CST

Call us on +44 (0)20 7621 7836 LinkedInTwitter

Call +44 (0)20 7621 7836 LinkedInTwitter

Splunk

Splunk is a complete information mining and reporting system.

We would be happy to discuss your requirements over the phone or meet with you at your office.

Get in touch

Splunk is fast becoming one of the most highly regarded solutions for Log management.

Splunk is a versatile and comprehensive data analysis toolkit. By creating PCI specific searches, filters and reports, we have created a cost effective log collection and analysis tool that helps you meet all of the relevant PCI logging requirements including file integrity assessment.

Splunk, allows organisations to centralise disparate and diverse logs for compliance, regulatory and best practise review, here are some of its key features:

  • Collect

    Allows for rapid and simple collects logs from just about any application, server, router, firewall and system

  • Analyse

    Asses for importance and correlate against best practice security templates including rapid association of common/linked events from separate systems

  • Alert

    Automate the escalation and distribution of important events

  • Report

    From summary style compliance-ratings to drill-down deep detail all customisable and easy to produce

  • Achive

    Logs are separately time/date stamped, hashed to retain integrity and made available when required for post event analysis and forensic style examination

Key benefit

Unlike other log management solutions, Splunk is priced on the log activity processed rather the number of systems and because Splunk can be configured to only collect the events you require you can drastically reduce your log collection needs and reduce costs.

Systems where we have helped with Splunk PCI integration: (this is not meant to be exhaustive)

  • Microsoft Windows 2000 and 2003 servers
  • Till Controllers
  • Sureswitch (IBM AIX)
  • RSA strong authentication server
  • Cisco routers
  • Firewalls
  • Citrix Client Access Gateway
  • Cisco IOS
  • TACACS

Hoiw Splunk can assist with PCI adherence

  • Requirement 10.2: Implement Assessment Trails for all system components
  • Requirement 10.3: Record at least the following Assessment Trail entries…
  • Requirement 10.5: Secure Assessment Trails so that they cannot be altered
  • Requirement 10.6: Review Logs for all system components at least daily
  • Requirement 10.7: Retain Assessment History for at least one year…
  • Requirement 7.1: Limit access to computing resources and cardholder info…
  • Requirements 10.2.2, 11.5, 10.5.5: File integrity reporting

This is not exhaustive list, but is typical of what Spunk and our integration services offer. Another example CST found is where Splunk can be used is that of PCI control reporting ( see PCI 1.2.1 & 1.2.3) for example where card holder data should be segregated and only passed from points A to B for instance: the firewall, router, switches and the alike all have separate logs that provide evidence as much. Splunk would collect and collate all such disparate logs and analyze them for the same exception criteria of reporting on any traffic destination other than A to B for instance.

 

Opinion & Resources


Splunk was born of our founders’ frustration running some of the worlds largest IT infrastructures. Armed with state-of-the-art IT management tools, they found it nearly impossible to locate the root cause of problems, investigate security attacks and assemble all the data required for compliance audits.

 

Their conclusion was the silo approach to managing IT with separate tools for every technology and IT function was cumbersome, costly and didn't scale.

Nigel Lewis