Compliance Guides

PCI DSS Compliance with Threat Stack

Issue link: https://resources.threatstack.com/i/871256

Contents of this Issue

Navigation

Page 1 of 1

CONTINUOUS MONITORING Threat Stack ensures that you're never le in the dark when it comes to knowing what's happening in your network. Our pla orm automa cally monitors and records all the ac vity happening in your cloud, providing you with the instruments you need to effec vely maintain a healthy security posture in the cloud. Specifically, Threat Stack: • Provides granular insight into security configura ons and control effec veness. • Monitors at the kernel level, as well as it cri cal points in the cardholder data environment, providing a level of monitoring beyond that of intrusion detec on. • Is always on and always watching, ensuring applica ons are protected. ALERTING Our pla orm monitors and records all of the ac vity happening in your cloud and sounds the alarm if suspicious behavior is detected. Get no fied instantly if anomalous behavior indica ng unauthorized access to or loss of cardholder data occurs, so you can respond immediately. Specifically, Threat Stack will alert you on: • Suspicious filesystem, account, and configura on ac vity. • Unauthorized exposure or modifica on of data and unauthorized use of network resources. • Data, configura ons and ac vity changes within areas of high risk. • Viola ons of policies and procedures. • System a acks including those documented by OWASP, SANS, CERT, etc. INVESTIGATE AND VERIFY Determine whether an event is a true threat using Threat Stack's detailed audi ng system. Our audit trails provide you with the intelligence you need to understand an a ack's impact so you can answer the who, what, where, when and how in order to make informed decisions on how to respond. Specifically, Threat Stack provides: • Audit logs and aler ng on unauthorized exposure or modifica on of data and configura ons. • Log and security event reviews for all system components to iden fy anomalous ac vity. • Provides an independent repository for storing alerts that is supplemental to log informa on. • Provides granular insight into security configura ons and control effec veness. Threat Stack provides you with deep visibility star ng at the underlying kernel — the source of truth — where system ac vity can't be faked. Threat Stack gives you instant, comprehensive visibility into your en re cloud infrastructure and sounds the alarms if suspicious behavior is detected. TAKE ACTION Armed with our pla orm's powerful forensics, you can take ac on to ensure the vulnerability in your a ack surface is fixed to prevent similar events from happening in the future. Specifically, Threat Stack provides: • The ability to report on the use of generic system accounts • Granular insight into security configura ons and control effec veness, allowing for be er decisions to be made, improving the tes ng process. Threat Stack's monitoring capabili es impact the following PCI DSS requirements: Requirement 1: Install and maintain a firewall and router configura on to protect cardholder data (1.5), Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters (2.2), Requirement 6: Develop and maintain secure systems and applica ons (6.6), Requirement 11: Regularly test security systems and processes (11.4, 11.6), Requirement 12: Maintain a policy that addresses informa on security for all personnel (12.10) Threat Stack's aler ng capabili es impact the following PCI DSS requirements: Requirement 3: Protect stored cardholder data (3.2), Requirement 6: Develop and maintain secure systems and applica ons (6.1, 6.2, 6.4, 6.4, 6.7), Requirement 7: Restrict access to cardholder data by business need to know (7.1, 7.2, 7.3), Requirement 8: Assign a unique ID to each person with computer access (8.7), Requirement 10: Track and monitor all access to network resources and cardholder data (10.6), Requirement 11: Regularly test security systems and processes (11.2, 11.5, 11.6), Requirement 12: Maintain a policy that addresses informa on security for all personnel (12.6, 12.10) Threat Stack's audi ng capabili es impact the following PCI DSS requirements: Requirement 10: Track and monitor all access to network resources and cardholder data (10.1, 10.2, 10.3, 10.5, 10.6, 10.7, 10.8), Requirement A.1 (A. 1.3, A. 1.4) Threat Stack's response capabili es impact the following PCI DSS requirements: Requirement 8: Assign a unique ID to each person with computer access (8.1, 8.5), Requirement 12: Maintain a policy that addresses informa on security for all personnel (12.10) The decisions you make are only as good as the intelligence you base them on. That's why Threat Stack is considered the gold standard when it comes to protec ng PHI and maintaining HIPAA compliance in the cloud. Try Threat Stack. Visit ThreatStack.com

Articles in this issue

Links on this page

view archives of Compliance Guides - PCI DSS Compliance with Threat Stack