How to Simplify PCI DSS Compliance with AlienVault USM
•Download as PPTX, PDF•
2 likes•1,890 views
Demonstrating compliance with PCI DSS is far from a trivial exercise. Those 12 requirements often translate into a lot of manual and labor-intensive tasks, along with the need to access data and reports from many different systems and tools. Join us for this technical demo to learn how AlienVault can simplify PCI DSS compliance and improve your overall security posture. We'll cover: Common PCI DSS compliance challenges Questions to ask as you plan and prepare Core capabilities needed to demonstrate compliance How AlienVault Unified Security Management simplifies compliance and threat detection Core capabilities needed to demonstrate compliance How to simplify compliance with a unified approach to security
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to How to Simplify PCI DSS Compliance with AlienVault USM
Similar to How to Simplify PCI DSS Compliance with AlienVault USM (20)
More from AlienVault
More from AlienVault (19)
Recently uploaded
Recently uploaded (20)
How to Simplify PCI DSS Compliance with AlienVault USM
- 1. Presenters: Mark Allen, Sales Engineer SIMPLIFY PCI DSS COMPLIANCE WITH ALIENVAULT USM
- 2. What We’ll Discuss • An overview of PCI DSS • Common challenges in PCI DSS compliance • Questions to ask as you plan and prepare • Core capabilities needed to demonstrate compliance • How to use AlienVault USM to simplify compliance
- 3. PCI DSS Version 3.x • All businesses that store, process or transmit payment cardholder data must be PCI Compliant • 3 steps for compliance 1. Assess 2. Remediate 3. Report • Goal: Make payment security ‘business-as-usual’
- 4. PCI Compliance and Security “In 10 years, of all companies investigated by Verizon forensics team following a breach, 0 were found to have been fully PCI compliant at the time of the breach” Data from 2015 Verizon PCI Report
- 5. PCI DSS Version 3.x
- 6. Poor Compliance When Breached #10 - Track & monitor all access to network resources & cardholder data #7 - Restrict access to cardholder data by business need to know Source: Verizon 2014 PCI Compliance Report
- 7. Common Challenges • Collecting relevant data on the state of your compliance • Critical events • Configuration status • Documenting the state of your compliance • Keep the auditor happy • Maintaining compliance and making it part of “business as usual”
- 8. Questions to Ask • Where are your in-scope assets, how are they configured, and how are they segmented from the rest of your network? • Who accesses these resources (and When, Where, What can they do, and How)? • What are the vulnerabilities that are in your in-scope devices – Apps, OS, etc? • What constitutes your network baseline? What is considered “normal” or “acceptable”?
- 9. What functionality do I need for PCI DSS?
- 10. Identify systems & applications What functionality do I need for PCI DSS?
- 11. Identify systems & applications Document vulnerable assets What functionality do I need for PCI DSS?
- 12. Identify systems & applications Document vulnerable assets Find threats on your network What functionality do I need for PCI DSS?
- 13. Identify systems & applications Document vulnerable assets Find threats on your network Look for unusual behavior What functionality do I need for PCI DSS?
- 14. Correlate the data & respond Identify systems & applications Document vulnerable assets Find threats on your network Look for unusual behavior What functionality do I need for PCI DSS?
- 15. SIEM • Log Collection • Event Correlation • Incident Response BEHAVIORAL MONITORING • Netflow Analysis • Service Availability Monitoring ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning INTRUSION DETECTION • Network IDS • Host IDS • File Integrity Monitoring
- 16. OTX + AlienVault Labs Threat Intelligence powered by Open Collaboration
- 17. PCI Compliance Reports in USM Report Name PCI DSS Requirements Admin Access to Systems 10.1-10.2 which focus on creating an audit trail of user access to critical systems Firewall Configuration Changes 1.1-1.3 which focus on firewalls and network device configuration Authentication with Default Credentials 2.x which focuses on the use of vendor-supplied default credentials All Antivirus Security Risk Events 5.1-5.2 which require anti-virus scanning with an up-to- date anti-virus solution Database Failed Logins 7.1-7.2 which focus on limiting access to PCI data to only those who “need to know” ….plus 25 more!
- 18. Grouping In-Scope Assets Built-in asset discovery provides a dynamic inventory allowing cardholder-related resources to be identified and monitored for unusual activity. Custom dashboards focusing on key assets highlights pertinent data
- 19. Generating Tickets For Vulnerabilities USM’s built-in software ticketing system creates trouble tickets from vulnerability scans and alarms. These tickets specify who owns the remediation, the status and descriptive information. The tickets also provide a historical record of issues handled, as well as the capability to transfer tickets, assign them to others and push work to other groups USM can also send email to an individual, external ticketing system, or execute a script as a result of a discovered vulnerability.
- 20. Identifying Assets with Vendor Supplied Passwords As stated earlier, neglecting to change the default password on ANY network device, especially anything allowing access to cardholder data is a terrible idea and leaves a huge hole in your defenses. USM is able to scan your assets for vulnerabilities such as allowing access via default passwords and generate reports on the findings. This data can be crucial when verifying adherence to this practice to an auditor
- 21. 888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Now for some Q&A Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Product Sandbox http://www.alienvault.com/live-demo-site Watch our Product Demo https://www.alienvault.com/marketing/alienvault-usm-live-demo
Editor's Notes
- Integrated approach to threat intel Comprised of OTX (data from 140+ countries) and the independent research from our AlienVault Labs’ team we’re analyzing over 500.000 malware samples per day Users submitting an average of ~11 million per month (365,000 a day) Updated every 30 minutes the ability to quickly convert data into actionable information So you can call out those truly significant events to help you prioritize your efforts reduce the need for in-house expertise. ------ OTX derives its data from three primary sources: USM and OSSIM that systems that enable OTX sharing, external feeds from public researchers and partners, and the research from our alienvault labs team. - This data is automatically analyzed through a powerful discovery engine that is able to granularly analyze the nature of the threat, and a similarly powerful validation engine that continually curates the database and certifies the validity of those threats. Crowd-sourced information remains the core focus of OTX. OTX derives information from normalized an anonymous event logs: firewalls, content filters, ips/ids logs, etc. We receive approximately 17,000 contributions daily from over 140+ countries. -I want to make something clear: OTX's information is anonymous and normalized. OTX does not analyze your data or do anything that would identify you, we are solely focused on analyzing the nature of the threat jeopardizing your system. OTX derives a significant amount of data from the security community. We work with public research institutions, government organizations, and private companies and partners to share and analyze threat data. With over 50+ partners working with us on OTX, if you look around Blackhat you're likely to see some of our partners. - AlienVault labs research is also a critical part of our analysis. Our labs team generates novel research on high profile threats, as well as instrumenting the automatic analysis for discovering and certifying all threats coming from OTX partners and OSSIM and USM customers who opt in to share data.
- Seed questions: What are some of the areas you see a lot of customers failing at when the PCI report is run? How do PCI requirements correlate with actual events that you are detecting? How does your product keep up with changing PCI requirements?