ManageEngine to showcase its Out-Of-The-Box reporting capability for PCI DSS 3.0 at GITEX 2014, Dubai
Chennai: ManageEngine, the real-time IT management company, today announced the addition of PCI DSS 3.0 compliance reporting to EventLog Analyzer, its security information and event management (SIEM) software at the GITEX 2014 conference. The move makes EventLog Analyzer users audit-ready to meet the payment card safeguards defined by PCI DSS 3.0 requirements 10 and 11.5.
ManageEngine will be demonstrating EventLog Analyzer and its new PCI DSS 3.0 compliance reporting features in booth A7-10 at GITEX 2014 being held October 12 – 16, at the Dubai world trade centre.
PCI DSS 3.0 became active on January 1, 2014, establishing 12 security requirements that concern the protection of payment card data. Businesses that accept, store, process, or transmit customer’s card data must adhere to the 12 requirements by January 1, 2015. Businesses that do not comply with PCI DSS 3.0 requirements will face penalties ranging from heavy fines to forfeiture of their licenses to process payment card transactions. Most importantly, the brand and reputation of a business will suffer if a data breach affects its customers’ payment card data.
“PCI DSS 3.0 compliance has become a crucial security element,” said Chenthil Kumaran, Product Manager at ManageEngine. “The recent payment card data breaches at retail giants such as Target and Home Depot have elevated the need for organizations from various industries to secure their customers’ payment card data from threats.”
Fulfilling PCI DSS 3.0 Requirements 10 and 11.5 with EventLog Analyzer
PCI DSS 3.0 requirements 10 and 11.5 are considered to be the most challenging to fulfill for securing and protecting customers’ payment card data from threats. PCI DSS 3.0 requirement 10 pushes enterprises to gain security intelligence to know the “who, what, where, and when” of users accessing the network resources and cardholder data whereas PCI DSS 3.0 requirement 11.5 focuses on the protection of critical files from unauthorized access.
· Out-of-the-box reporting and requirement 10 – EventLog Analyzer easily fulfills the PCI DSS 3.0 requirement 10 with the addition of out-of-the-box reporting, which enables analysis of the complete user audit trail to identify who is logging into their systems, when they logged into the systems and what activities they carried out on the systems.
· File integrity monitoring and requirement 11.5 – EventLog Analyzer’s new file integrity monitoring (FIM) reporting feature fulfills PCI DSS 3.0 requirement 11.5. Now, businesses can track all changes happening to their files in real-time such as when payment card data files are accessed, modified, deleted, renamed and created. The file integrity monitoring capability is also intelligent and can reveal the name of the person who made changes to the files.
The out-of-the-box PCI DSS 3.0 security report provided by EventLog Analyzer lists down the PCI DSS 3.0 sections in a systematic manner with the relevant sub-reports supporting those sections. This PCI DSS 3.0 compliance reporting tool also helps IT security managers effectively conduct log forensics investigations, generate security reports, monitor user activities, monitor servers, correlate events, receive alerts during anomalous activities, and much more.
GITEX 2014 attendees interested in learning more about EventLog Analyzer’s out-of-the-box PCI DSS reporting capability are invited to meet company executives at the show.