AlienVault PCI DSS 3.0 Compliance

Unified Security Management

Unify Your Defenses and Accelerate PCI DSS 3.0 Compliance

Companies affected by the Payment Card Industry Data Security Standard (PCI DSS) are required to meet a wide range
of technical and operation requirements. Addressing these standards is not simply a matter of avoiding penalties; its
about incorporating security best practices that protect cardholder data into everyday activities. Unfortunately, many
organizations struggle to meet these requirementsthe Verizon 2014 PCI Compliance Report found that 89% of
organizations failed their 2013 PCI baseline assessment.[1]


PCI DSS 3.0 contains 12 requirements and 304 controls that apply to all entities involved in payment card processing
including merchants, processors, financial institutions, and service providers.[2] Most organizations seek to address these
requirements to deliver security controls by deploying multiple stand-alone products. Relying on separate technologies
creates a costly, time-consuming integration burden. This approach is especially challenging for smaller organizations that
have fewer resources to acquire, configure, and manage those separate technologies.

Unified Security with AlienVault

An alternative to stand-alone technologies is to deploy a
solution that integrates several technologies into a single
platform, managed by a single console. The AlienVault
Unified Security Management (USM) platform provides
five essential security capabilities every organization
needs to accelerate PCI DSS 3.0 compliance in three
deployment options: Physical Appliance, Virtual Appliance,
or in the Cloud:

Asset Discovery: Combines three core discovery and

inventory technologies to give you full visibility into the

devices that are on your network. :






Active Network Scanning

Passive Network Monitoring


Asset inventory
Host-based software inventory

Figure 1 - AlienVault USM Gives You Five Essential Technologies

Asset discovery and inventory are the first essential steps to knowing what systems are on your network, which of these
systems are in scope. AlienVault USM combines three core discovery and inventory technologies to give you full visibility
into the devices that show up on your network.

Unified Security Management

Vulnerability Assessment: Identifies assets with unpatched software, insecure configurations and other vulnerabilities
on your network:

Network Vulnerability Testing

Continuous Vulnerability Monitoring
The integrated internal vulnerability scanning keeps you abreast of vulnerabilities on your network, so you can prioritize
patch deployment and remediation. Continuous correlation of your dynamic asset inventory with our vulnerability database
provides you with up-to-date information on the vulnerabilities in your network, in between your periodic scans.

Threat Detection: Coordinates incident response and threat management with built-in security monitoring

technologies, emerging threat intelligence from AlienVault Labs, and seamless closed-loop workflow for rapid

Network-based IDS (NIDS)

Host-based IDS (HIDS)
Wireless IDS (WIDS)
File Integrity Monitoring
Built-in file integrity monitoring in host-based agents installed on in-scope servers alerts you to unauthorized modification
of system files, configuration files or content. Monitoring of network access across both wired and wireless networks using
host- and network-based detection systems identified who tried to access those systems, files, and content.

Behavioral Monitoring: Identifies anomalies and other patterns that signal new, unknown threats in your network, as
well as suspicious behavior and policy violations by authorized users and devices:

Service and Infrastructure Monitoring

Netflow Analysis
Log collection
Network Protocol Analysis / Full Packet Capture
Integrated behavioral monitoring gathers data to help you understand normal system and network activity, which simplifies
incident response when investigating a suspicious operational issue or potential security incident. Full packet capture
enables complete protocol analysis of network traffic, providing a comprehensive replay of the events that occurred during a
potential breach.

Security Intelligence (SIEM): Identify, contain, and remediate threats in your network by prioritizing your risk and

Event and Intelligence Correlation

Incident Response
You can automatically correlate log data with actionable security intelligence to identify policy violations and receive
contextually relevant workflow-driven response procedures. You can also conduct forensic analysis of events using digitally
signed raw logs for evidence preservation.

Unified Security Management

OTX Automated, Real-Time Threat Exchange
AlienVaults Open Threat Exchange (OTX) is a unique security intelligence technology
integrated with AlienVault USM that helps you to defend against threats directed
at your network. AlienVault OTX enables anonymous sharing of threat intelligence,
validated by AlienVault Labs.
AlienVault OTX is a framework for a unique and powerful collaborative defense
capability that shifts the advantage away from the attacker because it enables
organizations to receive threat intelligence generated from information shared (as well
as the option of sending threat data) by a broad range of devices. These devices include
Firewalls, Proxies, Web Servers, Anti-malware systems, and Intrusion Detection/
Prevention Systems (IDS/IPS).

Figure 2 - Threat Sharing Gives You an

Advantage Over Attackers

The AlienVault OTX benefits include:

Shifts the advantage from the attacker to the defender

Open for anyone to participate, not just AlienVault customers.
Each member benefits from the incidents affecting all of the other members
Automated sharing of threat data accelerates the distribution to all members
Data collected from over 140 countries ensures broad visibility of threat trends
AlienVault Labs Up-to-Date Protection
The AlienVault Labs team of researchers review and validate incoming threat data to
ensure that only the most accurate and actionable intelligence is published. The team
analyzes the latest attacks, exploits, breaches, and malware strains to stay up-to-date
with the latest threats from around the world. Additionally, AlienVault Labs constantly
monitors, analyses, reverse engineers, and reports on sophisticated zero-day threats
including malware, botnets, phishing campaigns and more.
To ensure your protection is up-to-date against the latest threats, the AlienVault Labs
provides regular updates to eight coordinated rulesets:

Network-based IDS signatures

Host-based IDS signatures
Asset discovery and inventory database updates
Vulnerability database updates
Event correlation rules
Report modules and templates
Incident response templates / how to guidance for each alarm
Plug-ins to accommodate new data sources

Figure 3 - Integrated Threat

Intelligence Protects You from the
Latest Threats

Unified Security Management

Accelerate Your Compliance and Unify Your Defenses
At AlienVault, we understand that PCI compliance is a process, not a check box. To achieve compliance takes focus,
determination, and the right set of tools. By building these essential security capabilities into an integrated, complete
solution, AlienVault USM delivers a workflow-centric solution that materially reduces your organizations time to compliance
versus a solution stitched together from individual point products.
We also understand that simplicity and effectiveness go hand-in-hand. Thats why weve built all of these essential security
capabilities into an integrated platform unifying your defenses, saving you time and money, and reducing the complexity of
doing it yourself.
For more information on how we can work together to help you meet your PCI compliance needs, contact us at
1-650-453-2350 or send email to

How AlienVault USM Helps You Comply with PCI DSS 3.0 Requirements
Rel evant Al i enVaul t U S M C a p a b i l i t i e s

B e n e f i t s of U n i f i e d S e c u r i t y M a n a g e m en t

1.1, 1.2, 1.3

P C I DSS Req uir eme nt

Install and
maintain a
configuration to
cardholder data

NetFlow analysis
System availability monitoring
Asset discovery

Unified and correlated NetFlow analysis and firewall logs

delivers single pane of glass visibility into access to
cardholder-related data and resources.
Built-in asset discovery provides a dynamic asset
inventory and topology diagrams. Cardholder-related
resources can be identified and monitored for unusual
Accurate and automated asset inventory combined with
relevant security events accelerate incident response
efforts and analysis.

2.1, 2.2, 2.3, 2.4

Do not use
defaults for
passwords and
other security

Network intrusion detection (IDS)

Vulnerability assessment
Host-based intrusion detection (HIDS)

Built-in, automated vulnerability assessment identifies the

use of weak and default passwords.
Built-in host-based intrusion detection and file integrity
monitoring will signal when password files and other
critical system files have been modified.


Protect stored
cardholder data

Log management
Host-based intrusion detection (HIDS)
File integrity monitoring
NetFlow analysis

Unified log review and analysis, with triggered alerts for

high risk systems (containing credit cardholder data).
Built-in host-based intrusion detection and file integrity
monitoring detect and alarm on changes to cryptographic
Unified NetFlow analysis and event correlation monitors
traffic and issues alerts on unencrypted traffic to/from
cardholder-related resources.


transmission of
cardholder data
across open,
public networks

Netflow Analysis
Behavioral Monitoring
Wireless IDS

Unified NetFlow analysis and event correlation monitors

traffic and issues alerts on unencrypted traffic to/from
cardholder-related resources.
Built-in wireless IDS monitors encryption strength and
identifies unauthorized access attempts to critical

5.1, 5.2, 5.3

Protect all
systems against
malware and
regularly update
software or

Host-based intrusion detection (HIDS)

Network intrusion detection (IDS)
Log management

Built-in host-based intrusion detection provides an extra

layer of defense against zero day threats (before an antivirus update can be issued).
Unified log management provides an audit trail of antivirus software use by collecting log data from anti-virus
Built-in network intrusion detection identifies and alerts
on malware infections in the credit cardholder data

Rel evant Al i enVaul t U S M C a p a b i l i t i e s

B e n e f i t s of U n i f i e d S e c u r i t y M a n a g e m en t

6.1, 6.2, 6.3,

6.4, 6.5, 6.6

P C I DSS Req uir eme nt

Develop and
maintain secure
systems and

Asset discovery
Vulnerability assessment
Network intrusion detection (IDS)

Built-in and consolidated asset inventory, vulnerability

assessment, threat detection and event correlation
provides a unified view of an organizations security
posture and critical system configuration.
Built-in vulnerability assessment checks for a variety of
well-known security exploits (i.e., SQL injection).

7.1, 7.2

Restrict access
to cardholder
data by business
need to know


Automated event correlation identifies unauthorized

access to systems with credit cardholder data.

8.1, 8.2, 8.4,

8.5, 8.6

Identify and
access to system

Log Management

Built-in log management captures all user account creation

activities and can also identify unencrypted passwords
on critical systems, as well as collection and correlation
of valid and invalid authentication attempts on critical

10.1, 10.2, 10.3,

10.4, 10.5, 10.6,

Track and
monitor access to
all network
resources and
cardholder data

Host-based intrusion detection (HIDS)

Network intrusion detection (IDS)
Behavioral monitoring
Log management

Built-in threat detection, behavioral monitoring and event

correlation signals attacks in progressfor example,
unauthorized access followed by additional security
exposures such as cardholder data exfiltration.
Built-in log management enables the collection and
correlation of valid and invalid authentication attempts on
critical devices.
Centralized, role-based access control for audit trails and
event logs preserves chain of custody for investigations.

11.1, 11.2, 11.3,

11.4, 11.5

Regularly test
security systems
and processes

Vulnerability assessment
Wireless IDS
Host-based intrusion detection (HIDS)
File integrity monitoring

Built-in vulnerability assessment streamlines the scanning

and remediation process one console to manage it all.
Built-in wireless IDS detects and alerts on rogue wireless
access points, and weak encryption configurations.
Built-in host-based intrusion detection identifies the
attachment of USB devices including WLAN cards.
Unified vulnerability assessment, threat detection, and
event correlation provides full situational awareness in
order to reliably test security systems and processes.
Built-in file integrity monitoring alerts on unauthorized
modification of system files, configuration files, or

