If your organization transmits, processes, or stores credit card data in your Azure cloud environment, you likely need to achieve Azure PCI DSS Compliance. This requires you to demonstrate that you have in place robust security controls to monitor changes in critical infrastructure, detect vulnerabilities, protect cardholder data, and much more.
For small IT security teams or for teams with limited Azure security monitoring experience, this can seem like a daunting task.
However, it doesn’t have to be complex or costly to implement the security controls needed to achieve PCI DSS compliance in your Azure cloud and on-premises environments.
AlienVault® USM Anywhere™ helps you to simplify and accelerate your Azure PCI DSS Compliance by combining multiple essential security capabilities onto a single platform that supports many PCI DSS 3.2 requirements. USM Anywhere provides native security monitoring for Azure cloud environments as well as your physical and virtual on-premises infrastructure and retail outlets, so you can centralize your entire compliance management and security monitoring program onto a single, affordable solution.
AlienVault USM Anywhere allows you to:
* The ISMS that governs USM Anywhere, USM Central
USM Anywhere delivers multiple essential security capabilities in one unified solution, so you can reduce the number of security tools you need to purchase to demonstrate Azure PCI DSS Compliance.
By bringing together asset discovery and inventory, vulnerability assessment, intrusion detection, behavioral monitoring, SIEM event correlation, and log management onto a single affordable solution, USM Anywhere aligns with the goals of PCI DSS.
USM Anywhere provides security monitoring of your Azure cloud environment as well as your on-premises environment, allowing you to monitor configuration changes to your network firewalls and routers, identify weak or default passwords, and at the same time identify Azure configuration issues that may leave you exposed.
USM Anywhere’s built-in asset inventory, vulnerability assessment, threat detection, and log analysis capabilities provide the continuous security visibility you need to detect and respond to intrusions and vulnerabilities quickly.
SIEM event correlation and log analysis in USM Anywhere captures all user account activities on critical systems in Azure and in your data center, as well as collection and correlation of valid and invalid authentication attempts, so you always know who is trying to access your cardholder data environment (CDE).
Continuous monitoring of user access to your Azure data processing resources and testing for vulnerabilities in your environment are not only requirements for PCI compliance but also critical security monitoring activities. USM Anywhere combines vulnerability assessment, event correlation, and log management to give you the security visibility you need in one central location.
USM Anywhere supports your information security policy by helping you to detect breaches sooner and to respond faster by enabling automated incident response and giving you all the relevant security data you need at your fingertips along with response guidance and threat intelligence.
PCI DSS Requirement 10 is one of the most commonly misunderstood PCI DSS requirements. In short, Req. 10 deals with the “who, what, where, and when” of users who access your sensitive data.
10.1 - 10.5 deal with collecting and securing audit logs, tracking access to cardholder data, admin actions, failed logins, and attempted changes to the audit trail.
USM Anywhere collects user activity data from your applications, systems, devices, and Azure cloud infrastructure. The data is parsed and immediately available to search on and run reports to evaluate what individual users are doing across your infrastructure. Additionally, USM Anywhere timestamps the data and stores it in a write once, read many (WORM) log storage to prevent tampering or modification of the data.
10.7 requires you keep audit history for at least one year, with a minimum of three months immediately available for analysis. USM Anywhere stores data online for 90 days, making it easy to view, analyze, and report on the data as required by PCI DSS. USM Anywhere also retains the data long term for a full year and includes options to store the data for longer if needed. This simplifies log management and secures long-term raw log retention for PCI DSS compliance, even in high-volume environments.
PCI DSS Requirement 11 centers on continuous testing of your environment to identify vulnerabilities, intrusions, and unauthorized system changes.
Out of the box, AlienVault USM Anywhere provides vulnerability assessment that allows you to detect and assess weaknesses of the systems in your Azure and on-premises environments. USM Anywhere’s continuous asset discovery and vulnerability scanning identifies vulnerabilities and correlates the data gathered by asset discovery scans with known vulnerability information for richer context.
By unifying the security data from its built-in asset discovery, vulnerability assessment, and intrusion detection capabilities, USM Anywhere provides the full situational awareness needed to reliably test your security systems and processes.
With the Azure-native cloud sensor in USM Anywhere, you gain the assurance of complete security visibility and continuous threat detection for your Azure cloud environment. When an incident happens, USM Anywhere provides security orchestration and automated incident response as a first line of defense, and gives you all the relevant security data you need to respond quickly and to mitigate the potential damage of a breach.
PCI Sections AlienVault USM Addresses
How AlienVault USM Helps
1. Install and maintain a firewall configuration to protect cardholder data.
1.1, 1.2, 1.3
2. Do not use vendor-supplied defaults for system password and other security parameters.
2.1, 2.2, 2.3, 2.4, 2.6
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Protect all systems against malware and regularly update antivirus software or programs
5.1, 5.2, 5.3, 5.4
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need to know
8. Identify and authenticate access to system components
8.1, 8.2, 8.5
9. Restrict pysical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8
11. Regularly test security systems and processes
11.1, 11.2, 11.4, 11.5, 11.6
12. Maintain a policy that addresses information security for all personnel
12.1, 12.5, 12.8