rsa envision for pcidss
TRANSCRIPT
8/3/2019 RSA Envision for PCIDSS
http://slidepdf.com/reader/full/rsa-envision-for-pcidss 1/8
Compliance and Security
Information Management for PCI
DSS Requirement 10 and Beyond
RSA Solution Brief
The Payment Card Industry (PCI) Data Security
Standard (DSS) imposes a broad range of reporting
requirements, which become of paramount impor-
tance during the annual PCI DSS audit. In addition,through Requirement 10, PCI DSS specifically requires
that merchants, banks and payment processors “track
and monitor all access to network resources and card-
holder data.”
As businesses step back and recognize the reporting
and monitoring implications of the PCI DSS, the fol-
lowing question arises: “While compliance is critical,
how can my organization become more proactive than
reactive, and how can we ensure that time and
resource investments will extend beyond our PCI DSS
initiative?”
Moving Beyond Compliance with
RSA enVision® Technology
Violations of policy and security happen without warn-
ing. Regardless of whether these are innocent mis-
takes or illegal attempts at accessing private informa-
tion, you need immediate visibility into such behav-
iors in order to respond. Such visibility and respon-
siveness is critical to achieving PCI DSS compliance,
and from a broader perspective, it is necessary to
ensure all of your organization’s private business,
customer and partner information is secure.
RSA enVision transforms raw, seemingly unrelated
security and network events into meaningful business
intelligence. By first establishing baseline levels of
activity for the entire network environment, RSA
enVision is able to help determine abnormal behav-
iors and issue alerts when such activities occur. Bycapturing all the data–from security, network and
enterprise applications to mainframe, desktop and
storage devices–RSA enVision ensures that you have
complete, unfiltered visibility.
Beyond PCI compliance, RSA enVision does away with
the business data silos that are created in many
organizations. It collects, analyzes and manages all
the data, and provides a platform that helps inform
virtually anyone in your organization. Not only willcompliance auditors have a complete set of data to
meet compliance issues, but risk management and
security operations can see security alerts in real
time. And everyone from desktop operations, to the
help desk, to applications management and network
management personnel can access the reports they
need at any time.
RSA enVision leverages the LogSmart Internet Protocol
Database (IPDB) for collecting and analyzing your
company’s compliance and security information. TheLogSmart IPDB maintains a digital chain of custody for
all data that assures that once data is committed to
the database, it can never be altered–unlike most
data schemas used in relational database manage-
ment system (RDBMS)-based solutions.
Customer Benefits: Compliance and Security
Information Management Solution
With RSA enVision technology, you will havethe opportunity to:
– Rest assured knowing that if a policy or
security violation does occur, you will know
and be able to respond.
– Refocus on growing your business–rather
than responding to audits–because your
organization has a tool to help quickly prove
you’ve met key PCI DSS requirements.
– Move beyond compliance by leveraging PCI
DSS-based investments to improve your
company’s overall security posture.
8/3/2019 RSA Envision for PCIDSS
http://slidepdf.com/reader/full/rsa-envision-for-pcidss 2/8
RSA Solution Brief 2
In addition, while other solutions reduce or pre-filter
the data coming from source devices because the
RDBMS simply cannot keep up, RSA enVision captures
the complete data set within the LogSmart IPDB. Your
organization will benefit from real-time analysis andparallel authentication and compression of source
data, which means alerts are highly accurate and
timely. The benefits of agent-free collection are
clear–no filtering of data at the source, no ongoing
management of agents spread throughout the net-
work, no risk or impact on your network infrastructure
and reduced total cost of ownership due to ease of
configuration and deployment.
In the end, RSA enVision technology positions your
business to quickly respond to policy and securitybreaches, which helps improve the organization’s IT
security posture and eases the compliance process.
RSA enVision helps position customers to focus finan-
cial and human resources on business-growth initia-
tives, rather than on reacting to an ongoing cycle of
PCI DSS audits.
For more information on RSA’s Solutions to help cus-
tomers address PCI DSS compliance, visit
www.rsa.com/pci
PCI DSS Requirement 10 and RSA enVision
PCI DSS requirement 10 states that companies must
“track and monitor all access to network resources
and cardholder data.” RSA enVision enables cus-
tomers to ease the audit process by establishing acentralized point for tracking and monitoring access to
cardholder data throughout a PCI environment.
Specific capabilities RSA enVision delivers that
address the PCI DSS standard include:
RSA PCI Solution Components
RSA®Access Manager RSA’s solution for secure enterprise access enable merchants, banks and payment
processors to ensure that only users with the business need-to-know can access cardholder data within Web-
based PCI systems.
RSA Enterprise Data Protection solutions. RSA’s secure enterprise data solutions enable businesses impact-
ed by the PCI Standard to protect cardholder data across all encryption endpoints and centrally manage
encryption keys on an enterprise-wide basis
– RSA Database Security Manager
– RSA File Security Manager
– RSA Key Manager
RSA enVision® RSA’s solution for compliance and security information management enables organizations
impacted by the PCI DSS to ease the audit process by establishing a centralized point for tracking and moni-
toring access to cardholder data throughout a PCI environment.
EMC Celerra and EMC Centera Out-of-the-box integration of EMC Celerra and EMC Centera with RSA enVision
technology enables customers to cost-effectively store critical PCI audit log data.
RSA SecurID® RSA’s solutions for securing access to enterprise data help customers ensure that users
accessing cardholder data systems and the broader IT network are who they claim to be.
RSA Professional Services RSA Professional Services offers a range of capabilities, such as helping cus-
tomers prepare for a PCI DSS audit, supporting the broad-based discovery of cardholder data across the
enterprise, and implementing technologies for remediation.
– CipherOptics IP Security Gateway
– Decru DataFort® storage security appliances
– NeoScale CryptoStor ® appliances
8/3/2019 RSA Envision for PCIDSS
http://slidepdf.com/reader/full/rsa-envision-for-pcidss 3/8
RSA Solution Brief
RS A E NV I S I O N CAPABIL ITY
Requirement 10.1
Establish a process for
linking all access to system
components (especially
access done with adminis-
trative privileges such as
root) to each individual
user.
RSA enVision enables customers to track administrative user activity and provides oversight to
help verify a user is acting in accordance with established policy. Additionally, the system may
send an alert to a user’s supervisor if behaviors violate policy.
RSA enVision offers out-of-the-box reporting that displays all successful administrative privilege
escalations on monitored UNIX and Linux systems.
Report: “PCI–Administrative Privilege Escalation–UNIX/Linux”
Requirement 10.2
Implement automated audit
trails for all system compo-
nents to reconstruct the fol-
lowing events
RSA enVision appliance helps companies to implement automated audit trails that detail user
access to cardholder data, actions taken by users with root/administrative privileges, access to
audit trails, invalid logical access attempts, use of identification/authentication mechanisms,
audit log initialization and creation/deletion of system-level objects.
Requirement 10.2.1
All individual user accesses
to cardholder data
Requirement 10.2.2
All actions taken by any
individual with root or
administrative privileges
RSA enVision delivers built-in reporting capabilities that display all successful file access attempts
to file objects in the “Cardholder Data” device group; this device group is a subset of the PCI
device group, and should contain only the servers used in the storing of cardholder data.
Report: “PCI: Individual User Accesses to Cardholder Data–Windows”
Requirement 10.2.3
Access to all audit trails
RSA enVision offers built-in reports that enable customers to easily monitor all successful logins to
RSA enVision.
Report: “PCI–Access to All Audit Trails”
Requirement 10.2.4
Invalid logical access
attempts
RSA enVision enables customers to easily report all access attempts that have been denied due to
access control list restrictions.
Report: “PCI–Invalid Logical Access Attempts–ACL Denied Summary”
Requirement 10.2.5
Use of identification and
authentication mechanisms
RSA enVision may enable organizations to easily view a report detailing all users accessing the PCI
device group that authenticate using RSA Authentication Manager servers.
Report: “PCI–Use of Identification and Authentication Systems–RSA”
Requirement 10.2.6
Initialization of
the audit logs
RSA enVision delivers out-of-the-box reports which provide a view into the initialization of audit
logs in Windows, UNIX, Linux, AIX and HPUX operating systems.
Report: “PCI–Initialization of Audit Logs”
Requirement 10.2.7
Creation and deletion of
system-level objects
RSA enVision reporting capabilities enable customers to view the deletion of all system-level
objects in monitored Windows systems, run against the “PCI” device group.
Report: “PCI–Deletion of System-level Objects–Windows”
RSA enVision enables customers to report on all actions taken by users logged in as “root.” In
addition, organizations may customize this report to include any additional usernames that have
been granted full user monitoring administrative privileges in your environment.
Report: “PCI–All Actions by Individuals with Root or Administrative Privileges–UNIX/Linux”
RSA enVision reporting enables customers to monitor all actions taken by users logged in as
“Administrator.” Customers may further bolster security by including any additional usernames
that have been granted full administrative privileges in your environment.
Report: “PCI–All Actions by Individuals with Root or Administrative Privileges–Windows”
3
PCI DSS Requirement 10 and RSA enVision
PCI DSS REQUIREMENT
8/3/2019 RSA Envision for PCIDSS
http://slidepdf.com/reader/full/rsa-envision-for-pcidss 4/8
RSA Solution Brief 4
Requirement 10.3.1
User identification
RSA enVision enables organizations to record user identification information for each event asso-
ciated with the PCI device group.
Requirement 10.3.2
Type of event
RSA enVision enables organizations to identify event-type information for each event associated
with the PCI device group. If the device does not report event type, RSA enVision still supports
reporting by saving metadata that may be analyzed and revised to determine type of event.
Requirement 10.3.3
Date and time
RSA enVision enables organizations to record date and time information for each event associated
with the PCI device group.
Requirement 10.3.4
Success or failure
indication
RSA enVision enables organizations to record success/failure indication information for each
event associated with the PCI device group.
Requirement 10.3.5Origination of event
RSA enVision enables organizations to record event origination information for each event associ-ated with the PCI device group.
Requirement 10.3.6
Identity or name of
affected data, system
component, or resource
RSA enVision enables organizations to record the name or other identity of affected systems, data,
components or other PCI resource.
Requirement 10.5
Secure audit trails so they
cannot be altered
RSA enVision delivers mirrored, unfiltered data to its Internet Protocol Database, which provides
the ability to retain data in its original format. Further, “write once, read many” capabilities help
ensure that the mirrored copy remains intact, even if the original data is compromised. RSA
enVision-captured event logs are stored on a hardened operating system in a compressed form
and protected via lightweight encryption.
Requirement 10.5.1
Limit viewing of audit trails
to those with a job-related
need
RSA enVision enables organizations to assign privileges so only authorized users may access and
view the audit trail.
Requirement 10.5.2
Protect audit trail files from
unauthorized modifications
RSA enVision logs cannot be altered through the graphical user interface (GUI); changes may only
occur via administrative access to the RSA enVision appliance itself. In addition, RSA enVision
data access and archival APIs are read only, so logs may not be altered in the system.
Requirement 10.5.3
Promptly back-up audit
trail files to a centralized
log server or media that is
difficult to alter
RSA enVision enables back-ups of the audit trail to be scheduled as often as needed to a central-
ized log server or other media–e.g., every 10 minutes or every hour, depending on the needs of
the customer.
RSA enVision offers an “LS Maintenance” API that allows users to schedule back-ups on a device
or device group (e.g., PCI device group). Customer would have the ability, for example, to schedule
PCI back-ups every 10 minutes, while devices outside the scope of PCI might be backed-up daily.
Requirement 10.3
Record at least the follow-
ing audit trail entries for all
system components for
each event
RSA enVision will record the events as reported by associated devices. In addition, RSA enVision
saves event metadata, which may be analyzed and revised to determine type of event.
RS A E NV I S I O N CAPABIL ITY
PCI DSS Requirement 10 and RSA enVision — continued
PCI DSS REQUIREMENT
8/3/2019 RSA Envision for PCIDSS
http://slidepdf.com/reader/full/rsa-envision-for-pcidss 5/8
RSA Solution Brief 5
RSA E NV I S I O N CAPABIL ITY
PCI DSS Requirement 10 and RSA enVision — continued
PCI DSS REQUIREMENT
Requirement 10.5.5
Use file integrity monitoring
and change detection soft-
ware on logs to ensure that
existing log data cannot be
changed without generating
alerts (although new data
being added should not
cause an alert)
RSA enVision is capable of creating alerts which ensure supervisors and others are aware if any
changes to the logs take place. In addition, the appliance-based RSA enVision technology is based
on a hardened operating system which delivers higher degrees of security.
Requirement 10.7
Retain audit trail history for
at least one year, with a
minimum of three months
online availability
RSA enVision NAS3500 offers pre-configured, pre-tested and pre-racked EMC Celerra under the cov-
ers, enabling customers to support between 3.5 TB and 7 TB of storage–particularly relevant to the
retention on log data online.
In addition, because RSA enVision is engineered to have out-of-the-box integration with networked
storage platforms such as EMC® Centera™ and EMC Celerra®, customers have the ability to store
their critical information to meet compliance requirements.
EMC Celerra Network Attached Storage systems provide industry-leading price/performance with
no-compromise availability. No-compromise availability means applications continue running at
the same performance and service levels even in the event of a failure. Celerra accomplishes this
via an active-passive N+1 clustering architecture and by eliminating any single point of failure from
the network to the disk drive.EMC Celerra Network Attached Storage systems implements a capability called “File Level
Retention” that provides disk-based WORM protection for files. This Celerra capability protects files
and directories from deletion, alteration, renaming or overwriting during a designated “retention
period.” Celerra File Level Retention can provide organizations with the ability to protect the
integrity of online audit logs for a specific retention period (e.g., 3 months).
8/3/2019 RSA Envision for PCIDSS
http://slidepdf.com/reader/full/rsa-envision-for-pcidss 6/8
RSA Solution Brief 6
PCI DSS Reporting & Auditing
and RSA enVision
Beyond its core ability to help customers address PCI
DSS Requirement 10, RSA enVision technology pro-
vides a robust platform for collecting, correlating and
auditing access to a wide range of PCI systems–from
firewalls to wireless networks to authentication mech-
anisms and more. The technology helps customers to
address key PCI DSS requirements by:
– Delivering a robust set of firewall activity reports for
quickly validating compliance with Requirement 1
(“Install and maintain a firewall configuration to
protect cardholder data”).
– Enabling customers to address key portions of
Requirement 2 (“Do not use vendor supplied
defaults for system password and other security
parameters”) by easily reporting on configuration
changes made to wireless environments.
– Helping ease the process of reporting on updates to
enterprise anti-virus systems in support of
Requirement 5 (“Use and regularly update anti-
virus software”).
– Supporting efforts to prove compliance with
Requirement 6 (“Develop and maintain secure sys-tems and applications”) by reporting on patch and
service applications.
RS A E NV I S I O N CAPABIL ITY
PCI DSS Reporting & Auditing and RSA enVision
PCI DSS REQUIREMENT
Requirement 1.1.1
A formal process for approv-
ing and testing all external
network connections and
changes to the firewall con-
figuration
Requirement 1.1
Establish firewall configuration standards that include the following:
RSA enVision supports compliance by delivering out-of-the-box reports that display all configura-
tion changes made to firewalls within the PCI device group.
Report: “PCI–Firewall Configuration Changes”
Requirement 1.1.5
Documented list of services
and ports necessary for
business
RSA enVision delivers built in reporting to summarize all firewall traffic by port into the PCI device
group.
Report: “PCI–Traffic by Port–PCI Device Group”
Requirement 1.1.6
Justification and documen-
tation for any available pro-
tocols besides hypertext
transfer protocol (HTTP), and
secure sockets layer (SSL),
secure shell (SSH), and vir-
tual private network (VPN)
RSA enVision provides ready-to-run report templates that detail all firewall traffic by port to the IP
address specified as a run-time parameter where the port used is not directly justified by PCI.
Report: “PCI–Traffic to Nonstandard Ports–Detail”
RSA enVision reporting summarizes all firewall traffic by port by destination computer, where the
port used is not directly justified by PCI.
Report: “PCI–Traffic to Non-standard Ports–Summary”
Requirement 1.1.8
A quarterly review of fire-
wall and router rule sets
RSA enVision reporting eases compliance by delivering out-of-the-box reports that display all con-
figuration changes made to firewalls within the PCI device group.
Report: “PCI–Firewall Configuration Changes”
Requirement 1.1.9
Configuration standards for
routers
RSA enVision templates enable customers to easily display all configuration changes made to
routers within the PCI device group.
Report: “PCI–Router Configuration Changes”
8/3/2019 RSA Envision for PCIDSS
http://slidepdf.com/reader/full/rsa-envision-for-pcidss 7/8
RSA Solution Brief 7
Requirement 1.3
Build a firewall configuration that restricts connections between publicly accessible servers and any system component storing
cardholder data, including any connections from wireless networks. This firewall configuration should include the following:
RSA E NV I S I O N CAPABIL ITY
PCI DSS Reporting & Auditing and RSA enVision –continued
PCI DSS REQUIREMENT
Requirement 1.3.1
Restricting inbound Internet traffic to Internet
protocol (IP) addresses within the DMZ
(ingress filters)
RSA enVision reporting capabilities enable customers to automatically list all
inbound Internet traffic on non-standard ports within the PCI device group in
detail and summary form. Report: “PCI–Inbound Internet Traffic on Non-standard
Ports–Detail”
Requirement 1.3.2
Not allowing internal addresses to pass from
the Internet into the DMZ
RSA enVision delivers built-in templates which enable customers to easily report
on all inbound Internet traffic on non-standard ports within the PCI device group
in detail and summary form.
Report: “PCI–Inbound Internet Traffic on Non-standard Ports–Detail”
Requirement 1.3.6
Securing and synchronizing router configura-
tion files. For example, running configuration
files (for normal functioning of the routers), and
start-up configuration files (when machines are
re-booted) should have the same secure con-
figuration
RSA enVision offers a built-in report that summarizes all outbound traffic by desti-
nation.
Report: “PCI–Outbound Traffic Summary”
RSA enVision reports detail all outbound traffic for a specific internal IP address.
Report: “PCI–Outbound Traffic Detail by Source Address”
Requirement 2.1.1
For wireless environments, change wireless
vendor defaults, including but not limited to,
wired equivalent privacy (WEP) keys, default
service set identifier (SSID), passwords, and
SNMP community strings. Disable SSID
broadcasts. Enable WiFi protected access
(WPA and WPA2) technology for encryption
and authentication when WPA-capable.
RSA enVision offers built-in reporting which details all configuration changes
made to wireless routers, enabling customers to easily demonstrate to an auditor
that vendor defaults–including WEP keys, default SSID, password, SNMP commu-
nity strings and disabling of SSID broadcasts–were changed before the wireless
router was introduced to the payment-card environment.
Report: “PCI–Wireless Environment Configuration Changes”
Requirement 3.6
Fully document and implement all key man-agement processes and procedures for keys
used for encryption of cardholder data.
RSA enVision delivers pre-built reports which enable customers to detail all the
generation and period changing of encryption keys used in the secure storageand transfer of payment-card data as well as summarizing access control details,
such as successful and failed logins, policy enforcement and regular reporting.
Requirement 4.1
Use strong cryptography and security proto-
cols such as secure sockets layer (SSL) / trans-
port layer security (TLS) and Internet protocol
security (IPSec) to safeguard sensitive card-
holder data during transmission over open,
public networks. Examples of open, public net-
works that are in scope of the PCI DSS are the
Internet, WiFi (IEEE 802.11x), global system for mobile communications (GSM),and general
packet radio service (GPRS).
RSA enVision reporting capabilities enables customers to access all cryptographic
operations where the use of the cryptography failed or was disabled by the user.
Report: “PCI–Encrypted Transmission Failures”
8/3/2019 RSA Envision for PCIDSS
http://slidepdf.com/reader/full/rsa-envision-for-pcidss 8/8
RSA is your trusted partner
RSA, The Security Division of EMC, is the expert in
information-centric security, enabling the protection
of information throughout its lifecycle. RSA enables
customers to cost-effectively secure critical informa-
tion assets and online identities wherever they live
and at every step of the way, and manage security
information and events to ease the burden of
compliance.
RSA offers industry-leading solutions in identity assur-
ance & access control, encryption & key management,
compliance & security information management and
fraud protection. These solutions bring trust to
millions of user identities, the transactions that they
perform, and the data that is generated. For more
information, please visit www.RSA.com and
www.EMC.com.
©2007 RSA Security Inc. All Rights Reserved.
RSA, enVision, SecurID and the RSA logo are either registered
trademarks or trademarks of RSA Security Inc. in the United States
and/or other countries. EMC is a registered trademark of EMC
Corporation. All other products and services mentioned are trademarks
of their respective companies.
PCISIEM SB 0307
RSA E NV I S I O N CA P A BI L I T Y
PCI DSS Reporting & Auditing and RSA enVision – continued
PCI DSS REQUIREMENT
Requirement 5.2
Ensure that all anti-virus mechanisms are
current, actively running, and capable of gen-
erating audit logs
RSA enVision offers reporting templates that make it simple for administrators
and auditors to review update procedures for anti-virus systems.
Report: “PCI–Anti-virus Update Procedures”
Requirement 6.1
Ensure that all system components and soft-
ware have the latest vendor-supplied security
patches installed. Install relevant securitypatches within one month of release
RSA enVision delivers built-in reports that provide a view into all patch and serv-
ice pack applications to Microsoft Windows-based systems.
Report: “PCI–Vendor-supplied Patch Application”