PCI Compliance

Requirement #10

Brother-WatchDog® Solution

Requirement 10 requires companies to "track and monitor all access to network resources and cardholder data." Brother-WatchDog addresses the requirement and sub-requirements by providing the ability to identify:
  • Who (web users, client users, analysts, SYS, SYSDBA, and SYSOPER users) initiated data access or updates
  • What data was accessed or updated
  • Where the activity originated
  • When the database activity occurred (date and time)
  • Whether access or updates succeeded or failed
  • How Much data was impacted (DB2 only)

  Return to Brother-WatchDog

  Contact DBI

Accountability Starts Here
Protect the Innocent
Prosecute the Guilty
Achieve Accountability
(Click Image to learn more)


Brother-WatchDog logo

Achieve PCI DSS Compliance
with Brother-WatchDog®

Private Card Industry Data Security Standard (PCI DSS) compliance is required of all merchants and service providers that store, process, or transmit cardholder data on behalf of any of the major card issuers. The program applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, and e- commerce.

PCI DSS consists of 12 requirements and sub-requirements that companies must adhere to in order to be compliant. Of the 12, Requirement 10 is considered to be one of the most important and difficult to address. Fortunately, Brother-WatchDog enables companies to quickly and easily address Requirement 10 right out of the box.

PCI Requirement 10

Track and monitor all access to network resources and cardholder data. Logging mechanisms and the ability to track user activities are critical. The presence of logs in all environments allows thorough tracking and analysis when something does go wrong. Determining the cause of a compromise is very difficult without system activity logs.

PCI Requirement Brother-WatchDog®
10.1 - Establish a process for linking all access to system components (especially those done with administrative privileges such as root) to an individual user. Yes
10.2 - Implement automated audit trails to reconstruct the following events, for all system components:
    10.2.1 - All individual accesses to cardholder data
    10.2.2 - All actions taken by any individual with root or administrative privileges
    10.2.3 - Access to all audit trails
    10.2.4 - Invalid logical access attempts
    10.2.5 - Use of identification and authentication mechanisms
    10.2.6 - Initialization of the audit logs
    10.2.7 - Creation and deletion of system-level objects
10.3 - Record at least the following audit trail entries for each event, for all system components:
    10.3.1 - User identification
    10.3.2 - Type of event
    10.3.3 - Date and Time
    10.3.4 - Success or failure indication
    10.3.5 - Origination of Event
    10.3.6 - Identity or name of affected data, system component, or resource.
10.5 - Secure audit trails so they cannot be altered, including the following:
    10.5.1 - Limit viewing of audit trails to those with a job-related need
    10.5.2 - Protect audit trail files from unauthorized modifications
    10.5.3 - Promptly back-up audit trail files to a centralized log server or media that is difficult to alter
    10.5.5 - Use file integrity monitoring/change detection software (such a Tripwire) on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert).
10.6 - Review logs for all system components at least daily. Log reviews should include those servers that perform security functions like IDS and authentication (AAA) servers (e.g RADIUS). Yes
10.7 - Retain your audit trail history for a period that is consistent with its effective use, as well as legal regulations. Yes


Key Features

  • Track connections (Logins and Logouts)
  • Easily audit specific users, power users, DBAs, DDL activity (Create, Alter, Drop...), and security changes (Grants, Revokes)
  • Unmask otherwise anonymous insider identities of privileged data users
  • Reveal detailed database activity records for web end users, database clients and data analysts, and local administrative users
  • Create and schedule periodic reports, notifications, alerts, and to conduct simple GoogleŽ-like ad hoc discovery searches
  • E-mail notifications based on defined audit rules
  • Tamper Evident Seals (digital signatures) harden audit activity data to ensure its accuracy

FREE PCI Compliance PDF
Download PCI DSS Compliance PDF
Click Here to Download

How can we help?
DBI would be pleased to assist you in any way we can.
Contact DBI