Simplify PCI DSS Compliance with AlienVault USM
-
Upload
alienvault -
Category
Technology
-
view
772 -
download
2
Transcript of Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
Mark Allen, Technical Sales ManagerAnthony Mack, Sales Engineer
What We’ll Cover• An overview of PCI DSS• Common challenges in PCI DSS
compliance• Questions to ask as you plan and
prepare• Core capabilities needed to
demonstrate compliance• How to use AlienVault USM to simplify
compliance
PCI DSS• All entities that store, process or transmit
payment cardholder data must maintain payment security
• 3 steps for compliance1. Assess2. Remediate3. Report
• Goal: Make payment security ‘business-as-usual’
PCI Compliance and Security
“In 10 years, of all companies investigated by Verizon forensics team following a breach, 0 were found to have been fully PCI compliant at the time of the breach”
Data from 2015 Verizon PCI Report
PCI DSS Version 3.1GOALS PCI DSS REQUIREMENTSBuild and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect cardholder data2. Do not use vendor-supplied defaults for system passwords and other security
parameters
Protect Cardholder Data 3. Protect stored cardholder data4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
5. Use and regularly update anti-virus software or programs6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7. Restrict access to cardholder data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes
Maintain an Information Security Policy
12. Maintain a policy that addresses information security for employees and contractors
The State of Compliance
Source: Verizon 2015 PCI Compliance Report
• 4 out of 5 organizations not fully compliant
• Only 1 in 4 organizations remained fully PCI compliant less than a year after a successful PCI validation
• Requirement 11 remains the biggest challenge for organizations
Common Challenges• Collecting relevant data on the state of your
compliance• Critical events • Configuration status
• Documenting the state of your compliance• Keep the auditor happy
• Maintaining compliance and making it part of “business as usual”
Questions to Ask• Where are your in-scope assets?
• How are they configured?• How are they segmented from the rest of your network?
• Who accesses these resources ?• When, Where, What can they do, and How?
• What are the vulnerabilities on these devices?• Apps, OS, etc?
• What constitutes your network baseline? • What is considered “normal” or “acceptable”?
What functionali
ty do I need for PCI DSS?
Identify systems &
applications
What functionali
ty do I need for PCI DSS?
Identify systems &
applications
Document vulnerable
assets
What functionali
ty do I need for PCI DSS?
Identify systems &
applications
Document vulnerable
assets
Find threats on your network
What functionali
ty do I need for PCI DSS?
Identify systems &
applications
Document vulnerable
assets
Find threats on your network
Look for unusual behavior
What functionali
ty do I need for PCI DSS?
Correlate the data
& respond
Identify systems &
applications
Document vulnerable
assets
Find threats on your network
Look for unusual behavior
What functionali
ty do I need for PCI DSS?
ASSET DISCOVERY• Active & Passive Network Scanning• Asset Inventory• Software Inventory
VULNERABILITY ASSESSMENT• Continuous
Vulnerability Monitoring• Authenticated /
Unauthenticated Active Scanning
• Remediation Verification
BEHAVIORAL MONITORING• Netflow Analysis• Service Availability
Monitoring
SIEM• Log Management• OTX threat data• SIEM Event Correlation• Incident Response
INTRUSION DETECTION• Network IDS• Host IDS• File Integrity Monitoring
The AlienVault Unified Security Management Platform (USM)
Unified, Essential Security Controls
Actionable Threat Intelligence: Let Us do the Work!
• Automatically detect and prioritize threats through: Correlation Directives Network IDS Signatures Host IDS Signatures Asset Discovery Signatures Vulnerability Assessment
Signatures Reporting Modules Incident Response Templates Data Source Plug-Ins
• Spend your time responding to threats, not researching them.
Open Threat Exchange (OTX)
• The world’s first truly open threat intelligence community
• Enables collaborative defense with actionable, community-powered threat data
• With more than 37,000 participants in 140+ countries
• And more than 3 million threat indicators contributed daily
• Enables security professionals to share threat data and benefit from data shared by others
• Integrated with the USM platform to alert you when known bad actors are communicating with your systems
PCI Compliance Reports in USMReport Name PCI DSS RequirementsAdmin Access to Systems 10.1-10.2 which focus on creating an audit trail of user
access to critical systems
Firewall Configuration Changes 1.1-1.3 which focus on firewalls and network device configuration
Authentication with Default Credentials 2.x which focuses on the use of vendor-supplied default credentials
All Antivirus Security Risk Events 5.1-5.2 which require anti-virus scanning with an up-to-date anti-virus solution
Database Failed Logins 7.1-7.2 which focus on limiting access to PCI data to only those who “need to know”
….plus 25 more!
Grouping In-Scope Assets
Built-in asset discovery provides a dynamic inventory allowing cardholder-related resources to be identified and monitored for unusual activity
Custom dashboards focusing on key assets highlights pertinent data
Generating Tickets For VulnerabilitiesUSM’s built-in software ticketing system creates trouble tickets from vulnerability scans and alarmsThese tickets specify who owns the remediation, the status and descriptive informationThe tickets also provide a historical record of issues handled, as well as the capability to transfer tickets, assign them to others and push work to other groupsUSM can also send email to an individual, external ticketing system, or execute a script as a result of a discovered vulnerability
Identifying Assets with Vendor Supplied Passwords
As stated earlier, neglecting to change the default password on ANY network device, especially anything allowing access to cardholder data is a terrible idea and leaves a huge hole in your defensesUSM is able to scan your assets for vulnerabilities such as allowing access via default passwords and generate reports on the findingsThis data can be crucial when verifying adherence to this practice to an auditor
888.613.6023
ALIENVAULT.COM
CONTACT US
Now for some Questions..
Questions? [email protected] : @alienvault
Download a Free 30-Day Trial of USMhttp://www.alienvault.com/free-trial
Check out our 15-Day Trial of USM for AWShttps://www.alienvault.com/free-trial/usm-for-aws
Try our Interactive Demo Sitehttp://www.alienvault.com/live-demo-site
Join OTX:https://www.alienvault.com/open-threat-exchange