Huntsman Security Enterprise SIEM

Huntsman Security Enterprise SIEM delivers a comprehensive SIEM solution for large organizations. It combines real-time threat detection, advanced analytics, and compliance reporting, offering a sophisticated tool for managing complex security environments and protecting against modern cyber threats.

Capabilities

Logging and Threat Detection

Alert prioritization and severity levels
Anomaly detection and behavior analysis
Compliance logging and reporting
Correlation of logs and security events
Custom log alerts and notifications
Customizable dashboards and reports
Incident investigation support
Integration with endpoint detection and response (EDR) solutions
Integration with network monitoring tools
Integration with security information and event management (SIEM) systems
Log aggregation and centralization
Log parsing and normalization
Log search and query capabilities
Real-time log monitoring
Real-time threat detection and prevention
Support for various log formats (e.g., syslog, JSON)
Threat hunting and threat intelligence feeds
Threat indicators and IOCs management
Threat intelligence integration
User and entity behavior analytics (UEBA)

PCI DSS Requirements supported by the software

Requirement 1: Install and Maintain Network Security Controls

1.2.1: Configuration standards defined, implemented, maintained (NSC rulesets)
1.2.7: Configurations reviewed at least once every six months
1.2.8: Configuration files secured, consistent with active configurations
1.3.1: Inbound traffic restricted, denied specifically (CDE)
1.3.2: Outbound traffic restricted, denied specifically (CDE)
1.3.3: NSCs installed between all wireless networks and CDE
1.4.1: NSCs implemented between trusted and untrusted networks
1.4.2: Inbound traffic from untrusted networks restricted/stateful responses
1.4.3: Anti-spoofing measures implemented (detect and block forged IPs)
1.4.4: Components storing CHD not directly accessible from untrusted networks
1.5.1: Security controls actively running (Endpoint protection)

Requirement 2: Apply Secure Configurations to All System Components

2.2.1: Implement, maintain secure configuration standards for all components
2.2.7: All non-console administrative access encrypted (strong cryptography)
2.3.2: Wireless encryption keys changed (personnel changes, compromise)

Requirement: 3 Protect Stored Account Data

3.2.1: Account data storage kept minimum; policies include secure deletion
3.3.1: SAD not stored after authorization, rendered unrecoverable
3.3.2: SAD stored electronically prior to authorization encrypted
3.4.1: PAN masked when displayed (max BIN + last 4 digits)
3.4.2: Technical controls prevent copying/relocating PAN (remote access)
3.5.1: PAN rendered unreadable (hashing, truncation, tokens, strong cryptography)
3.5.1.1: Hashes of PAN are keyed cryptographic hashes
3.5.1.2: Disk/partition encryption limited (PAN secured via another mechanism)
3.6.1: Procedures define protecting cryptographic keys (access restricted, separation)
3.6.1.2: Secret/private keys stored securely (encrypted/SCD/key shares)
3.7.1: Policies implemented for strong key generation
3.7.2: Policies implemented for secure key distribution
3.7.4: Policies implemented for key rotation/change
3.7.5: Policies implemented for key retirement/destruction/replacement
3.7.6: Manual cleartext operations use split knowledge/dual control
3.7.7: Prevention of unauthorized substitution of cryptographic keys
3.7.8: Key custodians formally acknowledge responsibilities
3.7.9: Guidance provided to customers on secure key management (SP only)

Requirement 4: Protect Cardholder Data with Strong Cryptography During Transmission

4.2.1: Strong cryptography safeguards PAN transmission (open, public networks)
4.2.1.1: Inventory maintained of trusted keys and certificates
4.2.2: PAN secured with strong cryptography (end-user messaging technologies)

Requirement 5: Protect All Systems and Networks from Malicious Software

5.3.4: Audit logs enabled and retained (anti-malware solution)
5.3.5: Anti-malware mechanisms cannot be disabled or altered by users

Requirement 6: Develop and Maintain Secure Systems and Software

6.2.1: Bespoke/custom software developed securely
6.2.2: Software development personnel trained
6.2.3: Software reviewed prior to release
6.2.4: Engineering techniques mitigate common software attacks
6.3.1: Security vulnerabilities identified/managed
6.3.2: Inventory of bespoke/third-party software maintained
6.3.3: Applicable security patches/updates installed
6.4.1: Automated technical solution continually detects/prevents web-based attacks
6.4.2: Automated technical solution continually detects/prevents web-based attacks
6.4.3: Payment page scripts managed (authorization, integrity assured, inventory maintained)
6.5.1: Testing verifies changes do not adversely impact system security
6.5.3: Pre-production environments separated
6.5.4: Roles/functions separated (production/pre-production)
6.5.5: Live PANs not used in pre-production

Requirement 7: Restrict Access by Business Need to Know

7.2.1: Access control model defined
7.2.2: Access assigned based on least privilege/job function
7.2.3: Required privileges approved by authorized personnel

Requirement 8: Identify Users and Authenticate Access to System Components

8.2.1: All users assigned a unique ID
8.2.4: Lifecycle of user IDs/auth factors authorized/managed/implemented
8.2.5: Access for terminated users immediately revoked
8.2.6: Inactive user accounts removed/disabled within 90 days
8.2.7: Third-party remote access accounts limited/monitored/disabled
8.3.1: All user access authenticated via at least one factor
8.3.2: Strong cryptography renders authentication factors unreadable
8.3.3: User identity verified before modifying authentication factor
8.3.4: Invalid attempts limited (lockout max 10 attempts, 30 min min)
8.3.5: Passwords reset to unique value, changed immediately after first use
8.3.6: Passwords meet minimum complexity
8.3.7: New password not same as last four used
8.3.9: Single-factor passwords changed every 90 days or dynamically analyzed
8.3.10.1: Single-factor passwords changed every 90 days or dynamically analyzed (SP only)
8.4.1: MFA implemented for non-console administrative access into CDE
8.4.2: MFA implemented for all non-console access into CDE
8.4.3: MFA implemented for all remote access
8.5.1: MFA system configured to prevent replay attacks and bypasses
8.6.3: Passwords/passphrases for application/system accounts managed/complexity

Requirement 9: Restrict Physical Access to Cardholder Data

9.2.1: Facility entry controls restrict physical access
9.2.1.1: Individual physical access to sensitive areas monitored
9.2.2: Physical/logical controls restrict publicly accessible network jacks
9.2.3: Physical access to wireless APs/networking hardware restricted
9.3.1.1: Physical access to sensitive areas controlled
9.3.2: Visitor access managed
9.3.3: Visitor badges surrendered/deactivated upon leaving/expiration
9.3.4: Visitor logs maintained
9.4.6: Hard-copy materials destroyed
9.4.7: Electronic media destroyed or data rendered unrecoverable
9.5.1: POI devices protected from tampering/unauthorized substitution
9.5.1.1: Up-to-date list of POI devices maintained
9.5.1.2: POI device surfaces periodically inspected
9.5.1.3: Personnel training provided

Requirement 10: Log and Monitor All Access to System Components and Cardholder Data

10.2.1: Audit logs enabled/active
10.2.2: Audit logs record required details
10.3.2: Audit logs protected to prevent modifications
10.3.3: Logs backed up promptly to secure central server
10.3.4: FIM/change-detection mechanisms used on audit logs
10.4.1: Critical audit logs reviewed at least daily
10.4.1.1: Automated mechanisms used to perform audit log reviews
10.5.1: Audit log history retained
10.6.1: System clocks synchronized
10.7.2: Failures of critical security controls detected, alerted, addressed promptly
10.7.3: Response promptly to failures of critical security controls (SP only)

Requirement 11: Test Security of Systems and Networks Regularly

11.3.1: Internal vulnerability scans performed at least quarterly
11.3.2: External vulnerability scans performed at least quarterly
11.4.1: Penetration testing methodology defined/documented
11.4.2: Internal penetration testing performed
11.4.3: External penetration testing performed
11.4.4: Exploitable vulnerabilities corrected, repeat testing to verify
11.4.5: Penetration tests validate segmentation controls
11.4.6: Penetration tests validate segmentation controls (SP only)
11.4.7: Support customers for external penetration testing (SP Multi-Tenant only)
11.5.1: Intrusion-detection/prevention techniques used
11.5.2: Change-detection mechanism deployed on critical files
11.6.1: Change/tamper-detection mechanism deployed

Requirement 12: Support Information Security with Organizational Policies and Programs

12.1.1: Overall information security policy established, maintained, disseminated
12.1.2: Information security policy reviewed at least annually, updated
12.1.3: Security policy defines roles, personnel acknowledge responsibilities
12.1.4: Responsibility formally assigned to CISO/executive management
12.2.1: Acceptable use policies defined for end-user technologies
12.3.3: Cryptographic cipher suites reviewed annually, plan documented
12.5.2: PCI DSS scope documented/confirmed

Appendix A3: Designated Entities Supplemental Validation (DESV)

A3.1.1: Executive management establishes accountability for PCI DSS program
A3.1.2: Formal PCI DSS compliance program defined, continuously monitored
A3.1.3: PCI DSS compliance roles specifically defined, formally assigned
A3.2.4: Penetration testing validates segmentation controls
A3.2.5.1: Effectiveness of data discovery methods tested annually
A3.2.6: Mechanisms detecting/preventing cleartext PAN leaving CDE
A3.2.6.1: Response procedures initiated upon attempted removal of PAN
A3.5.1: Methodology for prompt identification of attack patterns/undesirable behavior

Huntsman Security Enterprise SIEM

by Huntsman Security

What is Huntsman Security Enterprise SIEM?

Cybersecurity Regulations, Standards and Frameworks Supported

Deployment

Environment

Region

Industry

Capabilities

PCI DSS Requirements supported by the software

Scope Impact

Periodic compliance activities supported by the Software

The Software store, process, or transmit

The Software requires to be integrated with other systems impacting the cybersecurity or compliance of the customer

Software modules implemented

Software vendor Third-Party Service Providers (TPSPs) used

PCI DSS scoping

Compliance Evaluation

Alternatives

Cisco Secure IPS

by Cisco

FortiGate IPS

by Fortinet

Venusense IPS

by Venusense

We promise we won’t spam you.

By proceeding, you agree to our Terms of Use and Privacy Policy. You may unsubscribe at any time.