jplee3
06-12-2007, 02:19 PM
Hi all,
I guess this is more of a 'poll' type question, but what solutions are you currently implementing or have already implemented for meeting PCI compliance, specifically as regards to logging and reporting (of course including analysis and correlation)?
i.e.
A) A complete in-house developed solution (homemade scripts and programs)
B) A 'mix-n-match' solution involving both in-house applications and security software/hardware vendors (NTSyslog + homemade scripts/programs + Sawmill/EventReporter/etc)
C) An 'all-in-one' solution like LogLogic, LogRhythm, RSA enVision, etc.
D) Other
And also, what level are you currently at? Level 1/2/3/4?
I just wanted to get a feel for how people are approaching the subject in their current circumstances and situations.
Thanks in advance!
Jeremy
I guess this is more of a 'poll' type question, but what solutions are you currently implementing or have already implemented for meeting PCI compliance, specifically as regards to logging and reporting (of course including analysis and correlation)?
i.e.
A) A complete in-house developed solution (homemade scripts and programs)
B) A 'mix-n-match' solution involving both in-house applications and security software/hardware vendors (NTSyslog + homemade scripts/programs + Sawmill/EventReporter/etc)
C) An 'all-in-one' solution like LogLogic, LogRhythm, RSA enVision, etc.
D) Other
And also, what level are you currently at? Level 1/2/3/4?
I just wanted to get a feel for how people are approaching the subject in their current circumstances and situations.
Thanks in advance!
Jeremy