|
McAfee PCI Pro Overview:
McAfee PCI Pro delivers immediate, cost-effective
PCI compliance for Data Security Standard (DSS)
sections 1, 10, and 11. PCI Pro tracks changes on
servers, databases, and network devices in
real-time. Its flexible alerting, searching, and
reporting capabilities allow you to see where
compliance policies are being challenged, and
address inappropriate change at the source.
|
Key Advantages: |
- Real-time change monitoring for
server, databases, network devices
and Active Directory servers
- Configuration Assessment for Servers
and Network Devices
- Centralized data repository to
securely store audit trails
- Prepackaged PCIaudit reports to
prove compliance
|
Description:
McAfee PCI Pro provides a comprehensive file
integrity monitoring (FIM), audit trail, and network
configuration audit solution designed to meet the
requirements of v 1.2 of the Payment Card Industry
Data Security Standard (PCI DSS)—quickly, easily,
and cost-effectively.
McAfee PCI Pro allows organizations to establish
configuration standards for network devices, and
provides the capability to monitor the compliance of
the devices in real-time.
Sold via an annual subscription that minimizes
first year costs, McAfee PCI Pro provides a solution
that is both affordable and expandable. PCI Pro is
upgradeable to our Enterprise Edition for broader IT
benefits including: higher IT service availability,
Sarbanes-Oxley compliance, and streamlined
Information Technology Infrastructure Library (ITIL)
processes.
Benefits and Features:
Benefits:
- Avoid repeat scans, with
real-time file integrity monitoring
Until now, meeting the file
integrity monitoring (FIM)
requirements of the PCI DSS has been
difficult. Previous tools have
merely provided “periodic” file
integrity monitoring, using
resource-intensive scans. McAfee PCI
Pro eliminates this problem with
real-time file integrity monitoring,
which continuously detects all
changes, with a very low impact on
resources. Real-time FIM provides
greater information about every
change, including the user and
program used to make the change. It
also eliminates the need to perform
scan after scan on servers,
databases, and network devices. PCI
Pro provides this level of
monitoring across the broadest set
of platforms.
- Eliminate the guesswork in
monitoring for compliance
McAfee PCI Pro contains default
filter profiles for more than 50
operating systems and applications,
and defines the most important files
and registry objects that must be
tracked for PCI compliance. These
filter profiles have been validated
by leading qualified security
assessors (QSAs), and have been used
in many successful PCI audits by
McAfee customers. Operating systems
and applications for the default
filter profiles include: AIX, HP-UX,
CentOS/Redhat/SuSe Linux, Solaris,
Windows, iSeries (AS400), Apache
Webserver, IIS Webserver, Apache
Tomcat server, IBM Websphere, JBoss,
BEA WebLogic, Siebel, DB2, Oracle
and SQL Server.
- Quickly identify insecure
configurations
McAfee PCI Pro provides
configuration assessments of
operating systems, software, and
network devices, and alerts you of
configurations that put you at risk
- Isolate and secure audit
trails
Using a central database, McAfee
PCI Pro manages and stores audit
trails from servers, databases, and
network devices. The database can be
secured to prevent users from
accessing sensitive information that
is not within their authorized
responsibilities.
- Centralize management of
multiple databases
McAfee PCI Pro converts
compliance requirements and controls
into audit settings through a
central console. A uniform,
easy-to-use interface reduces the
complexity involved in working with
different database platforms, and
allows the configuration of various
audit options including the
applications, usernames, and fields
to be monitored. Many popular
database platforms—including Oracle,
Microsoft SQL Server, Sybase ASE/ASA
and IBM DB2—are supported today. PCI
Pro tracks both system level
changes/activities and data changes
in real-time, and captures the
“before” and “after” values in the
audit trail.
|
Features:
- Built-in reports
Packaged reports are provided to
analyze large audit trails. These
can be generated on-demand, or
scheduled to be mailed out at
regular intervals. Reports in
various categories like PCI,
Sarbanes-Oxley (SOX), and change
management compliance are available
and can be used to automate control
requirements and improve policy
compliance. PCI reports can be used
to identify security violations like
accounts with non-expiring
passwords, unsuccessful logon
attempts, modification of sensitive
data using unauthorized programs,
etc. Change policy compliance
reports can be used to identify
policy violations caused by changes
performed outside of the database
maintenance windows or approved
change manifest.
- Database monitoring
McAfee PCI Pro provides real-time
database audit capabilities. PCI Pro
tracks log-on/ log-off activity,
sensitive data access, changes to
database schema, and stored procedures
and data content. The software also
tracks account creation, deletion, and
other privileged operations.
- Network change and configuration
monitoring
McAfee PCI Pro allows organizations
to establish configuration standards for
network devices, and provides the
capability to monitor the compliance of
the devices in real-time. The software
restores devices to known
configurations, and provides detailed
audit trails by user. Devices can be
manually added, or discovered using
simple network management protocol
(SNMP). Configuration change tracking is
supported through syslog and scheduled
backup.
- Audit trail management
Maintain the audit trail,
encrypted in a secure database that
can be configured to store data
according to your organization’s
data retention policy. PCI Pro keeps
a detailed record of all operations
performed on devices, with details
such as who performed the operation,
the time the operation was
performed, and the result of the
operation.
- Intuitive web interface
Filter profiles can be easily
customized using PCI Pro. Alerts can
be displayed on the console, or sent
via email. Powerful search
capabilities allow users to
drill-down on areas of interest.
- Multi-vendor support
McAfee PCI Pro provides an
integrated solution for devices from
multiple vendors such as Cisco, HP,
Nortel, Force10, D-Link, Juniper-NetScreen,
3Com, Foundry, Fortinet, ADTRAN,
Enterasys, Huawei, Extreme, Proxim,
Aruba and Blue Coat. Multiple
protocols like SSH, Telnet, SNMP &
TFTP are supported to query the
network device configuration, and
track changes. McAfee PCI Pro also
supports bulk operations such as
configuration backup/download, and
templates for popular and frequently
used configuration tasks like
password changes, SNMP
configuration, etc.
|
Payment Card Industry Data Security Standard (PCI DSS):
McAfee PCI Pro provides a comprehensive file integrity monitoring (FIM), audit trail
and network configuration audit solution designed to help merchants and service
providers quickly, easily and cost-effectively meet the following requirements of v 1.2
of the Payment Card Industry Data Security Standard (PCI DSS).
File Integrity Monitoring (PCI DSS § 11.5 and 10.5.5)
PCI DSS sections 10 and 11 specify the use of
file integrity monitoring, which is the capability
to monitor changes to files and directories on a
server. The changes can be to content, permissions
or both. PCI DSS compliance specifies that
changes to existing data in log files must be
detected, whereas the addition of new data can
be ignored (PCI DSS §10.5.5). For other files, such
as critical configuration files, any change may be
important (PCI DSS §11.5). When a change of
interest occurs, the FIM solution needs to provide
an alert.
These requirements have previously been difficult
to satisfy because existing tools have merely
provided “periodic” file integrity monitoring
capabilities that would detect changes through
resource-intensive system scans. McAfee PCI Pro
has solved this problem with “continuous” file
integrity monitoring (CFIM) technology that
detects all changes in real-time with a very small
performance overhead. McAfee PCI Pro gives
IT and compliance professionals continuous file
integrity monitoring with a minimal impact on
system resources, eliminating the need to perform
repeated scan after scan.
|
PCI Requirement |
Endpoint Types |
PCI Pro |
File Integrity Monitoring
§ 11.5 and 10.5.5 |
Servers |
 |
Network Configuration
§ 1.1.1, 1.1.4, 1.1.5, 1.1.6, 1.2.1, 1.2.2, 1.3.1, 1.3.2, 1.3.3,
1.3.4, 1.3.5, 1.3.6, 2.1.1 |
Network Devices |
|
Configuration Assessment
§ 2.2,6.2, 8.5.9, 8.5.10, 8.5.11, 8.5.12, 8.5.13, 8.5.14, 8.5.15 |
Servers |
|
Access to cardholder data
§ 10.2.1, 10.2.3, 10.2.4, 10.2.5 |
Databases |
|
Actions by privileged users
§ 10.2.2, 10.2.7 |
Servers, Databases, Network Devices |
|
Username Tracking
§ 10.3.1 |
Servers, Databases, Network Devices |
|
Event Attributes
§ 10.3.2, 10.3.3, 10.3.4, 10.3.5, 10.3.6 |
Servers, Databases, Network Devices |
|
Securing the Audit Trail
§ 10.5.1, 10.5.2, 10.5.3, 10.5.4 |
Servers, Databases, Network Devices |
|
Maintaining Audit Trail History
§ 10.7 |
Servers, Databases, Network Devices |
|
Detecting all changes is important for sustaining
compliance because it allows organizations to
see where their compliance policies are being
challenged and address inappropriate change
at the source. Related to this, if a file is changed
inappropriately and then changed back, it creates
a transient compliance violation. The continuous
FIM capabilities of McAfee PCI Pro captures every
change and information about the user who made
the change. Alerts can be configured to warn
administrators even on the transient violations.
Default Filter Profiles (rule sets that specify which
files are to be monitored) are provided for more
than 50 operating systems and applications like
AIX, HP-UX, CentOS/Redhat/SuSe Linux, Solaris,
Windows, iSeries (AS400), Apache Webserver, IIS
Webserver, Apache Tomcat server, IBM Websphere,
JBoss, BEA WebLogic, Siebel, DB2, Oracle and SQL
Server. These filter profiles have been validated by
leading QSAs and have been used in successful
PCI audits by our customers. An intuitive Webinterface
also makes the customizations of these
filter profiles an easy task.
Configuration Assessment (PCI DSS § 2.2, 6.2 and 8.5.x)
McAfee PCI Pro ships with PCI-DSS benchmarks
as specified by the Center for Internet Security
(CIS) to automate PCI DSS requirements
2.2, 6.2 and 8.5.x. These benchmarks allow
administrators to automate their configuration
assessments to an extent that was not possible
before. Administrators can perform configuration
assessments on-demand or on a scheduled basis.
The Benchmarks specify a pass/fail score for the
rules that are part of the benchmark. At the end
of the Configuration Assessment, Administrators
will be able to see the benchmark compliance
score of their servers and even drill down to the
rules that passed/failed on a particular host.
The results of the Configuration Assessments
are stored in the database and made available
through Dashboards and Reports. Reports
are available to summarize the results of
Configuration Assessments and compare
benchmark scores across multiple servers. Trends
of Benchmark compliance scores are also available
through the dashboards.
Audit Trails (PCI DSS § 10)
PCI DSS Section 10 lists the requirements of
monitoring all access to network resources and
cardholder data. Monitoring activity and changes
on database servers is especially critical to pass
the section 10 audit. McAfee PCI Pro not only
tracks the schema and data changes, but also
database login activity, changes to roles, users,
and permissions.
The audit trail from servers, databases and network
devices are managed and stored by McAfee PCI
Pro in a central database. The database can be
secured to prevent highly privileged users, including
powerful application database administrators, from
accessing sensitive applications and data outside
their authorized responsibilities.
Network Configuration Management (PCI DSS § 1)
PCI DSS section 1 states that network devices,
like routers and firewalls that transmit cardholder
data, must be protected from man-in-the-middle
attacks and data breaches. The network is only
as strong as its weakest link, and even one poorly
configured network device could put the business
at risk. McAfee PCI Pro allows organizations to
establish configuration standards for network
devices and provides the capability to monitor
the compliance of the devices in real-time. All
configuration changes are tracked and versioned
to meet the PCI DSS section 10 requirements for
audit trails. Policies can also be set to rollback
to a “Trusted Device Configuration” when any
unauthorized configuration change is detected.
Startup-Running conflict graph identifies devices that
violate PCI DSS 1.3.6 guidelines to secure and synchronize
router configuration files.
Dashboards and reports can be used to identify
unauthorized changes and improve policy compliance.
Supported Platforms: McAfee PCI Pro supports integration
with more than 300 network devices, including those from
device vendors such as Cisco, HP, Nortel, Force10, D-Link,
Juniper-NetScreen, 3Com, Foundry, Fortinet, ADTRAN,
Enterasys, Huawei, Extreme, Proxim, Aruba and Blue Coat.
Summary
McAfee PCI Pro provides immediate, cost-effective
PCI compliance for many PCI DSS requirements
outlined in sections 1, 10 and 11 (network
device configuration, audit trail and file integrity
monitoring). Sold via an annual subscription that
minimizes first year costs, McAfee PCI Pro provides
a solution that is both affordable and expandable.
PCI Pro is upgradeable to McAfee’s Change Control,
which allows organizations investing in compliance
solutions to easily expand to meet broader PCI
requirements with IT benefits that include higher IT
service availability, Sarbanes-Oxley compliance and
streamlined Information Technology Infrastructure
Library (ITIL) processes.
System Requirements:
Supported Operating Systems (OS)
- Windows NT
- Windows 2000/2003/2008
- Windows XP/Vista
- Windows XPE
- Windows XP/Vista (64-bit)
- Windows 2003/2008 (64-bit)
- Red Hat Enterprise Linux 3/4/5
- CentOS 4/5
- SUSE Enterprise Linux 9/10
- Oracle Enterprise Linux 5
- Solaris 8/9/10
- HP-UX 11.00/11.11/11.23
- AIX 5.2/5.3
- IBM i5/OS (AS400) V5R3/V5R4/V6R1
- IBM 4690 OS V5
Supported Databases
- Oracle 8i/9i/10g
- SQL Server 7/2000/2005
- DB2 8.x/9.x
- DB2 for iSeries V5R4
Supported Network Devices
|
Vendor |
Device Type |
Supported Model/Series |
| Cisco |
IOS Switch
IOS Router
Firewall
IAD
Access Points
CatOS Switch
Access Server
Content Switch
ASA
Voice Gateway Devices
VPN Concentrators
MDS Switch |
All models
of Cisco IOS Switches
All models of Cisco IOS Routers
All models of Cisco PIX firewalls & FWSM
Modules
All models of Cisco IAD Devices
All models of Cisco Aironet Access
Points
All models of Cisco CatOS Switches
All models of Cisco Access Server models
All models of Cisco Content Switches
All models of Cisco ASA
SingleContext & Multiple Context Models
All models of Cisco Voice Gateway
Devices
All models of Cisco VPN
Concentrator Devices
All models of Cisco MDS Devices |
| HP |
Procurve
Switch
Procurve Access Point |
Switches &
Menu based 4000M & 8000M models
All models of HP Procurve AccessPoints |
| Foundry |
Switch |
Foundry
BigIron & FastIron Edge Switches |
| 3Com |
Switch |
All models
of 3Com menu based SuperStack switches |
| Fortinet |
FortiGate
Firewall |
All models
of FortiGate firewalls & FortiMail
devices |
| Juniper |
Netscreen
Firewall
J-Series Router |
All models
of Netscreen Firewalls
All models of Juniper J-Series Routers |
| Enterasys |
Switch |
All models
of Enterasys Matrix N Series Switches |
| ADTRAN |
LAN Switch |
All models
of ADTRAN LAN Switches |
| Nortel |
Passport
Switch
BayStack Switch
BayStack Business Policy Switch |
All models
of Nortel Passport 1600 Series, 8600
Series Switches
All models of Nortel BayStack Switches
All models of Nortel BayStack Business
Policy 2000 Series |
| Aruba |
WiFi
Switch |
All models
of Aruba WiFi Switches |
| Proxim |
Access
Points |
All models
of Proxim Access Points |
| Extreme |
Black
Diamond Switch
Summit Switch |
All models
of Extreme Black Diamond Switches
All models of Extreme Summit switches
running with Extremeware &
ExtremewareXOS |
| Force 10 |
Switch |
All models
of Force10 E, S & C Series Switches |
| Netgear |
Switch |
Netgear
Prosafe Switches |
| Dell |
Switch |
All models
of Dell Power Connect Switches |
| SlimLine |
Appliance |
All models
of SlimLine devices |
| DLink |
Switch |
DES 3010 ,
DES 3899 , DXS 3259 |
| Blue Coat |
Proxy SG |
All
BlueCoat ProxySG devices |
| Huawei |
Router |
All models
of Huawei AR Routers |
|
McAfee
PCI Pro