GoToManage Logs – PCI Compliance
GoToManage enables you to collect all of your log data – no matter where your applications 
are running. Automate the collection of all your on-premises and cloud-based logs and index, search, and visualize them to meet the Payment Card Industry (PCI) Data Security Standard with no servers to deploy or software hassles. And with GoToManage's universal IT search technology, you can run queries across millions of records and get results in under a second.
The GoToManage Logs service securely collects all PCI-relevant data including detailed information about your physical and virtual machines, software, and users in addition to all of the logs. 
This gives you the most complete snapshot of any PCI solution and ensures that you can comply with the PCI requirements for log collection, review, and long-term retention.
Compare GoToManage to other log solutions for PCI and it is clear that there is only one choice if you are interested in covering a significant number of requirements with one solution.
It only takes about five minutes to start collecting your log files and using the search and analytics capabilities to meet the PCI requirements. Legacy software and appliance solutions force you to make large investments to store log data for a minimum of a year, but with GoToManage you can avoid all Capex costs.
Features:
- Automates the collection and centralization of logs (from unlimited log sources)
- Includes all asset, software, and configuration data
- Universal IT search technology (for instant retrieval of events from millions of records)
- Analytics engine for visual charting and dashboard creation
- Alert engine for email and SMS notification(via Twitter) of key events
- Unlimited charts and dashboards (with complete customization)
- Hundreds of saved queries, dashboards, and alerts through the community
Benefits:
- Prove compliance across a wide range of PCI DSS requirements
- Immediate compliance with PCI requirements for log collection, retention, and review
- Eliminate the need to provision complex software and expensive hardware
- Respond to auditor's request for data in seconds
| Number | PCI DSS Requirement | GoToManage | Other log vendors |
|---|---|---|---|
| 1.1.2 | Generate current network diagram |  |
|
| 1.1.6 | Review firewall and router configurations | |
|
| 1.2 | Verify firewall and router connections are restricted | |
|
| 1.2.2 | Verify router configurations are synchronized | |
|
| 1.4 | Verify that employee-owned computers have firewalls | |
|
| 2.2.1 | Verify that system components have one primary function | |
|
| 2.2.2 | Verify that unnecessary or insecure protocols are not enabled | |
|
| 2.3 | Review services and parameter files on systems | |
|
| 3.4 | Examine a sample of audit logs | |
|
| 5.1 | Verify that anti-virus is deployed | |
|
| 5.2 | Verify that anti-virus is deployed | |
|
| 6.1 | Compare the list of security patches on key systems | |
|
| 6.5.6 | Do not leak information via error messages | |
|
| 10.2 | Retain logs and review them | |
|
| 10.3 | Verify proper log data is included | |
|
| 10.5 | Central collection of logs | |
|
| 10.5.3 | Verify that current audit trail files are backed up to a centralized log server | |
|
| 10.6 | Review logs for all key systems daily | |
|
| 10.7 | Retain audit trail for at least one year with minimum of three months immediately available | |
|
| 11.1 | Identify wireless devices | |
|
| Appendix A. 1.3 | Shared Hosting Providers — enable logging | |
|
