As the systems that fall within the scope of PCI generate data at an exponential rate, the task of maintaining compliance requirements and protecting critical data is becoming overwhelming – the Verizon 2015 PCI Compliance Report found that 80% of organizations failed their 2014 interim compliance assessment.1 When combined with the increasing sophistication of attacks, it’s no wonder that IT struggles to reconcile these growing needs with existing solutions that don’t work. According to Mandiant M-Trends report2, companies have no idea they have been hacked, and the median number of days before breach detection is 205 – that is over 6 months! The end result is an expensive yet incomplete infrastructure that requires more manpower to manage and simply adds to the chaos and ongoing security risks.
Over the years, the PCI compliance standard has undergone substantial changes, and the unpredictable nature of compliance audits where auditors can request precise information related to an organization’s operations makes meeting all requirements an arduous. task. According to a recent survey by the PCI Security Standards Council (SSC) Daily Log Monitoring Special Interest Group (SIG)3, addressing requirement 10 (Track and monitor all access to network resources and cardholder data) and 10.6 (Review logs and security events for all system components to identify anomalies or suspicious activity) were particularly challenging for the majority of respondents.
Read this solution brief to find out how Sumo Logic’s cloud-native, data-analytics services helps you address log management, monitoring and data retention challenges as prescribed by PCI DSS Requirement 10.