USM Anywhere automatically collects and alerts on security data from critical AWS services such as CloudTrail, CloudWatch, and S3 and ELB access logs, centralizing and simplifying your AWS security monitoring.
AlienVault Labs’ threat intelligence includes AWS-specific correlation rules, so you can detect the latest threats, vulnerabilities, misconfigurations, and anomalous behaviors in your AWS environment.
USM Anywhere is a cloud-hosted SaaS platform that readily scales as your IT environment evolves. It’s fast and easy to deploy with no hardware to install.
Centrally monitor your multi-cloud and on-prem assets with a unified platform to ensure continuous threat coverage and the elimination of shadow IT as you migrate data and services to the cloud.
Support your agile development with automated security monitoring across build, test, and production environments and leverage our integrations with DevOps tools like PagerDuty, Slack, Jira and others.
Ensure your AWS environment adheres to key regulatory or industry compliance mandates, such as PCI DSS, HIPAA, or GDPR. Learn how USM Anywhere simplifies IT security compliance in AWS.
Achieving AWS PCI DSS Compliance is a must-have for any organization that handles consumers’ credit card data in their AWS cloud environment. To get there, you must prove that you have in place robust security controls to monitor your logs, detect vulnerabilities, protect cardholder data, and much more. This can be a big challenge for resource-limited IT security teams, especially if you need to get ready for a fast-approaching PCI DSS compliance audit.
AlienVault® Unified Security Management™ (USM) helps you to simplify and accelerate your AWS PCI DSS Compliance by combining multiple essential security capabilities onto a single platform that supports many PCI DSS requirements, including asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, SIEM, and log management. The built-in PCI DSS compliance reports in AlienVault USM make it simple to demonstrate compliance in an audit and to continuously monitor your compliance program afterwards.
AlienVault USM centralizes PCI DSS compliance and security management across your cloud, on-premises, and hybrid environments. Its native AWS security monitoring capabilities allow you to dynamically discover your AWS assets, including those in scope of your AWS PCI DSS compliance environment. It also collects, analyzes, and securely stores log data from CloudTrail, CloudWatch, VPC Flow Logs, ELB logs, S3 Access Logs, and system logs in the AlienVault Secure Cloud.
AlienVault USM has been certified compliant to PCI DSS, so you can pursue your own AWS PCI DSS compliance certification with the assurance that AlienVault has the proper security controls in place to securely transmit, process, and store your data in accordance with PCI DSS requirements.
The AlienVault USM platform cuts through the expense and complexity of having multiple security tools to demonstrate AWS PCI DSS Compliance. It delivers multiple essential security capabilities in one unified, affordable solution, so you prepare for your compliance audit faster and more easily.
AlienVault USM satisfies many PCI DSS requirements through unified asset discovery and inventory, vulnerability assessment, intrusion detection, behavioral monitoring, SIEM event correlation, and log management—all in a single pane of glass. Discover which PCI DSS goals you can realize with AlienVault USM.
The AlienVault USM platform monitors your AWS cloud environment as well as your on-premises environment, allowing you to monitor configuration changes to your network firewalls and routers, identify weak or default passwords, and detect AWS configuration issues that may leave you exposed.
The built-in asset inventory, vulnerability assessment, threat detection, and log analysis capabilities in the AlienVault USM platform provide the continuous security visibility you need to detect and respond to intrusions and vulnerabilities efficiently.
Powerful SIEM event correlation and log analysis in the USM platform captures all user account activities on critical systems in AWS, in your data center, and on cloud applications like Office 365 and G Suite. This includes the collection and correlation of valid and invalid authentication attempts, so you always know who is trying to access your cardholder data environment (CDE).
You should regularly monitor user access to your AWS data processing resources and test for vulnerabilities in your environment, not only to satisfy requirements for AWS PCI DSS compliance but also for critical security monitoring activities. AlienVault USM combines vulnerability assessment, event correlation, and log management to give you the security visibility your need in a single pane of glass.
The AlienVault USM platform helps you to detect breaches sooner and to respond faster by enabling automated incident response and giving you all the relevant security data you need at your fingertips along with response guidance and continuous threat intelligence updates. This supports your efforts to maintain a strong information security policy program.
AlienVault USM helps you identify systems susceptible to known vulnerabilities, or that may not have antivirus software installed or operational. Its intrusion detection capabilities monitor for indicators of a malware-based threat. When malware is detected, AlienVault USM can automate incident response actions to isolate infected systems and block malicious domains.
AlienVault USM delivers vulnerability assessment, so that you can find and fix weak spots in your cloud and on-premises environments. Together, AlienVault USM’s asset discovery and vulnerability assessment tools simplify security visibility by unifying the data gathered in asset and vulnerability scans with known vulnerability information. In addition, its file integrity monitoring (FIM) tool alerts users to changes to critical files that may indicate a breach.
Make sure the right people get notified to respond quickly in the case of an incident. USM Anywhere provides the alerting you need to identify threats, respond to the threats, and keep track of decisions made about the threats. With USM Anywhere and its AWS-native sensor, you get 24X7 coverage.
Sections 10.1 - 10.4 deals with collecting audit logs, tracking access to cardholder data, actions taken by admins, failed logins, and manipulation of the audit trail. USM Anywhere timestamps the data as required in Section 10.4.
Section 10.5 requires that audit trails be secured so they cannot be altered. In AlienVault USM, log data is securely stored with a “Write Once, Read Many (WORM)” method, ensuring the integrity of your raw logs for forensics and compliance needs.
Requirement 10.6 requires you review your log data and security events for anomalies or suspicious activity. AlienVault USM collects data from your applications, servers, and devices from across your on-premises and cloud environments and cloud applications. Customizable views, built-in and customizable PCI DSS reports, and advanced correlation capabilities simplify the ability to review data, so you can easily monitor and report on threats and anomalies.
Section 10.7 mandates that you retain audit history for at least one year, with a minimum of three months immediately available for analysis. USM Anywhere stores data online for up to 90 days and retains the data long term for a full year. This provides the advanced log management and secure long-term raw log retention for AWS PCI DSS compliance, even in high-volume environments.
PCI Sections AlienVault USM Addresses
How AlienVault USM Helps
1. Install and maintain a firewall configuration to protect cardholder data.
1.1, 1.2, 1.3
2. Do not use vendor-supplied defaults for system password and other security parameters.
2.1, 2.2, 2.3, 2.4, 2.6
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Protect all systems against malware and regularly update antivirus software or programs
5.1, 5.2, 5.3, 5.4
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need to know
8. Identify and authenticate access to system components
8.1, 8.2, 8.5
9. Restrict pysical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8
11. Regularly test security systems and processes
11.1, 11.2, 11.4, 11.5, 11.6
12. Maintain a policy that addresses information security for all personnel
12.1, 12.5, 12.8