Presenters:
Mark Allen, Sales Engineer
SIMPLIFY PCI DSS COMPLIANCE WITH
ALIENVAULT USM
What We’ll Discuss
• An overview of PCI DSS
• Common challenges in PCI DSS
compliance
• Questions to ask as you plan and p...
PCI DSS Version 3.x
• All businesses that store, process or transmit payment
cardholder data must be PCI Compliant
• 3 ste...
PCI Compliance and Security
“In 10 years, of all companies
investigated by Verizon forensics
team following a breach, 0 we...
PCI DSS Version 3.x
Poor Compliance When Breached
#10 - Track &
monitor all access to
network resources &
cardholder data
#7 - Restrict access...
Common Challenges
• Collecting relevant data on the state of your compliance
• Critical events
• Configuration status
• Do...
Questions to Ask
• Where are your in-scope assets, how are they configured,
and how are they segmented from the rest of yo...
What
functionality
do I need for
PCI DSS?
Identify
systems &
applications
What
functionality
do I need for
PCI DSS?
Identify
systems &
applications
Document
vulnerable
assets
What
functionality
do I need for
PCI DSS?
Identify
systems &
applications
Document
vulnerable
assets
Find threats on
your network
What
functionality
do I need for
P...
Identify
systems &
applications
Document
vulnerable
assets
Find threats on
your network
Look for
unusual
behavior
What
fun...
Correlate
the data &
respond
Identify
systems &
applications
Document
vulnerable
assets
Find threats on
your network
Look ...
SIEM
• Log Collection
• Event Correlation
• Incident Response
BEHAVIORAL
MONITORING
• Netflow Analysis
• Service Availabil...
OTX + AlienVault Labs
Threat Intelligence powered by
Open Collaboration
PCI Compliance Reports in USM
Report Name PCI DSS Requirements
Admin Access to Systems 10.1-10.2 which focus on creating a...
Grouping In-Scope Assets
Built-in asset discovery provides
a dynamic inventory allowing
cardholder-related resources to
be...
Generating Tickets For Vulnerabilities
USM’s built-in software ticketing system
creates trouble tickets from vulnerability...
Identifying Assets with Vendor Supplied Passwords
As stated earlier, neglecting to change the
default password on ANY netw...
888.613.6023
ALIENVAULT.COM
CONTACT US
HELLO@ALIENVAULT.COM
Now for some Q&A
Test Drive AlienVault USM
Download a Free 30-...
Upcoming SlideShare
Loading in …5
×

How to Simplify PCI DSS Compliance with AlienVault USM

1,419 views

Published on

Demonstrating compliance with PCI DSS is far from a trivial exercise. Those 12 requirements often translate into a lot of manual and labor-intensive tasks, along with the need to access data and reports from many different systems and tools. Join us for this technical demo to learn how AlienVault can simplify PCI DSS compliance and improve your overall security posture.

We'll cover:

Common PCI DSS compliance challenges
Questions to ask as you plan and prepare
Core capabilities needed to demonstrate compliance
How AlienVault Unified Security Management simplifies compliance and threat detection
Core capabilities needed to demonstrate compliance
How to simplify compliance with a unified approach to security

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,419
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
58
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Integrated approach to threat intel
    Comprised of OTX (data from 140+ countries) and the independent research from our AlienVault Labs’ team
    we’re analyzing over 500.000 malware samples per day
    Users submitting an average of ~11 million per month (365,000 a day)
    Updated every 30 minutes
    the ability to quickly convert data into actionable information
    So you can call out those truly significant events to help you prioritize your efforts
    reduce the need for in-house expertise.

    ------
    OTX derives its data from three primary sources: USM and OSSIM that systems that enable OTX sharing, external feeds from public researchers and partners, and the research from our alienvault
    labs team.
    - This data is automatically analyzed through a powerful discovery engine that is able to granularly analyze the nature of the threat, and a similarly powerful validation engine
    that continually curates the database and certifies the validity of those threats.

    Crowd-sourced information remains the core focus of OTX. OTX derives information from normalized an anonymous event logs: firewalls, content filters, ips/ids logs, etc. We receive approximately 17,000 contributions daily from over 140+ countries.
    -I want to make something clear: OTX's information is anonymous and normalized. OTX does not analyze your data or do anything that would identify you,
    we are solely focused on analyzing the nature of the threat jeopardizing your system.

    OTX derives a significant amount of data from the security community. We work with public research institutions, government organizations, and private companies and partners to
    share and analyze threat data. With over 50+ partners working with us on OTX, if you look around Blackhat you're likely to see some of our partners.

    - AlienVault labs research is also a critical part of our analysis. Our labs team generates novel research on high profile threats, as well as instrumenting the automatic analysis for discovering
    and certifying all threats coming from OTX partners and OSSIM and USM customers who opt in to share data.

  • Seed questions:
    What are some of the areas you see a lot of customers failing at when the PCI report is run?
    How do PCI requirements correlate with actual events that you are detecting?
    How does your product keep up with changing PCI requirements?
  • How to Simplify PCI DSS Compliance with AlienVault USM

    1. 1. Presenters: Mark Allen, Sales Engineer SIMPLIFY PCI DSS COMPLIANCE WITH ALIENVAULT USM
    2. 2. What We’ll Discuss • An overview of PCI DSS • Common challenges in PCI DSS compliance • Questions to ask as you plan and prepare • Core capabilities needed to demonstrate compliance • How to use AlienVault USM to simplify compliance
    3. 3. PCI DSS Version 3.x • All businesses that store, process or transmit payment cardholder data must be PCI Compliant • 3 steps for compliance 1. Assess 2. Remediate 3. Report • Goal: Make payment security ‘business-as-usual’
    4. 4. PCI Compliance and Security “In 10 years, of all companies investigated by Verizon forensics team following a breach, 0 were found to have been fully PCI compliant at the time of the breach” Data from 2015 Verizon PCI Report
    5. 5. PCI DSS Version 3.x
    6. 6. Poor Compliance When Breached #10 - Track & monitor all access to network resources & cardholder data #7 - Restrict access to cardholder data by business need to know Source: Verizon 2014 PCI Compliance Report
    7. 7. Common Challenges • Collecting relevant data on the state of your compliance • Critical events • Configuration status • Documenting the state of your compliance • Keep the auditor happy • Maintaining compliance and making it part of “business as usual”
    8. 8. Questions to Ask • Where are your in-scope assets, how are they configured, and how are they segmented from the rest of your network? • Who accesses these resources (and When, Where, What can they do, and How)? • What are the vulnerabilities that are in your in-scope devices – Apps, OS, etc? • What constitutes your network baseline? What is considered “normal” or “acceptable”?
    9. 9. What functionality do I need for PCI DSS?
    10. 10. Identify systems & applications What functionality do I need for PCI DSS?
    11. 11. Identify systems & applications Document vulnerable assets What functionality do I need for PCI DSS?
    12. 12. Identify systems & applications Document vulnerable assets Find threats on your network What functionality do I need for PCI DSS?
    13. 13. Identify systems & applications Document vulnerable assets Find threats on your network Look for unusual behavior What functionality do I need for PCI DSS?
    14. 14. Correlate the data & respond Identify systems & applications Document vulnerable assets Find threats on your network Look for unusual behavior What functionality do I need for PCI DSS?
    15. 15. SIEM • Log Collection • Event Correlation • Incident Response BEHAVIORAL MONITORING • Netflow Analysis • Service Availability Monitoring ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning INTRUSION DETECTION • Network IDS • Host IDS • File Integrity Monitoring
    16. 16. OTX + AlienVault Labs Threat Intelligence powered by Open Collaboration
    17. 17. PCI Compliance Reports in USM Report Name PCI DSS Requirements Admin Access to Systems 10.1-10.2 which focus on creating an audit trail of user access to critical systems Firewall Configuration Changes 1.1-1.3 which focus on firewalls and network device configuration Authentication with Default Credentials 2.x which focuses on the use of vendor-supplied default credentials All Antivirus Security Risk Events 5.1-5.2 which require anti-virus scanning with an up-to- date anti-virus solution Database Failed Logins 7.1-7.2 which focus on limiting access to PCI data to only those who “need to know” ….plus 25 more!
    18. 18. Grouping In-Scope Assets Built-in asset discovery provides a dynamic inventory allowing cardholder-related resources to be identified and monitored for unusual activity. Custom dashboards focusing on key assets highlights pertinent data
    19. 19. Generating Tickets For Vulnerabilities USM’s built-in software ticketing system creates trouble tickets from vulnerability scans and alarms. These tickets specify who owns the remediation, the status and descriptive information. The tickets also provide a historical record of issues handled, as well as the capability to transfer tickets, assign them to others and push work to other groups USM can also send email to an individual, external ticketing system, or execute a script as a result of a discovered vulnerability.
    20. 20. Identifying Assets with Vendor Supplied Passwords As stated earlier, neglecting to change the default password on ANY network device, especially anything allowing access to cardholder data is a terrible idea and leaves a huge hole in your defenses. USM is able to scan your assets for vulnerabilities such as allowing access via default passwords and generate reports on the findings. This data can be crucial when verifying adherence to this practice to an auditor
    21. 21. 888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Now for some Q&A Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Product Sandbox http://www.alienvault.com/live-demo-site Watch our Product Demo https://www.alienvault.com/marketing/alienvault-usm-live-demo

    ×