Meeting PCI: How to Use Information Security Tools to Meet the 12 Requirements of PCI-DSS

There are many commercially available information security tools on the market, many of which can help with PCI compliance. At a minimum, PCI-DSS requires a firewall and Intrusion Prevention System (IPS). Note that most modern IPS devices will provide firewall functionality as well, a Database Monitoring system (DAM, or DBM) and/or an Application Monitoring system to monitor, protect, and log all access to sensitive data, a Log Management system to store all logs in a secure manner, for audit purposes, a Security Information & Event Management system (SIEM) to bring all the required event and asset data together, for incident detection, response, and reporting purposes.