PCI Compliance and SIEM Use Cases

Sujay Mendon
By Sujay Mendon

March 15, 2016

pci compliance SIEM

What exactly is PCI DSS Compliance

PCI DSS stands for Payment Card Industry Data Security Standard. It is a compilation of specifications and requisites that are designed to ascertain that each and every company engages in processing, storing and transmitting credit card information establishes and sustains a secure environment – which is primarily essential for all merchants that operate with a Merchant ID (MID).

PCI security measures and standards were first implement back in the September of 2006 to gradually supervise the consistently evolving nature of PCI standards with a major emphasis on enhancing and boosting credit card payment security throughout the whole of the transactional process. The PCI DSS is implemented and managed by the PCI Security Standards organization (www.pcisecuritystandards.org), which is an independent establishment, which was founded by some of the biggest credit card companies around the globe – which include MasterCard, Visa, American Express, Discover and JCB.

However, it is essential to understand that the responsibility of regulating PCI compliance solely rests on the shoulders of these credit card companies and acquirers. The PCI council is not responsible for enforcing any sort of compliance.

Also, check out how a Managed Detection and Response (MDR) service uses Artificial Intelligence (AI) techniques and machine learning to provide high speed cyber defense

The Eligibility of PCI Compliance

PCI compliance applies to any and all companies, organizations, establishment and merchants, irrespective of the size of their operations or the amount of daily transactions they process that accepts those transactions and store credit data of the cardholder. Simply put, if any customer of any particular merchant uses his credit or debit card to make the payment – PCI compliance requirements apply to that particular merchant.

SIEM Use Case Recommendations

  1. PCI DSS Requirement No 1.1.1: This is a formal process for accepting and analyzing all network connectivity as well as changes made to the firewall and router configurations.

PCI DSS Requirement No 1.2.1: This requirement limits inbound and outbound transactional traffic – categorizing it into only those that are necessary for the data requirements of the cardholder, efficiently blocking all other traffic.

Threat Possibility – ‘Unauthorized or Unapproved Access’

Recommended SIEM Use Case – The most efficient and effective SIEM use case scenario for this situation would be to identify all unauthorized network connections from and to a particular organization’s IT infrastructure. To eliminate all the false positives from this use case – it is important to correlate the outcome of the unapproved access by incorporating change management to remove any and all synchronization complications with the changes allowed.


  1. PCI DSS Requirement No 1.1.6: This refers to the documentations and justifications implementable for the utilization of all services, protocols and ports authorized, which also includes documentation of the incorporated security measures and features for every protocol, which has been deemed insecure.

Threat Possibility – ‘Insecure Port, Protocols and Services’

Recommended SIEM Use Case: When this happens it is important to conduct a search for the source of all insecure protocols and services. Telnet is a good example of the insecure services to look out for. To base your search on a broader scale of determining insecure protocols – look for the utilization of SSL versions after the POODLE attack.

  • PCI DSS Requirement No 5.1: Running anti-virus on all systems, which commonly encounter malicious software attacks, especially PCs and servers.

Threat Possibility – ‘Malware Spreading’

Recommended SIEM Use Case: Monitor when anti-virus protection is turned off on all machines.

  1. PCO DSS Requirement No 5.2: Making sure all anti-virus programs and mechanism are maintain in the following order:
  • Are always kept up to date
  • Ensuring a periodic scan of all mechanisms
  • Generating audit logs, which are retained as per PCI DSS Requirement 10.7

 (PCI DSS Requirement 10.7 – it is important to retain and maintain a trail history of your audit for a minimum of one year.)

Threat Possibility - ‘Malware Spread’

Recommended SIEM Use Case 1: Identifying when your agents fail to get any updates from the online repository.

Recommended SIEM Use Case 2: Detecting when they are no frequent anti-virus scan being run or are manually cancelled.

  1. PCI DSS Requirement No 6.3.1: Delete development, test and/or custom application accounts as well as user IDs and passwords before all applications become live or are forwarded to the customers.

Threat Possibility – ‘Unwarranted access to production and data systems’

Recommended SIEM Use Case: Conducting search for the identification of default systems and accounts.

Note: Paladion has over a 100+ use cases for PCI Compliance. You can write to us at marketing@paladion.net to access it. 

Tags: PCI compliance and SIEM, Uncategorized


Sujay Mendon

Sujay Mendon leads a team of cyber security researchers in Paladion's SOC services that actively hunt for vulnerabilities and threats in the global threat landscape. His team often lurks in the dark allies of the virtual world to discover the latest malware, malicious software, hacking methodologies, and ways to detect these attacks before the damage is done. Analysts receive the latest threat intelligence derived from this research, which helps them better respond to security events and alerts. When Sujay is not busy helping his team navigate the hot beds of cybercrime, he is seen imparting his knowledge to security geeks in various security forums and communities.