Set Up the Sumo Logic PCI App
As data security becomes increasingly paramount, enterprises may reference certifications and standards such as the requirements of the Payment Card Industry Security Standard Council Data Security Standards (known as PCI DSS) as a means of assessing their policies and practices. Even if you don't handle payment card information, the requirements under PCI DSS may serve as proxies for controls and obligations that businesses have in place and seek to actively monitor.
Maintaining compliance with any regulation or law is something each entity must manage. Self-policing is always tricky, but when your organization is handling thousands upon thousands of log messages with potentially sensitive data, the task becomes monumental.
That's where the Sumo Logic PCI App comes in. With ready-made Dashboards that monitor each aspect of PCI compliance, targeted searches that allow you to dive into specific areas, and carefully designed ad-hoc reports, your job becomes much easier. Instead of using manpower to look through millions of log lines, Sumo Logic watches over your deployment, making potential problems easy to spot.
The Sumo Logic PCI App provides sample dashboards and searches to help track your environment against 11 of the 12 PCI required control groups. As with all of our apps, we recommend you customize these searches and dashboards to tailor them to your specific monitoring and troubleshooting needs so you get only get alerted on conditions important to you.
Prerequisites
Enterprise customers onlyFor more information on this app, contact sales@sumologic.com.
How It Works
The Sumo Logic PCI Application takes log data uploaded to Sumo Logic, then indexes this data into a View. This indexing allows for quicker search results against your data. The View is used for PCI Requirement searches as well as PCI Dashboards.
One PCI-related data appears in a Dashboard, you can learn more about particular incidents. This type of forensic investigation is also expedited with the View indexing.
Request Installation
The Sumo Logic PCI Compliance App is available for Enterprise accounts only. You may upgrade your account at any time. If you'd like more information on this App, follow the instructions below or contact your Sumo Logic sales representative.
Our team installs and configures the app to ensure that Collectors and Sources are gathering the information related to PCI compliance, and customizes any queries to point to the proper data points.
To request installation of the PCI app:
- Select App Catalog, search for the PCI app.
- Click Request App Install.
- Select the option to give Sumo Logic agents permission to access your account to install the app, and click Request.
To request installation of the PCI app in the classic UI:
- Select App Catalog, search for the PCI app.
- Click Library > Apps, then select PCI.
- Click Request Estimate.
- Select the option to give Sumo Logic agents permission to access your account to install the app, and click Request.
PCI Reports
Unlike Dashboards and scheduled searches, reports can be modified, allowing flexibility, including:
- Identify long term trends. Change the time range of a report to get additional information that extends beyond the reach of Dashboards.
- Modify to get a closer look. Need additional insight into events on a single host? Or perhaps trying to find more details of a user's activity? Reports can return very granular information by making just a few edits to the query. You can choose to save an edited report as a saved search on its own.
- Concentrate efforts. If one area of your deployment is trickier to keep in compliance, run a report more target report at a more frequent interval.
Included PCI Reports
The following reports are included with the Sumo Logic Application for PCI Compliance:
- Account Access Activity.
- Account Management Activity.
- Actions by Privileged Accounts.
- Audit Log Cleared.
- AV Failed Updates.
- AV Malware Activity.
- Network Device Configuration Changes.
- Network Incident Report.
- Potential Credit Card Data Found.
- Prohibited Service Activity.
- Software Updates.
- System Time Change.
All of these reports can be run ad-hoc, or can be saved as scheduled searches.
Why aren't Reports included in Dashboards?
Reports are designed to deliver very specific, granular information, which is not always aggregated, so that individual log messages may be returned in search results. Think of Reports as a tool to augment discoveries uncovered by the constant search results delivered by Dashboards.
PCI Dashboards
This logical grouping of issues, events, or activities makes it easy for an organization to make sure they're continuing to comply with each requirement, and remediate any problems that could present a violation.
Sumo Logic based the PCI app on PCI DSS Requirements and Security Assessment Procedures, Version 2.0. Requirements one through 11 have Dashboards custom-built to help you zero in on data relevant to each requirement. (Requirement 12, Maintain a policy that addresses information security for all personnel, can't be measured through log data, there is no Dashboard.)
The requirements are as follows:
- Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
- Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
- Requirement 3: Protect stored cardholder data.
- Requirement 4: Encrypt transmission of cardholder data across open, public networks.
- Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs.
- Requirement 6: Develop and maintain secure systems and applications.
- Requirement 7: Restrict access to cardholder data by business need-to-know.
- Requirement 8: Identify and authenticate access to system components.
- Requirement 9: Restrict physical access to cardholder data.
- Requirement 10: Track and monitor all access to network resources and cardholder data.
- Requirement 11: Regularly test security systems and processes.
While some facets of these standards are based on policies set outside of your log data, Sumo Logic works to monitor data-driven aspects of the standards. For example, requirements that need audits of individual actions can be monitored through Sumo Logic's app.
PCI Posture Overview Dashboard
Think of the Posture Overview Dashboard as a high-level look at the state of failures currently occurring, as well as a chart that displays the number of failures that occurred over the past seven days. These failures are clearly labeled with the PCI Requirement that could be violated by the failures.
Current PCI State. Displays a single, color-coded value associated with the number of failures that have occurred over the past day.
Failures by Requirements. Shows the number of failures by PCI Requirement.
History of Failures. Displays a chart of all failures that have occurred over the past week.
PCI Requirement Compliance Status Dashboard
The PCI Requirement Compliance Status Dashboard provides a high-level view of the number of outstanding incidents for each PCI requirement.
PCI Requirement 1 Dashboard
PCI Requirement 1 Secure Network Monitoring Dashboard reports the state of your organization's compliance of having a firewall installed and configured to properly protect cardholder data.
Information relating to this requirement can be found in network activity and events, such as inbound and outbound cardholder activity, as well as network configuration changes.
PCI Requirement 2 Dashboard
The PCI Requirement 2 Default Setting Monitoring Dashboard provides information any use of vendor-supplied or default system passwords and security parameters in your organization.
PCI Requirement 3 Dashboard
The PCI Requirement 31 Protect Stored Cardholder Data Dashboard details your compliance for protecting stored cardholder data.
PCI Requirement 4 Dashboard
PCI Requirement 4 Dashboard reports the state of your organization's encryption of cardholder data. Panels in this Dashboard look at incidents generated by firewalls, for example, or other hosts or ports that handle the flow of data that should be encrypted.
PCI Requirement 5 Dashboard
PCI Requirement 5 Anti Virus Updates Dashboard makes sure that anti-virus software is regularly updated, and also looks at any anti-virus threats to servers, as well as failed anti-virus updates.
PCI Requirement 6 Dashboard
PCI Requirement 6 Application Updates Dashboard looks at the states of application upgrades that have occurred across your deployment. Critical vulnerabilities are also monitored.
PCI Requirement 7 Dashboard
PCI Requirement 7 Cardholder Data Access Monitoring Dashboard helps you verify that your organization is restricting access to cardholder data only to those with an explicit purpose. The Dashboard contains a number of Panels that watch for any attempts to access environments that store cardholder information, so you easily can see who is attempting to gain access to the data.
PCI Requirement 8 Dashboard
The PCI Requirement 8 User Activity Dashboard helps you comply with each user having their own unique ID. Panels look at account creation/enablement, account deletion/disablement, and password changes. Additionally, you can view a chart that displays a summary of the overall number of user account creations/deletions over a week.
PCI Requirement 9 Dashboard
The PCI Requirement 9 Physical Access Dashboard contains Panels that check for any violations of physical access to machines that contain cardholder data. Each access request is logged and displayed by user name.
PCI Requirement 10 Dashboard
The PCI Requirement 10 Data Access Dashboard contains Panels that track each time a network resource is accessed.
PCI Requirement 11 Dashboard
The PCI Requirement 11 Vulnerability Scan Dashboard helps you comply with the requirement to regularly test security systems. This Dashboard gives you a look at the number of hosts scanned over the past day, along with any vulnerabilities that need to be addressed.
