Downloaded 65 times
Uploaded byAlienVault
How to Simplify PCI DSS Compliance with AlienVault USM
The document outlines a presentation on simplifying PCI DSS compliance using AlienVault USM, addressing key aspects such as compliance challenges, necessary capabilities, and the steps for maintaining compliance. It highlights the importance of monitoring network resources, documenting vulnerabilities, and maintaining security as part of daily operations. Additionally, the document emphasizes the use of various USM functionalities to track compliance and manage risk effectively.
More Related Content
Similar to How to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USM
- 1. Presenters: Mark Allen, SalesEngineer SIMPLIFY PCI DSS COMPLIANCE WITH ALIENVAULT USM
- 2. What We’ll Discuss •An overview of PCI DSS • Common challenges in PCI DSS compliance • Questions to ask as you plan and prepare • Core capabilities needed to demonstrate compliance • How to use AlienVault USM to simplify compliance
- 3. PCI DSS Version3.x • All businesses that store, process or transmit payment cardholder data must be PCI Compliant • 3 steps for compliance 1. Assess 2. Remediate 3. Report • Goal: Make payment security ‘business-as-usual’
- 4. PCI Compliance andSecurity “In 10 years, of all companies investigated by Verizon forensics team following a breach, 0 were found to have been fully PCI compliant at the time of the breach” Data from 2015 Verizon PCI Report
- 5.
- 6. Poor Compliance WhenBreached #10 - Track & monitor all access to network resources & cardholder data #7 - Restrict access to cardholder data by business need to know Source: Verizon 2014 PCI Compliance Report
- 7. Common Challenges • Collectingrelevant data on the state of your compliance • Critical events • Configuration status • Documenting the state of your compliance • Keep the auditor happy • Maintaining compliance and making it part of “business as usual”
- 8. Questions to Ask •Where are your in-scope assets, how are they configured, and how are they segmented from the rest of your network? • Who accesses these resources (and When, Where, What can they do, and How)? • What are the vulnerabilities that are in your in-scope devices – Apps, OS, etc? • What constitutes your network baseline? What is considered “normal” or “acceptable”?
- 9. What functionality do I needfor PCI DSS?
- 10. Identify systems & applications What functionality do Ineed for PCI DSS?
- 11.
- 12. Identify systems & applications Document vulnerable assets Find threatson your network What functionality do I need for PCI DSS?
- 13. Identify systems & applications Document vulnerable assets Find threatson your network Look for unusual behavior What functionality do I need for PCI DSS?
- 14. Correlate the data & respond Identify systems& applications Document vulnerable assets Find threats on your network Look for unusual behavior What functionality do I need for PCI DSS?
- 15. SIEM • Log Collection •Event Correlation • Incident Response BEHAVIORAL MONITORING • Netflow Analysis • Service Availability Monitoring ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning INTRUSION DETECTION • Network IDS • Host IDS • File Integrity Monitoring
- 16. OTX + AlienVaultLabs Threat Intelligence powered by Open Collaboration
- 17. PCI Compliance Reportsin USM Report Name PCI DSS Requirements Admin Access to Systems 10.1-10.2 which focus on creating an audit trail of user access to critical systems Firewall Configuration Changes 1.1-1.3 which focus on firewalls and network device configuration Authentication with Default Credentials 2.x which focuses on the use of vendor-supplied default credentials All Antivirus Security Risk Events 5.1-5.2 which require anti-virus scanning with an up-to- date anti-virus solution Database Failed Logins 7.1-7.2 which focus on limiting access to PCI data to only those who “need to know” ….plus 25 more!
- 18. Grouping In-Scope Assets Built-inasset discovery provides a dynamic inventory allowing cardholder-related resources to be identified and monitored for unusual activity. Custom dashboards focusing on key assets highlights pertinent data
- 19. Generating Tickets ForVulnerabilities USM’s built-in software ticketing system creates trouble tickets from vulnerability scans and alarms. These tickets specify who owns the remediation, the status and descriptive information. The tickets also provide a historical record of issues handled, as well as the capability to transfer tickets, assign them to others and push work to other groups USM can also send email to an individual, external ticketing system, or execute a script as a result of a discovered vulnerability.
- 20. Identifying Assets withVendor Supplied Passwords As stated earlier, neglecting to change the default password on ANY network device, especially anything allowing access to cardholder data is a terrible idea and leaves a huge hole in your defenses. USM is able to scan your assets for vulnerabilities such as allowing access via default passwords and generate reports on the findings. This data can be crucial when verifying adherence to this practice to an auditor
- 21. 888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Now forsome Q&A Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Product Sandbox http://www.alienvault.com/live-demo-site Watch our Product Demo https://www.alienvault.com/marketing/alienvault-usm-live-demo
Editor's Notes
- #17 Integrated approach to threat intel Comprised of OTX (data from 140+ countries) and the independent research from our AlienVault Labs’ team we’re analyzing over 500.000 malware samples per day Users submitting an average of ~11 million per month (365,000 a day) Updated every 30 minutes the ability to quickly convert data into actionable information So you can call out those truly significant events to help you prioritize your efforts reduce the need for in-house expertise. ------ OTX derives its data from three primary sources: USM and OSSIM that systems that enable OTX sharing, external feeds from public researchers and partners, and the research from our alienvault labs team. - This data is automatically analyzed through a powerful discovery engine that is able to granularly analyze the nature of the threat, and a similarly powerful validation engine that continually curates the database and certifies the validity of those threats. Crowd-sourced information remains the core focus of OTX. OTX derives information from normalized an anonymous event logs: firewalls, content filters, ips/ids logs, etc. We receive approximately 17,000 contributions daily from over 140+ countries. -I want to make something clear: OTX's information is anonymous and normalized. OTX does not analyze your data or do anything that would identify you, we are solely focused on analyzing the nature of the threat jeopardizing your system. OTX derives a significant amount of data from the security community. We work with public research institutions, government organizations, and private companies and partners to share and analyze threat data. With over 50+ partners working with us on OTX, if you look around Blackhat you're likely to see some of our partners. - AlienVault labs research is also a critical part of our analysis. Our labs team generates novel research on high profile threats, as well as instrumenting the automatic analysis for discovering and certifying all threats coming from OTX partners and OSSIM and USM customers who opt in to share data.
- #22 Seed questions: What are some of the areas you see a lot of customers failing at when the PCI report is run? How do PCI requirements correlate with actual events that you are detecting? How does your product keep up with changing PCI requirements?