All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Affect of Splunk and PCI App on a PCI Compliant Infrastructure

ianathompson
Explorer
‎03-06-2012 07:57 AM

I know it sounds kind of silly, but if I want to install Splunk with the PCI app into an already PCI compliant infrastructure is the infrastructure still PCI compliant (i.e. is Splunk PCI-compliant). Has anyone asked this question before. This was actually one of the first questions a Client asked me. I didn't have an answer, and now need to get one.

What, if any, affect does Splunk have to a PCI compliant infrastructure? Especially when you want to use Splunk to maintain that PCI compliancy.

Thanks for any help.

0 Karma
Reply

jhansen
Splunk Employee
Splunk Employee
‎03-08-2012 09:10 AM

Splunk is used by hundreds of companies to help meet their PCI obligations. Putting Splunk into your PCI environment can allow you to easily monitor the different systems, devices, and applications within your cardholder data environment. As with any technology, however, you will need to put appropriate controls in place to control the data flow and access to the data. If you don't appropriately deploy Splunk you could find yourself in violation of PCI.

Example 1: You are interested in using Splunk to collect and report on log data coming from cardholder systems, applications, and network infrastructure. The data flows into Splunk either in real-time or in batch. Splunk provides out of the box (or build your own) reports to provide visibility into the data. No problem. You can safely use Splunk in the PCI cardholder environment.

Example 2: You want to use Splunk as a conduit for cardholder data between systems. This is not an ideal use case since this would further require you to encrypt the data and put additional controls in place to protect the cardholder data. You can do it and be PCI compliant, but the deployment must be carefully controlled using Splunk role-based-access, data signing, and possibly other controls / compensating controls to ensure compliance. Customers generally don't use Splunk for this use case.

Example 3: You are using Splunk to monitor the environment (similar to the first example). A custom application developer accidentally outputs PAN data into the log stream. The data finds it's way into Splunk. If you are using the Splunk App for PCI Compliance we have built-in monitors to detect this and notify you. You would fix your custom app and can purge the data from Splunk as needed to remain PCI compliant.

There is certainly nuance depending on your use case and environment. I'd be happy to discuss with you further if you'd like. I can be contacted at jhansen@splunk.com. Feel free to reach out.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...