Sitemap    Contact Info
Tizor Systems, Inc. - Data Protection and Compliance Auditing Solutions
About Us Solutions Products Services Partners News & Events Resource Center
Solutions View Mantra
Solutions Overview
SOX
PCI
Privacy
Data Theft
BPO
Change Management
Database Auditing
Database Monitoring
Database Monitoring for Banks
PCI

The Payment Card Industry (PCI) Data Security Standard was developed by American Express, Discover Financial Services, JCB, MasterCard, and Visa to provide a common framework on how companies handling credit card data should protect that information. PCI security is enforced through annual audits and non-compliant organizations face a broad range of penalties, including large fines.

The PCI security standard centers around 12 requirements for protecting credit card data. These requirements apply to all system components--defined as any network component, server, application, or tool that can connect to the data. Five of the 12 PCI requirements relate to data auditing.

PCI Requirements and Data Auditing:

PCI 1: Install and maintain a firewall configuration
Once a firewall is in place, data auditing helps ensure that the right IP addresses are coming through the firewall. By monitoring network IP addresses, data auditing can identify un-trusted networks.

PCI 3: Protect stored cardholder data
Protecting cardholder data depends on knowing what is happening to data at all times. Data auditing provides detailed and automated insight into user activity affecting cardholder data. Encryption is recommended in the PCI standard, however, there are many situations where it is not practical or possible to use encryption. In these situations, compensating controls may be used. Data auditing is a compensating control for encryption.

PCI 6.3.3 Separation of duties between development, test and production environments PCI compliance cannot be accomplished without ensuring separation of duties between production DBAs and application DBAs. Maintaining separation between those who build and maintain database applications, those who create data activity reports for auditors, and those who maintain database content is critical for cardholder data security.
PCI 7: Implement strong access controls
Data auditing helps validate that access controls are working. If access controls are compromised, Data auditing helps track who accessed data, providing an additional layer of cardholder data security.

PCI 10: Track and monitor all access to network resources and cardholder data Requirement 10 mandates the auditing of all accesses to cardholder data, review audit logs daily, and be able to reconstruct a range of events tied to cardholder information, with detailed audit trails for each event. Controls recommended to address PCI 10 include: discovering where your sensitive credit card data exists; auditing all database activity; auditing all privileged user activity; and providing regular summary and detailed reports on all data activity. Data Auditing addresses all of these requirements with no negative impact of existing systems, applications and processes.

Tizor Mantra for PCI compliance and monitoring: scalable,
cost-effective, easy to deploy and use.

Mantra easily addresses the monitoring, auditing, and reporting mandates of PCI. In fact, Mantra PCI Policy Templates help you achieve compliance with many key PCI requirements immediately upon deployment.

Mantra rich reporting and automated analytics isolate potential PCI noncompliance and unauthorized cardholder access and activity.

Mantra is the most complete, easy-to-deploy and cost-effective PCI data auditing and protection solution. Mantra:

1. Enables the discovery of credit card data in relational database and file servers.
2. Automates the detailed auditing of all activity affecting cardholder data.
3. Audits all actions taken by any individual with root or administrative privileges.
4. Captures the exact commands given to the data server to facilitate forensic reconstruction of activity and the precise exposure of a PCI violation.
5. Applies patent-pending Behavioral Fingerprinting technology to detect theft of cardholder data as it happens.
6. Utilizes change control functions to enable you to track database changes and reconcile them with change control tickets to ensure that only authorized changes were made.
7. Enables compliance with key PCI requirements immediately upon deployment using the Mantra pre-configured PCI Policy Template.
8. Provides rich reporting with reports designed for all level of PCI stakeholders including PCI auditors
9. Recognizes all major credit cards, including American Express, Diners Club, MasterCard, Visa, Discover, and Japanese Credit Bureau.
10. Scans for any database transaction that contains credit card numbers. Any time it identifies a credit card number on a command or in a result/response, Mantra will audit the event and send an alert if necessary.
11. Provides a choice of either agent-less or agent-based local auditing to allow you to track the activity of all users, including privileged users, using the methodology that best fits the needs of your enterprise.

For more information fill out the form above, contact us: info@tizor.com or
call 800-231-8224
Click to Enlarge

Features: key features of the Mantra database monitoring and protection solution.

Architecture: a look at the architecture behind the Mantra data protection and monitoring appliance

The Tizor Discovery Service helps identify data risk. Click here to learn more.