Monitoring critical system files, configuration files, and content files for unusual or unauthorized activity is one of the core requirements of the PCI-DSS, the payment card industry’s security standard. As such, file integrity monitoring (FIM) is a necessary activity for companies that process or store credit card data. Security teams can choose from any number of endpoint security tools to handle FIM for PCI compliance, but some solutions do more than others.
In this article we’ll highlight the basic FIM requirements of PCI, and explain how you can meet multiple PCI compliance standards—including FIM—with one powerful endpoint security tool.
A set of security standards formed in 2004 by Visa, MasterCard, Discover Financial Services, JCB International and American Express, PCI and DSS stands for Payment Card Industry Data Security Standard.
Applying to all entities that store, process, and/or transmit cardholder data, and all technical and operational system components included or connected to cardholder data, if you are a merchant who accepts or processes payment cards, you must comply with PCI DSS.
There are 4 levels to PCI DSS compliance that determine which compliance category an organization pertains to based on the volume of card transactions it handles per year. As for standards, there are 12 security requirements that comprise the PCI DSS data security standard for the payment card industry that is maintained by the PCI Security Standards Council.
To protect cardholder data, the PCI-DSS outlines a set of 12 requirements that apply to all businesses which store, process, or transmit payment card data. While some of these requirements have to do with physical processes, two of them—requirements 10 and 11—provide specific guidelines on how to protect the data stored within computer networks:
To address these PCI requirements, security teams employ file integrity monitoring software, or other security software with embedded FIM capability.
FIM tools monitor all file modifications—including additions (new files being created), changes, and deletions—and alert specified personnel when unauthorized changes to files and directories occur. (Tweet this!)
If not properly implemented, unauthorized changes can result in other security controls being rendered ineffective and cardholder data being stolen with no other perceptible impact.
PCI DSS is a compliance framework and an industry-mandated set of standards to keep consumers’ card data safe when it is used with merchants and service providers.
Protecting cardholder data wherever it is processed, stored, or transmitted is the goal of PCI DSS. The PAN - primary account number printed on the front of a payment card is an example of a security control and process required by PCI DSS vital to protecting cardholder account data.
PCI DSS is a compliance framework and an industry-mandated set of standards to keep consumer's card data safe when it is used with merchants and service providers.
Protecting cardholder data wherever it is processed, stored, or transmitted is the goal of PCI DSS. The PAN - primary account number printed on the front of a payment card is an example of a security control and process required by PCI DSS that is vital for protecting cardholder account data.
Finding the right file integrity monitoring software can be a challenge, particularly when you’re managing a hybrid of cloud and on-premises infrastructure across macOS, Linux, and Windows. FIM is a key capability of Uptycs, an osquery-powered security analytics platform.
It allows you to manage file integrity across complex networks, so that instead of relying on several platforms to monitor Windows, Mac, and Linux, you can monitor all file activity in one unified environment. The Uptycs FIM module provides full visibility across operating systems with continuous file monitoring, flexible configuration options, file change analysis, and contextual alerts. As a result, security engineers, site reliability engineers, incident response teams and IT professionals are better equipped to secure and monitor endpoint fleet and server workloads.
When using Uptycs as a PCI-compliant FIM software, simply identify which files or paths you want to monitor, and Uptycs will look for changes as they occur. If you’ve requested alert notifications, Uptycs will notify you in real time, sending a message via email, Slack, or an incident management platform like PagerDuty. Uptycs also integrates with your SOAR and SIEM solutions.
Our file integrity monitoring solution leverages the versatility of the open source agent osquery. Using over 200 system tables, Uptycs can provide detailed insight around which file was modified, the process name and ID, the date, time, and user that performed the action, and more, allowing security team members to quickly respond to potential breaches and unauthorized modifications.
The Uptycs file integrity monitoring solution also provides the ability to analyze historical data, recreating an asset at a given point in time to reveal exactly what happened to critical files, and how the incident occurred.
As an endpoint security analytics platform, Uptycs can also be used to meet other endpoint-focused PCI requirements:
Vulnerability detection is a way for security teams to identify potential vulnerabilities in the software running within their environments; it’s also another core requirement of the PCI-DSS. PCI-DSS Requirement 11 calls for organizations to regularly test security systems and processes, while 11.2 requires vulnerability scanning. The Uptycs platform provides out-of-the-box Linux vulnerability detection capabilities that allow organizations to meet this requirement.
Login auditing can help organizations meet Requirement 10.6, which calls for monitoring of security logs. To ensure compliance, there should be a limited set of users logging into the servers that fall under PCI requirements. Uptycs can provide greater visibility into logins, monitoring and alerting when unusual or unexpected users access the servers and infrastructure.
Ready to explore other compliance ideas with osquery? Watch the video “Thou Shalt Query: Compliance Ideas with Osquery.”