PCI DSS Compliance Solutions

Identifying non-compliances and vulnerabilities rapidly and comprehensively in VMware data centers is critical for protecting PCI Cardholder Data Environments.

This overview highlights the key differentiators between Runecast Analyzer and the vRealize Operations Compliance Pack for PCI.

Can it scan my VMware Data Center environment to check for PCI DSS non-compliances?

Runecast Analyzer

Yes: There are 226 cross-referenced checks to verify whether the Cardholder Data Environment has non-compliances with PCI DSS controls.

vRealize Operations Compliance Pack for PCI

Yes, but there are only 63 cross-referenced checks to verify whether the Cardholder Data Environment has non-compliances with PCI DSS controls.

How many PCI DSS controls are covered?

Runecast Analyzer

The Runecast Analyzer covers 50 controls.

The PCI DSS profile covers 27 controls which are verified for non-compliances through automated checks.

Runecast Analyzer also provides coverage for a further 23 highly important controls in the standard through other functions in the application (such as Vulnerability Management and risk assessment)

vRealize Operations Compliance Pack for PCI

The PCI DSS profile only covers 15 controls which are verified for non-compliances through automated checks.

Does it support major VMware products?

Runecast Analyzer

Support for:

  • vSphere
  • NSX-V

vRealize Operations Compliance Pack for PCI

Support for vSphere only.

Which Version of the Standard is supported?

Runecast Analyzer

v3.2.1 (latest version - Released May 2018, standard expiry date unknown as this is the latest version)

vRealize Operations Compliance Pack for PCI

v 3.2 (Released April 2016, standard expiry date 1 January 2019)

N.B. VMware VCM (VMware Configuration Manager) only supports PCI DSS 3.1, with standard expiry date in the past: 31-Aug-16.

Can I view the content from the PCI DSS standard in the GUI?

Runecast Analyzer

Yes, the specific and full content from the relevant control, and context from the relevant requirement area, in PCI DSS v3.2.1 is provided directly in the GUI for all non-compliance checks.

vRealize Operations Compliance Pack for PCI

No.

Are my non-compliances prioritised so I can resolve the most important ones first?

Runecast Analyzer

Yes, the PCI DSS standard "Prioritized Approach" is used. Issues can be ordered by the numbered PCI security milestones to help incrementally protect against the highest risk factors while on the road to PCI DSS compliance. This helps to prioritize efforts to lower the risk of cardholder data breaches sooner in the compliance process.

vRealize Operations Compliance Pack for PCI

No.

Can I see an audit trail for how the automatic check relates to the PCI Requirement and Control?

Runecast Analyzer

Yes, a full justification is provided showing how the specific check relates to the specific control in the standard, to provide a proper audit trail.

In cases where the check relates to certain sub-sections of the control, this detail is also provided.

vRealize Operations Compliance Pack for PCI

Only the control ID number is stated and a brief description of the automated check.

Can I see detailed information to describe the technical check?

Runecast Analyzer

Yes, full technical detail is provided for each check from the appropriate industry knowledge sources. 

vRealize Operations Compliance Pack for PCI

Only a brief description of the check is provided.

Will it help me to resolve any non-compliances?

Runecast Analyzer

Yes, full technical detail from industry knowledge is provided so that you can understand the non-compliance and resolve it.

vRealize Operations Compliance Pack for PCI

Only a brief description for the technical check is provided.

Rated 5/5 stars on Gartner’s 

“…troubleshooting took too long because we had to call VMware support center in many cases. Runecast Analyzer changed all that”

Director of Network Operations

“The tool we always wanted from VMware”

Senior Systems Engineer

“Best 3rd party software for your vSphere environments,”

IT and Services admin

“It’s like having a VMware technician 24/7 auditing your VMware environment, it's absolutely great!!!”

Senior Systems Engineer

How compliant are you?

Find out today with your 14 day free trial

Runecast Analyzer discovered more than 100 issues, some of which were critical (PSOD, open ports, Network driver issues). It reduced our typical 2 issues per month to 0 and saved us lots of time.

 

We found out that there were a few ongoing issues in the environment that eventually brought our systems down. The troubleshooting took too long because we had to call VMware Support Center in many cases. Runecast Analyzer changed all that.