Interactive Demo

PCI DSS Compliance Doesn’t
Have to Be So Hard
(or Expensive)

Ease your PCI DSS 3.0 compliance burdens starting today. AlienVault’s Unified Security Management (USM) combines the essential security controls you need to demonstrate PCI compliance - into a single, easy-to-use solution.

Download a Free Trial

PCI DSS v3.0 Webcast

Learn How to Adapt Your Compliance Strategy. Watch the On-Demand Webcast

Achieve Compliance Fast, Reduce the Cost of Maintaining It

Are you struggling with PCI DSS compliance?
You’re not alone.

The Verizon 2014 PCI Compliance Report finds that 89% of organizations failed their 2013 baseline assessment. Just over half (51%) of the companies surveyed by Verizon passed 7 requirements, and only 11% passed all 12 requirements. One key reason – too often organizations desperately assemble the necessary patchwork of vendors and technologies in a rush to become compliant, and do it in a manner that’s not sustainable. Those organizations are usually unaware that far less expensive ways to be compliant have emerged.

Most Common PCI Compliance Failures

When Verizon compared the PCI DSS compliance of companies in its PCI Compliance report with data from its 2013 Data Breach Investigations Report it found that companies suffering a data breach were much less likely to be effective at (in rank order):

  • Requirement 10 – Log Management
  • Requirement 7 – Need to Know
  • Requirement 5 – Anti-Virus
  • Requirement 12 – People

For too long, the use of disparate technologies made PCI compliance extremely difficult. But now you can address nearly all of these requirements and accelerate your threat management program at the same time – with a unified solution.

How AlienVault Simplifies PCI DSS Compliance

AlienVault Unified Security Management (USM) helps you simplify and accelerate achieving PCI compliance by combining capabilities that address the most challenging PCI DSS requirements, in a single management and reporting platform. See results in minutes and dramatically change your ability to get compliant and stay compliant.

Watch 3-minute video tour

Compare AlienVault for PCI Compliance to the Point Product Approach

Which PCI requirements can you simplify with USM? The table below illustrates the difference between attempting to do this with point solutions vs. the combined power of USM.

  PCI DSS 3.0 Requirement   AlienVault USM Intrusion Detection Monitoring SIEM Vulnerability Management
1 Install and Maintain a Firewall Configuration to Protect Cardholder Data 1.1 yes yes yes yes yes
1.1.2 yes   yes    
1.1.3 yes   yes    
1.1.5 yes   yes    
1.1.6 yes   yes    
1.2 yes   yes yes yes
1.3 yes   yes yes  
See How AlienVault Fulfills Requirement 1
PCI DSS Requirements Integrated USM Capabilities Benefits You Gain
1.1, 1.2, 1.3
  • NetFlow analysis
  • System availability monitoring
  • SIEM
  • Asset discovery
  • Unified and correlated Netflow analysis and firewall logs delivers “single pane of glass” visibility into access to cardholder-related data and all cardholder data flows across systems and networks.
  • Built-in asset discovery provides a dynamic asset inventory and topology diagrams. Cardholder-related resources can be identified and monitored for unusual activity.
  • Accurate and automated asset inventory combined with relevant security events accelerate incident response efforts and analysis.
2 Do Not Use Vendor-Supplied Defaults for System Passwords and Other Security Parameters 2.1 yes       yes
2.2 yes yes yes   yes
2.3 yes     yes yes
2.4 yes   yes    
See How AlienVault Fulfills Requirement 2
PCI DSS Requirements Integrated USM Capabilities Benefits You Gain
2.1, 2.2, 2.3, 2.4
  • Network intrusion detection (IDS)
  • Vulnerability assessment
  • Host-based intrusion detection (HIDS)
  • Asset discovery and inventory
  • Built-in, automated vulnerability assessment identifies the use of weak and default passwords.
  • Built-in host-based intrusion detection and file integrity monitoring will signal when password files and other critical system files have been modified.
  • Automated asset inventory enumerates all of your PCI in scope assets.
3 Protects Stored Cardholder Data 3.6.7 yes     yes  
See How AlienVault Fulfills Requirement 3
PCI DSS Requirements Integrated USM Capabilities Benefits You Gain
3.6.7
  • Log management
  • Host-based intrusion detection (HIDS)
  • File integrity monitoring
  • NetFlow analysis
  • SIEM
  • Unified log review and analysis, with triggered alerts for high risk systems (containing credit cardholder data).
  • Built-in host-based intrusion detection and file integrity
 monitoring detect and alarm on changes to cryptographic keys.
  • Unified NetFlow analysis and event correlation monitors 
traffic and issues alerts on unencrypted traffic to/from cardholder-related resources.
4 Encrypt Transmission of Cardholder Data Across Open, Public Networks 4.1 yes     yes yes
4.1.1 yes     yes  
See How AlienVault Fulfills Requirement 4
PCI DSS Requirements Integrated USM Capabilities Benefits You Gain
4.1
  • NetFlow analysis
  • Behavioral monitoring
  • Wireless IDS
  • SIEM
  • Unified Netflow analysis and event correlation monitors traffic and issues alerts on unencrypted traffic to/from cardholder-related resources.
  • Built-in wireless IDS monitors encryption strength and identifies unauthorized access attempts to critical infrastructure.
5 Protect All Systems Against Malware and Regularly Update Anti-Virus Software or Programs 5.1 yes   yes   yes
5.1.2 yes   yes   yes
5.2 yes     yes yes
5.3 yes   yes   yes
See How AlienVault Fulfills Requirement 5
PCI DSS Requirements Integrated USM Capabilities Benefits You Gain
5.1, 5.2, 5.3
  • Host-based intrusion detection (HIDS)
  • Network intrusion detection (IDS)
  • Log management
  • Vulnerability assessment
  • Built-in host-based intrusion detection provides an extra layer of defense against zero day threats (before an anti- virus update can be issued).
  • Unified log management provides an audit trail of anti- virus software use by collecting log data from anti-virus software.
  • Built-in network intrusion detection identifies and alerts on malware infections in the credit cardholder data environment.
  • Integrated vulnerability assessment discovers non-compliant endpoints without active anti-virus installed.
6 Develop and Maintain Secure Systems and Applications 6.1 yes     yes yes
6.2 yes yes     yes
6.3 yes     yes yes
6.3.2 yes   yes    
6.4 yes       yes
6.5 yes     yes  
See How AlienVault Fulfills Requirement 6
PCI DSS Requirements Integrated USM Capabilities Benefits You Gain
6.1, 6.2, 6.3, 6.4, 6.5
  • Asset discovery
  • Vulnerability assessment
  • Network intrusion detection (IDS)
  • SIEM
  • Built-in and consolidated asset inventory, vulnerability assessment, threat detection and event correlation provides a unified view of an organization’s security posture and critical system configuration.
  • Built-in vulnerability assessment checks for a variety of well-known security exploits (i.e., SQL injection).
7 Restrict Access to Cardholder Data by Business Need to Know 7.1 yes   yes yes  
7.2 yes       yes
See How AlienVault Fulfills Requirement 7
PCI DSS Requirements Integrated USM Capabilities Benefits You Gain
7.1, 7.2
  • SIEM
  • Automated event correlation identifies unauthorized access to systems with credit cardholder data.
8 Identify and Authenticate Access to System Components 8.1 yes     yes yes
8.2 yes       yes
8.4 yes       yes
8.5 yes   yes    
8.6 yes   yes    
8.7 yes yes yes yes  
See How AlienVault Fulfills Requirement 8
PCI DSS Requirements Integrated USM Capabilities Benefits You Gain
8.1, 8.2, 8.4, 8.5, 8.6, 8.7
  • Log management
  • Vulnerability assessment
  • Host-based intrusion detection (HIDS)
  • Built-in log management captures all user account creation activities and can also identify unencrypted passwords on critical systems, as well as collection and correlation of valid and invalid authentication attempts on critical devices.
  • Integrated vulnerability scanning validates password complexity requirements
  • Built-in host-based intrusion detection alerts on unauthorized attempts to access cardholder data
10 Track and Monitor Access to All Network Resources and Cardholder Data 10.1 yes yes yes   yes
10.2 yes   yes yes yes
10.3 yes yes yes yes  
10.4 yes     yes  
10.5 yes   yes yes yes
10.6 yes   yes yes yes
10.7 yes   yes yes yes
See How AlienVault Fulfills Requirement 10
PCI DSS Requirements Integrated USM Capabilities Benefits You Gain
10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7
  • Host-based intrusion detection (HIDS)
  • Network intrusion detection (IDS)
  • Behavioral monitoring
  • Log management
  • SIEM
  • Built-in threat detection, behavioral monitoring and event correlation signals attacks in progress—for example, unauthorized access followed by additional security exposures such as cardholder data exfiltration.
  • Built-in log management enables the collection and correlation of valid and invalid authentication attempts on critical devices.
  • Centralized, role-based access control for audit trails and event logs preserves “chain of custody” for investigations.
11 Regularly Test Security Systems and Processes 11.1 yes   yes    
11.2 yes yes     yes
11.3 yes       yes
11.4 yes yes   yes  
11.5 yes     yes  
See How AlienVault Fulfills Requirement 11
PCI DSS Requirements Integrated USM Capabilities Benefits You Gain
11.1, 11.2, 11.3, 11.4, 11.5
  • Vulnerability assessment
  • Wireless IDS
  • Host-based intrusion detection (HIDS)
  • File integrity monitoring
  • SIEM
  • Built-in vulnerability assessment streamlines the scanning and remediation process – one console to manage it all.
  • Built-in wireless IDS detects and alerts on rogue wireless access points, and weak encryption configurations.
  • Built-in host-based intrusion detection identifies the attachment of USB devices including WLAN cards.
  • Unified vulnerability assessment, threat detection, and event correlation provides full situational awareness in order to reliably test security systems and processes.
  • Built-in file integrity monitoring alerts on unauthorized modification of system files, configuration files, or content.

Next Steps

Test Drive

Free Trial

Download your free 30-day trial
Live Demo

Live Demo

Request a live demo and get your questions answered
Learn More

Learn More

Learn more about AlienVault Unified Security Management
Contact Us

Contact Us

1.855.425.4367
sales@alienvault.com