All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Affect of Splunk and PCI App on a PCI Compliant Infrastructure

ianathompson
Explorer
‎03-06-2012 07:57 AM

I know it sounds kind of silly, but if I want to install Splunk with the PCI app into an already PCI compliant infrastructure is the infrastructure still PCI compliant (i.e. is Splunk PCI-compliant). Has anyone asked this question before. This was actually one of the first questions a Client asked me. I didn't have an answer, and now need to get one.

What, if any, affect does Splunk have to a PCI compliant infrastructure? Especially when you want to use Splunk to maintain that PCI compliancy.

Thanks for any help.

0 Karma
Reply

jhansen
Splunk Employee
Splunk Employee
‎03-08-2012 09:10 AM

Splunk is used by hundreds of companies to help meet their PCI obligations. Putting Splunk into your PCI environment can allow you to easily monitor the different systems, devices, and applications within your cardholder data environment. As with any technology, however, you will need to put appropriate controls in place to control the data flow and access to the data. If you don't appropriately deploy Splunk you could find yourself in violation of PCI.

Example 1: You are interested in using Splunk to collect and report on log data coming from cardholder systems, applications, and network infrastructure. The data flows into Splunk either in real-time or in batch. Splunk provides out of the box (or build your own) reports to provide visibility into the data. No problem. You can safely use Splunk in the PCI cardholder environment.

Example 2: You want to use Splunk as a conduit for cardholder data between systems. This is not an ideal use case since this would further require you to encrypt the data and put additional controls in place to protect the cardholder data. You can do it and be PCI compliant, but the deployment must be carefully controlled using Splunk role-based-access, data signing, and possibly other controls / compensating controls to ensure compliance. Customers generally don't use Splunk for this use case.

Example 3: You are using Splunk to monitor the environment (similar to the first example). A custom application developer accidentally outputs PAN data into the log stream. The data finds it's way into Splunk. If you are using the Splunk App for PCI Compliance we have built-in monitors to detect this and notify you. You would fix your custom app and can purge the data from Splunk as needed to remain PCI compliant.

There is certainly nuance depending on your use case and environment. I'd be happy to discuss with you further if you'd like. I can be contacted at jhansen@splunk.com. Feel free to reach out.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...