SlideShare Title: Do My Security Controls Achieve Wireless PCI DSS? Compliance in the new world of threats Description: Companion to the AirTight Networks webinar https://attendee.gotowebinar.com/register/3592031186368052738 Infographic Why Should My Wi-Fi be PCI Compliant? http://www.slideshare.net/airtight/why-should-my-wi-fi-be-pci-compliant White papers PCI Compliance In the New World of Wireless Threats http://go.airtightnetworks.com/PCI_DSS_3.1_Compliance_In_A_New_World_Of_Threats.html PCI DSS 3.1 and the Impact on Wi-Fi Security http://go.airtightnetworks.com/PCI_DSS_3.1_Whitepaper_Impact_on_Wi-Fi_Security.html IHL Study: Impact of Wi-Fi and Store Networks on Customer experience http://go.airtightnetworks.com/IHL_Report.html Blog New PCI 3.1 Guidelines Address SSL Vulnerability http://blog.airtightnetworks.com/pci-3-1-guidelines-ssl-vulnerability/ The Cost of Non-compliance If your business accepts payment cards, it needs to be PCI compliant to protect customer data. Wi-Fi is a common attack vector. Rising threat levels and new technologies that make networked devices more mobile and interconnected mean that your wireless networks must conform to PCI standards. • The cost of non-compliance ranges from $5,000 to $200,000, depending on the card brand, the nature of non-compliance, and the number of incidents. • Total price tag for a data breach: $640,000, with an average remediation timeframe of 31 days, at a cost of 20,000 per day. Impact of Latest Trends on Wi-Fi Security • New high performance 802.11ac standard creates security blind spots. • IoT requires compliance officers to address both device volume and device diversity. Mobile Technologies Create New Requirements for Wi-Fi Networks Consumers are becoming more mobile and want to pay and access the internet from anywhere. Businesses must protect these communications. • 40% of restaurants are planning POS upgrades to add mobile POS and EMV • 56% of retailers plan to add mobile devices for store associates in 2 years Key wireless PCI requirements Req. 9.9 – Protect POS Terminals and Devices from Tampering  mPOS – devices should associate to the wireless network specific to the location.  Guest Wi-Fi services – ensure connection to the trusted network, not a honeypot. Req. 2.4 - Maintain Inventory of System Components in Scope for PCI  Identify key components in the CDE  Ensure key components are protected  Limit scope of PCI audit Req. 10.6 – Daily Log Review  Daily log reviews recognized as tedious  Focus should be on suspicious activity and actionable events/data PCI Best Practices 1. Limit audit scope through network segmentation 2. Practice security as a continual process 3. Use strong wireless encryption and authentication 4. Use IDS/IPS to monitor traffic in the CDE 5. Implement an incident response plan 6. Establish & maintain a relationship with the auditor

1. Do My Security Controls
Achieve Wireless PCI DSS?
Compliance in the new world of threats

2. You will learn about:
 The cost of non-compliance
 Trends impacting wireless PCI compliance
 PCI DSS 3.1 standard and wireless security
 PCI best practices

3. Expert Speaker
Kevin McCauley
Director of Retail Market
Development
AirTight Networks

4. View the webinar
Do My Security Controls Achieve
Wireless PCI DSS?
Compliance in the new world of threats

5. The Cost of Non-Compliance
If your business accepts payment cards, it needs to be PCI
compliant to protect customer data. Wi-Fi is a common
attack vector.
$5,000 - $200,000
Non-compliance fines per month
(Depending on the card brand, the nature of non-compliance,
and the number of incidents)
Source: Focus on PCI

6. The Cost of Remediation
Impact of a cyber-attack
Average
Remediation
Timeframe
69%
of consumers are less likely to
shop at an organization that
has been breached
31
days
Cost per day Total price tag for a data breach
$20,000 $640,000
Source: Dark Reading, October 2014

7. Impact of Latest Trends on
Wi-Fi Security
802.11ac standard accounts
for 30% of access point shipments*
*Source: IDC Worldwide Quarterly WLAN Tracker, March 2015
New high-performance 802.11ac standard
creates security blind spots
30%
11n radio cannot monitor 11ac frame
formats!

8. IDC predicts that 28 billion connected
devices will exist by 2020* – how will
network and security professionals
cope?
IoT requires compliance officers to
address both device volume and device
diversity.
*Source: IDC Worldwide Quarterly WLAN Tracker, March 2015
Internet of Things Becoming Reality
28B

9. * Source: Hospitality Technology’s POS Software Trend Report 2015
** Source: BRP – POS/Customer Engagement Survey 2015
Mobile Technologies Create New
Requirements for Wi-Fi Networks
of restaurants are planning
POS upgrades to add
mobile POS and EMV*
47%
Consumers are becoming more mobile and want to pay
and access the internet from anywhere. Employees are
going mobile, too.
of retailers plan to add mobile
devices for store associates
within 2 years**
56%

10. Grab the Trends Infographic from SlideShare
View the infographic

11. Need In-depth Information?
Download white paper [PDF]: “PCI Compliance In The
New World of Threats: Do My Security Controls Achieve
Wireless PCI DSS?”

12. PCI DSS Wireless Requirements
DSS Section No WLAN WLAN Deployed
Scanning
Requirements
Section 11.1 Quarterly wireless scan
Section 11.4 Monitor wireless alerts
Section 12.9 Incident response plan
Security
Requirements
Section 2.1.1 Change defaults n/a
Section 4.1.1 802.11i security n/a
Section 9.1.3 Physical security n/a
Section 10.5.4 Wireless logs n/a
Section 10.6 Wireless log review n/a
Section 12.3 Usage policies n/a

13. Req. 9.9 – Protect POS Terminals and
Devices from Tampering
 mPOS – devices should associate to the
wireless network specific to the location.
 Guest Wi-Fi services – ensure connection
to the trusted network, not a honeypot.
How does AirTight WIPS help?
 Eliminates false positives
 Integrates with existing monitoring tools

14. Req. 2.4 – Maintain Inventory of System
Components in Scope for PCI
 Identify key components in the CDE
 Ensure key components are protected
 Limit scope of PCI audit
How does AirTight WIPS help?
 Inventories all wireless assets in the environment
 Separates your assets from neighboring assets
 Eliminates manual inventory methods
 Defines scope of PCI audit

15. Req. 10.6 – Daily Log Review
 Daily log reviews recognized as tedious
 Focus should be on suspicious activity
and actionable events/data
How does AirTight WIPS help?
 Device classification accuracy eliminates false positives
 Integrates with existing monitoring tools

16. Securing Large Environments
“Visual inspection” inadequate for complex environments

17. PCI Best Practices
1. Limit audit scope through network segmentation
2. Practice security as a continual process
3. Use strong wireless encryption and authentication
4. Use IDS/IPS to monitor traffic in the CDE
5. Implement an incident response plan
6. Establish & maintain a relationship with the auditor

18. Automate Your Wireless PCI Compliance
Learn
about
AirTight’s
PCI
solutions

19. Need In-depth Information?
Download the whitepaper [PDF] : “PCI DSS 3.1 and
the Impact on WiFi Security”

20. Retailers’ Plans to Update WAN/WLAN
Security
Source: IHL Group – Impact of Store Networks and Wi-Fi on
Customer Experience 2015 (sponsored by AirTight & EarthLink)
Download
the report

21. Security/Compliance Highest in
Wi-Fi Selection Criteria
Source: IHL Group – Impact of Store Networks and Wi-Fi on
Customer Experience 2015
Security
PCI Compliance
Centralized Control
Costs
SLAs
Vendor Reputation
Analytics/Social Media

22. Download the IHL Report (PDF): Impact of Store
Networks and Wi-Fi on Customer Experience
2015 Study: The Payback on Store Wi-Fi

23. The Roadmap to Wireless Security
Adopt behavior-based approach
Does the system
filter out only
genuine threats?
Is threat
scanning spot or
continuous?
Can the system
detect all types of
vulnerabilities?
Can the solution
automatically
contain threats?

24. What is Behavior-based Security?
Read about AirTight’s behavior-
based security on our blog
Are You Safe?
Schedule a FREE wireless
vulnerability assessment

25. More Webinars with Kevin McCauley
View on demand
View on demand

26. PCI DSS 3.1 Webinar on Demand
www.slideshare.net/airtight
New PCI 3.1 Guidelines Address
SSL Vulnerability via
@AirTight blog

27. Secure Cloud Wi-Fi for
Distributed Enterprise
Want to learn more?
Request a demo