PCI-DSS: Protecting Cardholder Data

Credit and debit cards have become a common form of payment around the globe, used to purchase trillions of dollars in goods and services each year. Unfortunately, major breaches of card data continue to occur, exposing the risks inherent in their use. To combat fraud, data breaches, and other threats to cardholder data, the Payment Card Industry (PCI) has developed the Data Security Standard (DSS) standard to protect customer information through the global adoption of consistent data security measures. The PCI-DSS standard is mandatory for every organization that stores or transmits credit or debit card data, including retailers of all sizes, payment processors, and financial institutions.

So Much More than Log Data

The PCI-DSS standard requires organizations to have visibility across a broad range of enterprise security information: system configurations, operating system and application logs, network flow data, vulnerability data, and even system performance metrics. Many organizations think that security information and event management (SIEM) or simple log management software is enough to meet PCI-DSS reporting requirements, but it's not: in fact, SIEM and/or log management only address a small piece of the PCI-DSS puzzle, because these solutions are limited primarily to log and event data - only one of many types of security data required for comprehensive PCI-DSS compliance. Other organizations may have multiple security point solutions to address a broader set of PCI-DSS requirements, but have no method to bring together data from these many different products into a single platform - an approach that leaves security and compliance personnel blind to the big picture of security and compliance across the enterprise.

PCIVue: Comprehensive PCI-DSS Compliance Auditing

PCIVue is a turnkey, appliance-based package from eIQnetworks that provides comprehensive information security management and PCI-DSS compliance reporting from a single console. Using an integrated data model, PCIVue goes beyond traditional SIEM products, log management tools, and other security point solutions by providing users with the ability to:

  Collect, correlate, archive, analyze and report on all information required by PCI-DSS, including log, vulnerability, configuration, asset, performance and network behavioral anomaly data across the enterprise

  Instantly access a library of over 150 custom reports mapped directly to relevant requirements of the PCI-DSS standard

  Measure overall PCI-DSS compliance to identify the why, when, where and how of violations and provide the information required for remediation.

PCIVue from eIQnetworks brings together all of the information security data from across your enterprise into a 'single pane of glass', for complete visibility into PCI-DSS compliance and security operations. Unlike traditional SIEM and log management tools, PCIVue enables users to gain enterprise-wide analysis of all security data related to PCI-DSS compliance, including asset and configuration data, logs and events, system vulnerabilities, network flows, and system performance. From comprehensive PCI-DSS reporting, to hands-on security operations, PCIVue provides organizations with the most comprehensive PCI-DSS compliance solution available in a single platform.

Standards Supported	PCI DSS 1.2
Management Console	Web browser; certfied for use with Microsoft Internet Explorer and Mozilla FireFox
Data Sources	Logs: syslog; Windows Event Log API; ftp; NFS; CIFS; ODBC Asset and Configuration data: WMI; ADSI; LSA; ssh; telnet; CPMI; LEA; SDEE; RDEP Network flow data: NetFlow; C-Flow; J-Flow; S-Flow Performance data: SNMP MIBs and traps, v1, v2, and v3 Native support for over 500 devices, operating systems, applications, and databases Universal Parser for GUI-based integration of new and legacy data sources
Operating System	Windows Server 2003 R2 64-bit
CPUs	(2) Intel Xeon® Quad-Core
RAM	8GB DDR2
Storage	(4) 30GB SATA, 1.2TB on-board storage Supports any attached file system for storage expansion, including SAN, NAS, and non-disk media
Network Interfaces	(2) 10/100/1000 Gigabit Ethernet
Chassis	2U
Dimensions	29.31'D x 17.5'W x 3.4'H
Power Supply	Dual Redundant, Auto-Sensing
PCIVue Database	Proprietary, high-performance flat-file
Data Compression	Up to 80:1
Authentication and Encryption	AES-192 cipher for data at rest and in transit Local and Active Directory-based user authentication
Devices Supported	Up to 750 (license limited)
Maximum Sustained Throughput	10,000 events per second (EPS)
Certifications	NIST FIPS-140-2 NIAP Common Criteria EAL 2; in-process for EAL 4+

Support | Blog | Contact Us | Request a Quote          Overview       SIEM and Log Management       Compliance Automation       Configuration Assessment       Configuration Auditing       Cyber Security       Situational Awareness and       Risk Management (SARM)       File Integrity Monitoring       Forensics       Cisco MARS Migration      Overview      SecureVue      PCIVue      NERCVue      HIPAAVue      Overview      Professional Services      Education      Customer Support      Customer Portal      Energy & Utilities      Financial Services      Government      Healthcare      MSSP      Retail      Partner Program         - MSSP Partner Program         - Reseller Partner Program      MSSP Partners      OEM Partners      Federal Partners      Technology Partners      Partner Portal      Overview      Videos      Case Studies      Webcasts      Podcasts      Solution Briefs      Datasheets      Product Support      Whitepapers & Reports      Reviews      Newsletters      Overview      Management      News      Press Releases      Events      Awards      Customers      Legal      Contact Us      Privacy Policy Products Overview SecureVue PCIVue NERCVue HIPAAVue   PCIVue: Comprehensive PCI-DSS Compliance Auditing PCIVue is a turnkey, appliance-based package from eIQnetworks that provides comprehensive information security management and PCI-DSS compliance reporting from a single console. Using an integrated data model, PCIVue goes beyond traditional SIEM products, log management tools, and other security point solutions by providing users with the ability to:   Collect, correlate, archive, analyze and report on all information required by PCI-DSS, including log, vulnerability, configuration, asset, performance and network behavioral anomaly data across the enterprise   Instantly access a library of over 150 custom reports mapped directly to relevant requirements of the PCI-DSS standard   Measure overall PCI-DSS compliance to identify the why, when, where and how of violations and provide the information required for remediation.   Whitepaper Compliance for Everyone: Implementing a Security Framework Approach to Address Compliance Mandates Solution Briefs  PCIVue Product Data Sheet  PCIVue Compliance Reporting  PCIVue Operational Security © 2010 Copyright eIQnetworks, Inc. | All Rights Reserved Search | Site Map | Contact Us |