Effective Daily Log Monitoring for PCI

Security technologies such as firewalls are meant, at best, to prevent data security breaches, or at worst, detect them before they get out of hand; but in some cases, organizations have been complacent. In the infamous Target data breach of 2013, hackers were roaming their system and stealing data for two weeks before the breach was even detected. In the equally egregious breach of Heartland Payment Systems five years earlier, hackers were stealing data for several weeks before the invasion was discovered. Ironically, both Heartland and Target were PCI-compliant, but the time lag between system compromise and detection was unnecessarily long. And, they’re not alone in this regard.So, is security log monitoring the answer? It can be, provided the logs are monitored regularly and in as close to real time as possible. It does no good to log the suspicious activity if the logs themselves aren’t being monitored and analyzed. Today’s data thieves are becoming more and more sophisticated, and unless the holders of information assets meet the increased challenges the thieves pose, they risk catastrophic erosion of their information security defenses and the resultant consequences.In the time since the two breaches mentioned above, PCI DSS compliance standards have come a long way. With regard to log monitoring, they can be briefly summarized as follows:

1. Proactive monitoring of security logs is essential to the detection of breaches and the protection of information assets.
2. Log reviews of critical systems must be conducted on a daily basis.
3. Non-critical systems can be monitored less frequently based on the judgment of the data custodian.
4. When a security event is detected, it must be investigated further to confirm or refute the occurrence of malicious activity.
5. Formal response procedures must be in place to respond to any such malicious activity.
6. Appropriate personnel must be assigned to monitor alerts and to respond to security events on a 24/7 basis.
7. Incident response procedures should include guidance on handling instances of known malicious behavior.

By requiring organizations to adhere to these requirements, PCI hopes that they will be able to detect and defend against data breaches, and to minimize the harm that these breaches cause. But this brings up another issue: How does an organization plan for effective daily log monitoring?In its May 2016 Information Supplement on Log Monitoring, The PCI Security Standards Council states the following:“Effective log-monitoring practices start with effective planning of log-monitoring needs and activities. To be most effective at log-monitoring (and to meet the intent of PCI DSS Requirements for log monitoring), organizations must have thorough understanding of their legal, regulatory, business, and operational requirements. In addition, they must understand the technical capabilities of the systems that need to be monitored, the technologies available to assist with monitoring processes, and the technical capabilities of other individuals and teams within the organization who can assist in developing effective and efficient log monitoring practices.”The Council enumerates what they mean in the following recommendations. Organizations should, they urge:

1. Determine their logging requirements.
2. Define the high-level activities to be monitored.
3. Identify all potential log sources.
4. Document log source characteristics.
5. Identify and map system-level event messages to high-level messages.
6. Prioritize their log sources.
7. Determine who to notify when security events occur.
8. Define procedures to respond to security events.
9. Document logging requirements, including logging policy and use cases.

This sounds daunting, and in many cases, more than an organization can handle by itself. But there is good news. You don’t have to try to resolve the challenges posed by daily log monitoring all by yourself. By teaming with NetWorks Group, a Qualified Security Assessor Company since 2007, all PCI DSS compliance issues, not limited to daily log monitoring, can be handled with a minimum of hassle on your part.The NetWorks Group solution includes PCI assessment services, infrastructure evaluation and compliance assurance, and testing. In addition, the pros at NetWorks Group will make sure that your infrastructure configuration conforms to your compliance requirements, audit your network to discover potential holes and vulnerabilities, and provide you with recommendations for appropriate remediation.Daily log monitoring is a mandatory component of PCI DSS compliance, and that compliance is all-important to your credibility and success. Beyond that, though, if you’re looking for a partner to ensure that you are compliant with every facet, level, component and even philosophy of data security and PCI DSS compliance, look no further than NetWorks Group.

Contact Networks Groups