There are two ways to automate log reviews. There's the common approach:
Buy a product with PCI Compliance reports, check the box for each of those, send the reports by email to someone who will say they are being reviewed. done.
A lot of organizations do that, but it's really just checkbox compliance with the standard and does not add anything in terms of security value. Ask yourself, what are those "PCI Compliance Reports"? How can someone know what needs to be reviewed in our logs if the standard itself does not specify that?
The other way can use the same product mentioned above, but on this case you have real people (with knowledge about what's in those logs and what you need to look for) writing the rules for alerts and reports. A process for periodical reviews of those conditions is also necessary.
There's no "Enable PCI" solution for log review. Only dumb QSAs buy that.
Post a Comment