Excerpt from: IT Compliance
|
 |
| November 21, 2007 | | Be sure to evaluate the database functionality of any change control product you purchase for PCI compliance | I recently evaluated Tripwire’s database functionality and found it poor compared to Solidcore’s. Tripwire can’t track data accesses – and this is very important for PCI compliance. If you can’t track unauthorized access -- not modification, but ACCESS -- of sensitive data in real time and trigger alerts, it really isn’t a viable solution. Also, the technology that Tripwire uses to track modifications is also antiquated. They actually do a dump of the entire database table every time they scan to look for differences. I leave it up to the reader to figure out whether this approach will work for tables with millions of records. by
Rishi Bhargava, Product Marketing
Rishi@solidcore.com | | |
|
|
