How to Simplify PCI DSS Compliance with Unified Security Management
Upcoming SlideShare
Loading in...5
×
 

How to Simplify PCI DSS Compliance with Unified Security Management

on

  • 444 views

Maintaining, verifying, and demonstrating compliance with the PCI DSS standard is far from a trivial exercise. Those 12 requirements often translate into a lot of manual and labor-intensive tasks – ...

Maintaining, verifying, and demonstrating compliance with the PCI DSS standard is far from a trivial exercise. Those 12 requirements often translate into a lot of manual and labor-intensive tasks – chasing down discrepancies in asset inventory spreadsheets, removing false positives from vulnerability assessment reports, and weeding through log data trying to make sense of it all. In fact, you may need to consult at least a dozen different tools for those dozen requirements. Join us for this webinar to learn how to simplify PCI DSS compliance.
In this session, we'll review:
Common PCI DSS compliance failures
A pre-audit checklist to help you plan and prepare
Core capabilities needed to demonstrate compliance
How to simplify compliance with a unified approach to security

Statistics

Views

Total Views
444
Views on SlideShare
443
Embed Views
1

Actions

Likes
1
Downloads
19
Comments
0

1 Embed 1

http://www.slideee.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Payment card data remains one of the easiest types of data to convert to cash, and therefore the preferred choice of criminals.
  • http://www.ottawacitizen.com/technology/Microsoft+support+could+millions+computers+risk+hacking/9487918/story.htmlhttp://www.businessweek.com/articles/2014-01-16/atms-face-deadline-to-upgrade-from-windows-xp
  • #10 - Track & monitor all access to network resources & cardholder data - The main mechanism for monitoring is to use system activity logs. Most applications, network appliances, and software packages can perform the level of logging required for PCI-DSS compliance. Logs also enable organizations to analyze and determine the cause of a compromise during investigations after a breach#7 - Restrict access to cardholder data by business need to know – The main mechanism for monitoring is automated event correlation. This will identify unauthorized access to systems with credit cardholder data.The other three#5 - Protect systems from malware and keep anti-virus software up to date#12 - Maintain a policy that addresses information security for all personnel#6 - Develop and maintain secure systems and applications
  • Before we even start to talk about technology, we want to think about the high level questions that you have to answer before a QSA comes on-site to work with you or you self-assess. You need to know where your assets…Principle of least privilegeWhat are the vulnerabilities that exist on the systems that are in your PCI environment – are they at the application layer, network layer, or #10 - Track & monitor all access to network resources & cardholder data - The main mechanism for monitoring is to use system activity logs. Most applications, network appliances, and software packages can perform the level of logging required for PCI-DSS compliance. Logs also enable organizations to analyze and determine the cause of a compromise during investigations after a breach#7 - Restrict access to cardholder data by business need to know – The main mechanism for monitoring is automated event correlation. This will identify unauthorized access to systems with credit cardholder data.The other three#5 - Protect systems from malware and keep anti-virus software up to date#12 - Maintain a policy that addresses information security for all personnel#6 - Develop and maintain secure systems and applications
  • We focused this on isolation. The traditional cycle: (1) we secure ourselves as much as possible, (2) never quite good enough (3) detect an incident (4) furiously figure out how they got around our controls (5) then we fix our controls. Cycle may take years, might never start. It needs to happen in each organization. We don’t have a good way to share experiences across organizations.
  • Provides real-time, actionable information that is open to anyone who chooses to participate. This allows IT practitioners to achieve preventative response by learning about how others are targeted, and employing the right defenses, to avoid becoming a target themselves. How do we ensure that the information related is not only getting pushed to the right place, but automated pushed down the line so that not just the first organization benefits but every other organization benefits from that response as well. We have the framework built out – limited information, IP information.
  • *Disclaimer: Despite the hype, you can’t automate EVERYTHING nor would you want to. This is cyber security we’re talking about!

How to Simplify PCI DSS Compliance with Unified Security Management How to Simplify PCI DSS Compliance with Unified Security Management Presentation Transcript

  • WWW.ALIENVAULT.COM HOW TO SIMPLIFY PCI DSS WITH UNIFIED SECURITY MANAGEMENT Patrick Bedwell VP, Product Marketing
  • @AlienVault agenda Common challenges /Pre-audit checklist Core capabilities for PCI Automation & consolidation Key Takeaways Q & A
  • @AlienVault SETTING THE STAGE… Common Challenges & Pre-audit Checklist
  • @AlienVault The Era of big data breaches
  • @AlienVault The era of targeted attacks 74% of attacks on retail, accommodation, and food services companies target payment card information. Data from Verizon Data Breach Investigations Reports (DBIRs), 2011, 2012 and 2013
  • @AlienVault The Era of… Uh-oh > 1.9 million Point-of-Sale (POS) machines run Windows XP ~ 95% of ATMS in US still run Windows XP
  • @AlienVault POOR COMPLIANCE WHEN BREACHED #10 - Track & monitor all access to network resources & cardholder data #7 - Restrict access to cardholder data by business need to know Source: Verizon 2014 PCI Compliance Report
  • @AlienVault Questions to ask yourself… Before the Audit Where are your in-scope assets, how are they configured, and how are they segmented from the rest of your network? Who accesses these resources (and the other W’s: When, Where, What can they do, Why and How)? What are the vulnerabilities that are in your in-scope devices – Apps, OS, etc? What constitutes your network baseline? What is considered ―normal‖ or ―acceptable‖? Ask your team… What do we never want to happen in our PCI environment? How do we capture those events when they do happen?
  • @AlienVault WHAT DO I NEED TO SIMPLIFY PCI DSS COMPLIANCE?
  • @AlienVault Piece it all together Figure out what is valuable Identify ways the target could be compromised Start looking for threats Look for strange activity which could indicate a threat What functionality do I need for PCI DSS?
  • @AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Piece it all together Identify ways the target could be compromised Start looking for threats Look for strange activity which could indicate a threat Asset Discovery What functionality do I need for PCI DSS?
  • @AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification Piece it all together Start looking for threats Look for strange activity which could indicate a threat Asset Discovery Vulnerability Assessment What functionality do I need for PCI DSS?
  • @AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Piece it all together Look for strange activity which could indicate a threat Asset Discovery Vulnerability Assessment Threat Detection What functionality do I need for PCI DSS?
  • @AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring Piece it all together Asset Discovery Vulnerability Assessment Threat Detection Behavioral Monitoring What functionality do I need for PCI DSS?
  • @AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring Security Intelligence • SIEM Event Correlation • Incident Response Asset Discovery Vulnerability Assessment Threat Detection Behavioral Monitoring Security Intelligence What functionality do I need for PCI DSS?
  • @AlienVault Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment • Network Vulnerability Testing • Remediation Verification Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring Security Intelligence • SIEM Event Correlation • Incident Response Asset Discovery Vulnerability Assessment Threat Detection Behavioral Monitoring Security Intelligence powered by AV Labs Threat Intelligence Unified Security Management
  • @AlienVault This is just the technologies… Process is a topic for another time. By the way…
  • @AlienVault ALIENVAULT LABS THREAT INTELLIGENCE: COORDINATED ANALYSIS, ACTIONABLE GUIDANCE We Stay Ahead of the Threats For You
  • @AlienVault Disrupt the Incident response cycle Detect Respond Prevent A traditional cycle … 1. Prevents known threats. 2. Detects new threats in the environment. 3. Respond to the threats – as they happen. This isolated closed loop offers no opportunity to learn from what others have experienced ….no advance notice
  • @AlienVault Traditional Response First Street Credit Union Zeta Insurance Group John Smith Auto Nation Regional Pacific Telecom Marginal Food Products
  • @AlienVault Traditional Response First Street Credit Union Zeta Insurance Group John Smith Auto Nation Regional Pacific Telecom Marginal Food Products Attack
  • @AlienVault Traditional Response First Street Credit Union Zeta Insurance Group John Smith Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect
  • @AlienVault Traditional Response First Street Credit Union Zeta Insurance Group John Smith Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Respond
  • @AlienVault Traditional Response First Street Credit Union Zeta Insurance Group John Smith Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Respond
  • @AlienVault OTX Enables Preventative Response Through an automated, real- time, threat exchange framework
  • @AlienVault A Real-Time Threat Exchange framework First Street Credit Union Zeta Insurance Group John Smith Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Open Threat Exchange Puts Preventative Response Measures in Place Through Shared Experience
  • @AlienVault A Real-Time Threat Exchange framework First Street Credit Union Zeta Insurance Group John Smith Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Open Threat Exchange Protects Others in the Network With the Preventative Response Measures
  • @AlienVault Benefits of open Threat Exchange Shifts the advantage from the attacker to the defender Open and free to everyone Each member benefits from the incidents of all other members Automated sharing of threat data
  • @AlienVault Making the Cycle more efficient Detect Respond Prevent Automated Detection Enabling Response Goal: Make the response process more effective
  • @AlienVault Threats Change. Your event correlation rules, IP reputation data, etc. should change too. It’s Impossible to Predict All Bad Things. You need a solution that evolves with you. The Need to adapt What’s not in the fine print but should be… Dynamic threat intelligence updates Flexible use case support
  • @AlienVault Why AlienVault for PCI DSS Compliance? All-in-one functionality • Easy management • Multiple functions without multiple consoles Automate what and where you can • ―Baked in‖ guidance when you can’t Flexible reporting & queries… as detailed as you want it. Dynamic Threat intelligence from AlienVault Labs
  • @AlienVault REQUIREMENT 1: Install and maintain a firewall configuration to protect cardholder data PCI DSS Requirement USM Capabilities Benefits 1.1, 1.2, 1.3  NetFlow analysis  System availability monitoring  SIEM  Asset discovery  Unified and correlated NetFlow analysis and firewall logs delivers ―single pane of glass‖ visibility into access to cardholder-related data and resources  Built-in asset discovery provides a dynamic asset inventory and topology diagrams. Cardholder-related resources can be identified and monitored for unusual activity.  Accurate and automated asset inventory combined with relevant security events accelerate incident response efforts and analysis.
  • @AlienVault REQUIREMENT 2: Do not use vendor-supplied defaults for system passwords and other security parameters PCI DSS Requirement USM Capabilities Benefits 2.1, 2.2, 2.3, 2.4  Network intrusion detection (IDS)  Vulnerability assessment  Host-based intrusion detection (HIDS) • Built-in, automated vulnerability assessment identifies the use of weak and default passwords. • Built-in host-based intrusion detection and file integrity monitoring will signal when password files and other critical system files have been modified.
  • @AlienVault PCI DSS Requirement USM Capabilities Benefits 3.6.7  Log management  Host-based intrusion detection (HIDS)  File integrity monitoring  NetFlow analysis  SIEM • Unified log review and analysis, with triggered alerts for high risk systems (containing credit cardholder data). • Built-in host-based intrusion detection and file integrity monitoring detect and alarm on changes to cryptographic keys. • Unified NetFlow analysis and event correlation monitors traffic and issues alerts on unencrypted traffic to/from cardholder-related resources. REQUIREMENT 3: Protects stored cardholder data
  • @AlienVault PCI DSS Requirement USM Capabilities Benefits 4.1  NetFlow analysis  Behavioral monitoring  Wireless IDS  SIEM • Unified NetFlow analysis and event correlation monitors traffic and issues alerts on unencrypted traffic to/from cardholder-related resources. • Built-in wireless IDS monitors encryption strength and identifies unauthorized access attempts to critical infrastructure. REQUIREMENT 4: Encrypt transmission of cardholder data across open public networks
  • @AlienVault PCI DSS Requirement USM Capabilities Benefits 5.1, 5.2, 5.3  Host-based intrusion detection (HIDS)  Network intrusion detection (IDS)  Log management • Built-in host-based intrusion detection provides an extra layer of defense against zero day threats (before an anti- virus update can be issued). • Unified log management provides an audit trail of anti- virus software use by collecting log data from anti-virus software. • Built-in network intrusion detection identifies and alerts on malware infections in the credit cardholder data environment. REQUIREMENT 5: Protect all systems against malware and regularly update anti-virus software or programs
  • @AlienVault PCI DSS Requirement USM Capabilities Benefits 6.1, 6.2, 6.3, 6.4, 6.5, 6.6  Asset discovery  Vulnerability assessment  Network intrusion detection (IDS)  SIEM • Built-in and consolidated asset inventory, vulnerability assessment, threat detection and event correlation provides a unified view of an organization’s security posture and critical system configuration. • Built-in vulnerability assessment checks for a variety of well-known security exploits (i.e., SQL injection). REQUIREMENT 6: Develop and maintain secure systems and applications
  • @AlienVault PCI DSS Requirement USM Capabilities Benefits 7.1, 7.2  SIEM • Automated event correlation identifies unauthorized access to systems with credit cardholder data. REQUIREMENT 7: Restrict access to cardholder data by business need to know
  • @AlienVault PCI DSS Requirement USM Capabilities Benefits 8.1, 8.2, 8.4, 8.5, 8.6  Log Management • Built-in log management captures all user account creation activities and can also identify unencrypted passwords on critical systems. REQUIREMENT 8: Identify and authenticate access to system components
  • @AlienVault PCI DSS Requirement USM Capabilities Benefits 10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7  Host-based intrusion detection (HIDS)  Network intrusion detection (IDS)  Behavioral monitoring  Log management  SIEM  Built-in threat detection, behavioral monitoring and event correlation signals attacks in progress—for example, unauthorized access followed by additional security exposures such as cardholder data exfiltration.  Built-in log management enables the collection and correlation of valid and invalid authentication attempts on critical devices.  Centralized, role-based access control for audit trails and event logs preserves ―chain of custody‖ for investigations. REQUIREMENT 10: Track and monitor access to all network resources and cardholder data
  • @AlienVault PCI DSS Requirement USM Capabilities Benefits 11.1, 11.2, 11.3, 11.4, 11.5  Vulnerability assessment  Wireless IDS  Host-based intrusion detection (HIDS)  File integrity monitoring  SIEM  Built-in vulnerability assessment streamlines the scanning and remediation process – one console to manage it all.  Built-in wireless IDS detects and alerts on rogue wireless access points, and weak encryption configurations.  Built-in host-based intrusion detection identifies the attachment of USB devices including WLAN cards.  Unified vulnerability assessment, threat detection, and event correlation provides full situational awareness in order to reliably test security systems and processes.  Built-in file integrity monitoring alerts on unauthorized modification of system files, configuration files, or content. REQUIREMENT 11: Regularly test security systems and processes
  • @AlienVault Consolidated Approach Lower TCO While Increasing Visibility www.alienvault.com/solutions/pci-dss-compliance
  • @AlienVault Accelerate and simplify Fast and cost-effective way for organizations to address compliance and threat management needs Complete security visibility within easy reach of smaller security teams who need to do more with less All essential security controls built-in
  • @AlienVault Key Points PCI Compliance will enhance your security monitoring / incident response program PCI Compliance is a process, not a report Find the right technology that meets your business needs now and in the future Automate and consolidate as much as possible to minimize cost, centralize visibility
  • More Questions? Tweet @AlienVault NOW FOR SOME Q&A… Three Ways to Test Drive AlienVault Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Join us for a LIVE Demo! http://www.alienvault.com/marketing/alien vault-usm-live-demo
  • @AlienVault THANK YOU