Sumo Logic ahead of the packRead article
Complete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.
Welcome to the demo of the Sumo Logic Application for PCI Compliance.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store, or transmit credit card information maintain a secure environment.
PCI is an essential part of any organization’s IT strategy that handles credit card information.
PCI = Costly + Complex Compliance
However, meeting PCI requirements can be costly and complex.
Any organization that handles payment cards, including debit and credit cards has to comply. Must meet 12 stringent requirements with ~200 control requirements. Merchants pay an average of $225,000 per year for audits. 2% of businesses outright fail compliance audits. Compliance challenges proliferate with hybrid infrastructures.
Sumo Logic App for PCI simplifies monitoring of the requirements while reducing the complexity associated with generating reports and satisfying order to specific requirements.
Demonstrate compliance with Sumo Logic:
The PCI app is an extension of our security analytics capabilities, including machine data intelligence, pattern recognition, and unique anomaly detection capabilities that enable you to find things you didn’t even know to look for.
Sumo Logic Meets Key PCI Requirements:
By monitoring all of your relevant machine data, this app helps you identify potential compliance issues in real time and on a scheduled basis, and it enables you to take action to identify root cause and resolve issues quickly.
Let’s take a brief look at the application, which is included in the Enterprise Edition of the Sumo Logic service. When I log into my application, I see a pre-built summary dashboard of my position against all PCI requirements. I see my current state, an ordered list by requirement, and a histogram of incidents by day. I can see that I have a number of incidents I need to look at. My focus is on understanding root cause behind these issues. Sumo Logic has crunched through hundreds of millions of log lines to identify these potential issues and it helps me prioritize and focus on what’s most relevant.
Let’s drill down one level to understand what’s behind this number. This is another pre-built dashboard where I can easily see each of the requirements and the number of incidents associated with them. The first thing I notice is the high number of potential issues against requirement 3, protecting stalled cardholder data. Let’s look at that first. We apply the luhn algorithm to the incoming data so we’re only looking at log entries that contain potential credit card numbers. This dashboard shows me the different classifications of incidents, in this case all related to data leaks, but it could show other classifications such as encryption key protection. Now, despite the high incident number, typically this issue comes from only a small number of root causes. It could be one system generating logs, a number of logs, with credit card entries in it. Across the dashboard, I can review the full list of incidents as well as analyze over time by source host, funnel name, and collector of source. And finally I can compare today’s data against the history to assess if this is unusual.
Let’s use Sumo Logic to quickly get to the root cause of these issues. I can immediately see from the list of incidents that some of them are nothing to worry about. Despite passing the luhn test, they are not credit card details. I’ll need to filter those out of the underlying search query, so that in the future, they do not appear. When I look at the incidents over time, I can see that most incidents are coming from a single collector. Let’s drill into this. Now I can see the same chart with the underlying log messages and I can begin some analysis. Switching to the actual log messages, I want to filter on just the appending collector source. In Sumo Logic, this is simple: I can simply click on the category, rerun the query, and now I’m filtered on just that collector. Looking at the results now, I can see that there is something that looks like customer cardholder data being captured in the logs. This could be development data, it could be completely innocent, but I need to be sure. I am going to take a copy and I’m going to attach is to our ticketing system and send it to the team that handles this application. Leveraging the ServiceNow integration with Sumo Logic, this step could be set up automatically, so it would raise a ServiceNow incident ticket.
That took me no time at all. Sumo Logic customers have dramatically reduced mean time to investigate on their issues, and I’ve just tackled the majority of the incidents in minutes. I know that with Sumo Logic, I will get to root cause on others equally quickly.
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.Start free trial
Discover new ways to leverage Sumo Logic to assist your organization with achieving compliance toward cyber security frameworks, including NIST 800-53/171, HIPAA, ISO 27001, NIST CMMC, PCI-DSS, and SOX. By simply leveraging text panels within dashboards, you can simplify compliance by highlighting control elements covered by Sumo Logic queries. Save time spent on audit walkthroughs and measuring control effectiveness by using real-time compliance dashboards which can be easily shared with your internal and external auditors.
Advance your knowledge of how to leverage the Sumo Logic platform for security. We’ll discuss utilizing LogReduce®/LogCompare, and our outlier functionality to determine anomalous activity around entities. You’ll learn how to take advantage of Sumo’s out-of-the-box content for security applications—including several new Work From Home solutions. In addition, we’ll walk through our native integration with CrowdStrike’s threat intelligence feed and how you can gain real-time dashboards and alerts. Finally, we’ll share how you can collapse your compliance use cases all in one place).
GoSpotCheck embraced open observability standards, like Prometheus and OpenTracing, early on, because we saw the promise of universal observability. Sumo Logic sees that promise also. As an organization practicing DevOps, devs, ops, and even support share responsibility for reliability engineering and need different views of data from sources that exist today, but also new applications and vendors that we'll create and work with tomorrow. We need everything in one place. Learn how we're building an observability solution encompassing self-managed and vendor-managed databases, Kubernetes clusters and PaaS apps, static front-ends and functions, request and event-based architectures, and how we plan see the whole system in Sumo Logic, thanks to the adoption of open standards.