Alexa metrics
Live Chat

Welcome to UKFast, do you have a question? Our hosting experts have the answers.

Chat Now
Sarah UKFast | Account Manager

SIEM technology, GDPR and PCI DSS compliance

12 August 2020 by Laura Valentine

GDPRIn the two years since GDPR came into effect there have been more than 160,000 reported compliance breaches, resulting in fines totalling over €144 million. Whilst many of these breaches remain the result of human error, cybersecurity has an increasingly important role to play in ensuring customers’ personal information is kept safe.  

According to the ICO’s most recent research, almost 25% of data security incidents reported over the last quarter were the result of cybercrime. With 2020 already set to break records for rates of cyber-attacks and data breaches, it’s a crucial time to understand the role that cybersecurity plays in protecting your business.  

Providing extended visibility over your network and a dashboard functionality to log and review activity on your infrastructure, SIEM technology is your business’ best friend when it comes to compliance. Whilst maintaining GDPR compliance means ensuring many other internal processes and personnel training are in place, a SIEM solution can automate many of the security elements. Let’s explore how this technology aids not only GDPR but PCI DSS compliance also.  

Staying PCI DSS compliant 

Familiar to any organisation that stores, processes or transmits payments and cardholder datathe payment card industry data security standards (PCI DSS) include strict criteria that must be met when dealing with financial transactions.  

PCI DSS is made up of a set of controls that dictate technical and operational requirements that vendors need to meet in order to remain compliant. Amongst these are several security-based considerations, such as implementing antivirus programs and regularly testing for system vulnerabilities.  

Cardholder data is classed as personally identifiable information (PII) and therefore any breach of PCI DSS is also a breach of GDPR. In the UK, both standards are regulated by the ICO, with steep fines for non-compliance.  

Common security issues that can lead to breaches of PCI DSS are: 

  • Using default passwords 
  • Failure to install and update effective antivirus programs 
  • Lack of system monitoring, resulting in slow detection of cyber-threats 
  • Failure to log and review all network access (poor network visibility) 
  • Little or no vulnerability scanning 
  • Updates and patches not maintained 

The easiest way to ensure each of these controls is met is to source a security solution built with PCI DSS regulations in mind. Find out how UKFast’s Threat Surveillance SIEM platform helps with these standards in our previous blog here 

Staying GDPR compliant 

Two years down the line we’re all familiar with the remit of GDPR – ensuring security controls are in place to protect against personal data breaches. Year on year the amount of personal data collected by organisations continues to grow, bolstered by the increase and popularity of IoT devices 

Without the right protection in place, this becomes a free-for-all for cybercriminals. Whether their intention is to steal, harvest and sell your data or simply to erase it, the repercussions for your business are detrimental to both finances and reputation.  

While GDPR does not come with a set of specific controls to follow in the same way PCI DSS does, it advises that appropriate safeguards should be put in place. Ensuring you have the necessary software and support to detect, investigate, report and react to security risks is paramount.  

With many businesses forced to shift suddenly and unexpectedly to remote working as a result of the Covid-19 pandemic, gaps in security processes have been exposed for organisations across the globe. The ensuing increase in cyberattacks and successful data breaches has highlighted the importance of robust security measures and the value of specialist support from the right hosting provider 

Increasing remote access often correlates with an increase in endpoints, which can be difficult to secure. It’s important to retain good network visibility if you want to limit the risk of a successful data breach.  

How Threat Vision helps 

A simple way to maximise your chances of remaining PCI DSS and GDPR compliant is to invest in a security solution that combineSIEM technology, robust threat detection and response. UKFast’s Threat Vision suite has been developed entirely in-house with all relevant compliance controls in mindproviding three different solutions depending on your unique security requirements.  

Threat Vision

Threat Surveillance is UKFast’s SIEM solution, providing network visibility and a single pane of glass dashboard from which to monitor events across your infrastructure. With the option to carry out unlimited scans and draw on UKFast’s intelligence feeds, Threat Surveillance automatically detects and blocks an extensive catalogue of known threats from your network. The ability to gather and store a log of events and information is a vital part of GDPR reporting, making SIEM technology invaluable for any businesses where compliance is essential.  

Remediation of threats is just as essential as detection and, for businesses that lack the experience in-house to mitigate without supportour Threat SOC solution provides SIEM technology and security as a service. Whatever your compliance requirements, UKFast’s expert security team are on hand 24/7/365 to provide protection for your business.  

Find out more about how Threat Vision bolsters your security to keep you GDPR compliant.