Changes on critical servers often signal a breach. That's why it's essential to use file integrity monitoring (FIM) for your critical systems so you're alerted as soon as file changes occur in critical system files, configuration files, and sensitive data files, as well as log and audit files which could be modified to hide an attacker's tracks. In fact, if those servers are in scope of your cardholder data environment (CDE), PCI DSS requirements 10.5.5 and 11.5 state you must install FIM software to pass your audit.
AlienVault® Unified Security Management™ (USM) helps you meet these PCI DSS requirements with file integrity monitoring that's built into its unified platform for threat detection, response, and compliance management. AlienVault USM simplifies security and compliance with centralized visibility of your on-premises and cloud environments, including AWS and Azure, as well as cloud applications such as Office 365 and G Suite, helping to eliminate potentially dangerous blind spots. Our unified platform combines multiple security capabilities within a single pane of glass, including SIEM, log management, intrusion detection, vulnerability assessment, incident response automation, and more, ensuring you have the essential tools at your fingertips to not only demonstrate and maintain compliance, but very importantly, gain crucial full-environment threat detection and response capabilities.
* The ISMS that governs USM Anywhere, USM Central
Generally speaking, you should be selective about where and how you enable your FIM solution, since many system and application files will change often in a dynamic environment. You should focus on monitoring the integrity of critical files on in-scope assets to detect unauthorized modifications which could indicate compromised devices or applications. In other words, install FIM wherever you need to monitor changes made to in-scope servers.
The built-in FIM capabilities in AlienVault USM enable you to easily monitor the systems that contain sensitive data within your CDE, whether in the cloud or on-premises, alerting you to changes made to critical files. But it doesn’t stop there, AlienVault USM correlates file integrity monitoring data with other data across the environment, for full visibility and context. Any access or modification to a monitored file is tracked, and the correlation capabilities within the USM platform will generate an alarm to notify you of any anomalous activity against the file. And, though not all accesses and changes require a response, it’s important to monitor all activity to first determine a baseline and then detect any abnormalities like policy violations or potential system compromise. The end result is actionable intelligence that enables you to prioritize accordingly.
Last but not least, AlienVault USM features customizable, pre-defined templates for PCI DSS and other compliance regulations that make it fast and simple to review FIM activity across your environment and quickly generate audit reports on the spot.
The PCI DSS standard is explicit on this. If you need to demonstrate PCI DSS compliance, then you must install FIM on your critical assets to track changes to:
With AlienVault USM, you get comprehensive visibility and a necessary audit trail, enabling you to easily track changes to critical files, regardless of the asset’s location, enabling you to validate any that changes made were authorized, expected, and did not jeopardize the integrity or security of the data in those files, or negatively impact the security operations of your business-critical systems.
You can simplify the implementation of FIM and a host-based intrusion detection system (HIDS) with the unified AlienVault USM platform, rather than installing multiple single-purpose tools in your environment.
With AlienVault USM, you can perform file integrity monitoring, Windows registry monitoring, and host-based intrusion detection (HIDS), giving you the most robust intrusion detection and change management controls in a single, lightweight solution.
Monitoring privileged user activity on your critical systems and accounts is an essential security best practice. In fact, many regulatory standards, including PCI DSS, explicitly require it.
AlienVault USM’s implementation of host-based IDS enables you to monitor user activity on your critical systems. These events are forensically captured, processed, and correlated with other data to provide the necessary context you need for effective incident response.
While file integrity monitoring is a critical component of PCI DSS compliance, as well as other regulatory standards, FIM tools alone aren’t enough to pass your next audit. You need a broad range of security technologies and capabilities to demonstrate compliance for the other PCI DSS Requirements. And while it may seem tempting to use a standalone file integrity monitoring tool—be it open-source or commercial—to pass your next audit, it's not a viable shortcut to compliance.
For most IT security teams, it is a significant challenge to source, purchase, and integrate all the multiple point security solutions needed to be compliance-ready. Not only does this consume significant time, resources, and budget, but most organizations need to be audit-ready yesterday.
AlienVault USM addresses the urgency, high costs, and complex technical challenges that surround PCI compliance. By bringing together multiple essential security capabilities needed to meet compliance on one unified platform–including asset discovery, vulnerability assessment, threat detection (including malware and ransomware), incident response, and compliance log management and reporting–USM delivers a fast, affordable, and easy-to-use compliance management solution.
Whether your cardholder environments touch your on-premises infrastructure, AWS or Azure cloud, or exist across a hybrid environment, the USM platform delivers a comprehensive set of security technologies and integrated threat intelligence that can be fully deployed in days, not weeks or months. With it, you can get ready for your fast-approaching audit and maintain continuous security and compliance management all year long.
PCI Sections AlienVault USM Addresses
How AlienVault USM Helps
1. Install and maintain a firewall configuration to protect cardholder data.
1.1, 1.2, 1.3
2. Do not use vendor-supplied defaults for system password and other security parameters.
2.1, 2.2, 2.3, 2.4, 2.6
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Protect all systems against malware and regularly update antivirus software or programs
5.1, 5.2, 5.3, 5.4
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need to know
8. Identify and authenticate access to system components
8.1, 8.2, 8.5
9. Restrict pysical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8
11. Regularly test security systems and processes
11.1, 11.2, 11.4, 11.5, 11.6
12. Maintain a policy that addresses information security for all personnel
12.1, 12.5, 12.8