invalid logical access attempts
- use of identification and authentication mechanisms
- initialization of the audit logs
- creation and deletion of system-level objects.
SNARE agents can:
- monitor processes running on a system, capturing malware execution
- track all file changes of data including files encrypted from crypto locker attacks and perform registry auditing for sensitive application settings
- reduce the mean time to detection (MTTD) when breached because logs are sent in near real-time
- capture evidence from event logs to identify all system activity or zero-day malware that anti-virus can’t detect
- capture and filter all event log data with reliable TCP delivery and optional TCP/TLS encryption.
The SNARE Central Server and SNARE Agents combine to monitor user and system activity on your networks and validate access controls. The network vulnerability assessment components can help you test your systems and networks for vulnerabilities that may affect PCI compliance. It protects the entire network including non-PCI segments.