Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Simplify PCI DSS Compliance with AlienVault USM

2,135 views

Published on

Learn about common challenges in PCI DSS compliance and how to use AlienVault USM to overcome them more easily.

Published in: Technology
  • Be the first to comment

Simplify PCI DSS Compliance with AlienVault USM

  1. 1. Simplify PCI DSS Compliance with AlienVault USM Mark Allen, Technical Sales Manager Anthony Mack, Sales Engineer
  2. 2. What We’ll Cover • An overview of PCI DSS • Common challenges in PCI DSS compliance • Questions to ask as you plan and prepare • Core capabilities needed to demonstrate compliance • How to use AlienVault USM to simplify compliance
  3. 3. PCI DSS • All entities that store, process or transmit payment cardholder data must maintain payment security • 3 steps for compliance 1. Assess 2. Remediate 3. Report • Goal: Make payment security ‘business-as-usual’
  4. 4. PCI Compliance and Security “In 10 years, of all companies investigated by Verizon forensics team following a breach, 0 were found to have been fully PCI compliant at the time of the breach” Data from 2015 Verizon PCI Report
  5. 5. PCI DSS Version 3.1 GOALS PCI DSS REQUIREMENTS Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software or programs 6. Develop and maintain secure systems and applications Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security for employees and contractors
  6. 6. The State of Compliance Source: Verizon 2015 PCI Compliance Report • 4 out of 5 organizations not fully compliant • Only 1 in 4 organizations remained fully PCI compliant less than a year after a successful PCI validation • Requirement 11 remains the biggest challenge for organizations
  7. 7. Common Challenges • Collecting relevant data on the state of your compliance • Critical events • Configuration status • Documenting the state of your compliance • Keep the auditor happy • Maintaining compliance and making it part of “business as usual”
  8. 8. Questions to Ask • Where are your in-scope assets? • How are they configured? • How are they segmented from the rest of your network? • Who accesses these resources ? • When, Where, What can they do, and How? • What are the vulnerabilities on these devices? • Apps, OS, etc? • What constitutes your network baseline? • What is considered “normal” or “acceptable”?
  9. 9. What functionality do I need for PCI DSS?
  10. 10. Identify systems & applications What functionality do I need for PCI DSS?
  11. 11. Identify systems & applications Document vulnerable assets What functionality do I need for PCI DSS?
  12. 12. Identify systems & applications Document vulnerable assets Find threats on your network What functionality do I need for PCI DSS?
  13. 13. Identify systems & applications Document vulnerable assets Find threats on your network Look for unusual behavior What functionality do I need for PCI DSS?
  14. 14. Correlate the data & respond Identify systems & applications Document vulnerable assets Find threats on your network Look for unusual behavior What functionality do I need for PCI DSS?
  15. 15. ASSET DISCOVERY • Active & Passive Network Scanning • Asset Inventory • Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning • Remediation Verification BEHAVIORAL MONITORING • Netflow Analysis • Service Availability Monitoring SIEM • Log Management • OTX threat data • SIEM Event Correlation • Incident Response INTRUSION DETECTION • Network IDS • Host IDS • File Integrity Monitoring The AlienVault Unified Security Management Platform (USM) Unified, Essential Security Controls
  16. 16. Actionable Threat Intelligence: Let Us do the Work! • Automatically detect and prioritize threats through:  Correlation Directives  Network IDS Signatures  Host IDS Signatures  Asset Discovery Signatures  Vulnerability Assessment Signatures  Reporting Modules  Incident Response Templates  Data Source Plug-Ins • Spend your time responding to threats, not researching them.
  17. 17. Open Threat Exchange (OTX) • The world’s first truly open threat intelligence community • Enables collaborative defense with actionable, community-powered threat data • With more than 37,000 participants in 140+ countries • And more than 3 million threat indicators contributed daily • Enables security professionals to share threat data and benefit from data shared by others • Integrated with the USM platform to alert you when known bad actors are communicating with your systems
  18. 18. PCI Compliance Reports in USM Report Name PCI DSS Requirements Admin Access to Systems 10.1-10.2 which focus on creating an audit trail of user access to critical systems Firewall Configuration Changes 1.1-1.3 which focus on firewalls and network device configuration Authentication with Default Credentials 2.x which focuses on the use of vendor-supplied default credentials All Antivirus Security Risk Events 5.1-5.2 which require anti-virus scanning with an up-to- date anti-virus solution Database Failed Logins 7.1-7.2 which focus on limiting access to PCI data to only those who “need to know” ….plus 25 more!
  19. 19. Grouping In-Scope Assets Built-in asset discovery provides a dynamic inventory allowing cardholder-related resources to be identified and monitored for unusual activity Custom dashboards focusing on key assets highlights pertinent data
  20. 20. Generating Tickets For Vulnerabilities USM’s built-in software ticketing system creates trouble tickets from vulnerability scans and alarms These tickets specify who owns the remediation, the status and descriptive information The tickets also provide a historical record of issues handled, as well as the capability to transfer tickets, assign them to others and push work to other groups USM can also send email to an individual, external ticketing system, or execute a script as a result of a discovered vulnerability
  21. 21. Identifying Assets with Vendor Supplied Passwords As stated earlier, neglecting to change the default password on ANY network device, especially anything allowing access to cardholder data is a terrible idea and leaves a huge hole in your defenses USM is able to scan your assets for vulnerabilities such as allowing access via default passwords and generate reports on the findings This data can be crucial when verifying adherence to this practice to an auditor
  22. 22. 888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Now for some Questions.. Questions? Hello@AlienVault.com Twitter : @alienvault Download a Free 30-Day Trial of USM http://www.alienvault.com/free-trial Check out our 15-Day Trial of USM for AWS https://www.alienvault.com/free-trial/usm-for-aws Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Join OTX: https://www.alienvault.com/open-threat-exchange

×