Page 41 - index
P. 41
decisions when critical files are accessed and thereby mitigate the risk of payment card data
breaches.
7. Real-Time Alerting
Real-time security alerting is critical for enterprises. IT security professionals should receive
alerts as and when network anomalies and suspicious activities occur on the network. Real-
time security alerts help IT security professionals respond to critical incidents that can affect
their network infrastructure. A delay in responding to critical incidents can lead to a major
security catastrophe. Deploying a real-time alerting solution that automatically monitors
security events by mining the log data plays a vital role in PCI DSS compliance.
8. User Activity Monitoring
Customers’ payment card data can be misused by employees who access the data using
brute force attacks or by employees with privileged access. Monitoring user activities in real
time across the IT infrastructure can be a painful task without proper user activity monitoring
tools. PCI DSS compliance mandates enterprises to audit precise information in real time on
critical user activity events such as user logons, user logoffs, failed logons, successful audit
logs cleared, audit policy changes, objects accessed and user account changes.
Automating to Ensure Compliance
Compliance with PCI DSS is a must for all businesses that accept card payments because
keeping customers’ payment card data secure is crucial for the progress of those businesses.
PCI DSS compliance can bring enormous benefits to businesses such as a more secure
network, higher brand value, improved reputation and lower risk of data breaches. Non-
compliance, on the other hand, can have severe consequences.
Monitoring log data and critical files in real time using the automation framework will help
businesses to comply with the PCI DSS requirements 10 and 11.5 with ease.
About the Author
Joel John Fernandes is a senior product marketing analyst for
ManageEngine, the real-time IT management company. He has
thorough knowledge in the log management and security
information and event management (SIEM) domain and has
consulted on network security and log management for both large
and small enterprises. For more information on ManageEngine, a
division of Zoho Corporation, please visit www.manageengine.com;
follow the company blog at http://blogs.manageengine.com; on
Facebook at http://www.facebook.com/ManageEngine and on Twitter at @ManageEngine.
41 Cyber Warnings E-Magazine – October 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
