<img alt="" src="https://secure.visionarycloudvision.com/780791.png" style="display:none;">
Payment transaction with smartphone

 

Agenor Delivers Payment Card Industry Data Security System for Global Finance Group

Download PDF

 

 

quote 2

Without the committed people from Agenor this outcome would not have been possible.

Client Service Delivery Manager

Case Study Context

A major global finance organisation and highly valued client recently engaged the services of Agenor Technology to deliver a significant project to address critical issues on a key technology platform, and ensure compliance with the latest Payment Card Industry Data Security Standards.

Get in Touch

The Challenge

The Payment Card Industry Data Security Standard (PCI DSS) is a complex standard of over 280 controls, introduced in 2005 by the Card Schemes (including Visa and MasterCard), which all organisations that store transmit, or process card data must comply with.

The controls are prescriptive, outlining the minimum requirements to achieve compliance and are designed to protect customers against fraudulent use of their card data. This project was part of a wider security and fraud programme to on-board the in-scope platforms that were identified by a wider governance project.

The Splunk shared service environment is an existing application platform within our clients organisation. We added two pairs of physical Indexers, three search heads and two deployment servers to the existing Splunk Shared services, to accommodate log data from the Project. There were no major application design changes, however changes in the application log settings were required to effectively capture the events in Splunk.

The Objectives

  • On-board PCI DSS in-scope platforms into Splunk excluding platforms which use existing centralized logging tool.
  • Fulfil PCI requirement 10.5.3  “Promptly back up audit trail files to a centralized log server or media that is difficult to alter” and 10.5.4 “Write logs for external-facing technologies onto a secure, centralized, internal log server or media device” by expanding the current Splunk Shared Services depending on traffic and volumes 
  • Capture the automated audit trails as per PCI requirement 10.2 retaining the fields as required by 10.3
  • If required, deliver incidents to the appropriate bodies – either the owners of the elements or the SOC
  • Work out how evidence will be visible to ServiceNow GRC module, creating dashboards if required 
  • Capability for processing data for up to 100 GB per day with a data retention of at least 12 months
  • Disaster Recovery Capability as per client current standards
  • There should be no negative impact to the existing systems as a result of this technology change.

The Result

The team successfully implemented the application which securely collects, reformats and deciphers mainframe data and streams it into Splunk:

  • For the first time in the organisation, real-time mainframe data is now available in Splunk providing opportunities for enhanced analysis, monitoring & reporting, using the tools & visual dashboards available.
  • The first use of the application was to stream security event logs into Splunk. This meets a key PCI DSS compliance requirement of having security logs in a central secure tamper-proof environment, which can be used for forensic analysis in the event of a critical incident.
  • The implementation also provided the first offering of the HEC (HTTP Event Collector) functionality in Splunk. This allows data and application events to be sent to Splunk Enterprise over the HTTP and HTTPS protocols using a token-based authentication model. This process eliminates the need for a Splunk forwarder and offers an agentless solution to data ingestion reducing the setup and maintenance costs.
  • Overall, the project was a fantastic example of collaboration across technology bringing together several teams who will benefit from the same application in different ways.

The team are now exploring other potential uses for the application such as enhanced monitoring of mainframe transactions and capacity. They have also identified previous production incidents that could have been identified at an earlier stage using the application, which would have significantly reduced the impact to customers.

Cycle of Performance Testing Required and Completed
Individual sets of Performance Tests carried out across three environments
Defects managed and resolved during the Performance Tests cycles
Agenor consultants completed the project in ten months

 Summary

The Agenor Team successfully overcame multiple hurdles to deliver the programme objectives for the client both on time and on budget. Benefits delivered included: 

  • Real-time data now available providing enhanced analysis, monitoring & reporting 
  • PCI DSS compliance standards and requirements met with security logs in a central secure tamper-proof environment
  • Splunk offers an agentless solution to data ingestion reducing the setup and ongoing maintenance costs.
  • No negative impact to the existing client systems and customers as a result of this technology change.

ASK THE EXPERTS

Whether you are ready to start scoping or just want to discover more about Agenor Technology, our experts are at hand to help.

Contact Our Experts

 

Share this story