Solving Log Storage: How You Can Save Money and Meet Compliance Requirements

Posted by Jason Luttrell on Jul 30, 2019 10:06:28 AM

Logs. At best: They’re a vital part of your information security strategy to “find the bad." At worst: They’re a nightmare to manage — especially when they take up so much storage space! Of course, we all have numerous regulations to thank for the privilege of storing our logs for what seems like eternity. Perhaps you’re bound to regulations or frameworks such as PCI (one year minimum), HIPAA (open to interpretation, but many suggest 6 YEARS to be safe), NIST, COBIT, and so many others.

Whatever your reasons are, logs have become increasingly problematic as more and more data sources require a higher volume of storage.

Read More

Topics: Compliance, Incident Response, continous monitoring, PCI

Making PCI Requirement 8.3 Bulletproof and Simple

Posted by Wade Williamson on Nov 15, 2018 9:22:07 AM

Multi-factor authentication (MFA) has become an essential building block of security policy and practice, and likewise has taken on an increasingly important role in regulatory standards such as the PCI-DSS. Specifically, PCI Requirement 8.3 calls out how MFA should be used to secure both the cardholder data environment (CDE) as well as any networks connected to the CDE. And while protecting your most valuable assets with MFA makes good intuitive sense, the details can get a little tricky if you don’t have a flexible way of enforcing policy in your networks. Fortunately, Preempt’s security platform makes it easy to extend MFA to any asset based on almost context you choose. So let’s take a quick look at what PCI requires, and how you can turn a deceptively tricky requirement into a simple, automated process that you never have to think about.

Read More

Topics: Compliance, PCI

Simplifying PCI DSS 3.2 Compliance with Preempt

Posted by Heather Howland on Feb 9, 2018 1:21:56 PM

If your organization handles credit cards, you are no doubt familiar with  Payment Card Industry Data Security Standard (PCI DSS) compliance. PCI DSS is a set of requirements and procedures that have been established in order to strengthen security of cardholder transactions and data in order to reduce fraud. PCI DSS controls have been implemented for many years but as hackers have advanced their efforts, new requirements continue to emerge with updates to existing controls and reporting.

Read More

Topics: User Behavior, Adaptive Response, Identity Verification, Passwords, Compliance, PCI