Using Data Loss Prevention for Financial Institutions Banks, Credit Unions, Payments



Similar documents
Somansa Data Security and Regulatory Compliance for Healthcare

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

The Impact of HIPAA and HITECH

Data Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

Security standards PCI-DSS, HIPAA, FISMA, ISO End Point Corporation, Jon Jensen,

PCI Compliance for Cloud Applications

Compliance in 5 Steps

AlienVault for Regulatory Compliance

Feature. Log Management: A Pragmatic Approach to PCI DSS

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Identifying Broken Business Processes

Appendix 1 Payment Card Industry Data Security Standards Program

Websense Data Security Solutions

Fortinet Solutions for Compliance Requirements

Did you know your security solution can help with PCI compliance too?

Why Encryption is Essential to the Safety of Your Business

Automate PCI Compliance Monitoring, Investigation & Reporting

The Data Security Challenge

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

PCI Data Security Standards (DSS)

IT Security & Compliance. On Time. On Budget. On Demand.

White Paper. Managing Risk to Sensitive Data with SecureSphere

WHITEPAPER. Compliance: what it means for databases

Enterprise Security Solutions

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Preemptive security solutions for healthcare

Sample Data Security Policies

A Buyer's Guide to Data Loss Protection Solutions

CSR Breach Reporting Service Frequently Asked Questions

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Self-Service SOX Auditing With S3 Control

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

McAfee Data Protection Solutions

Prevent Security Breaches by Protecting Information Proactively

Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

Compliance Guide: PCI DSS

MySQL Security: Best Practices

Information Technology Solutions

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

Vulnerability. Management

How To Achieve Pca Compliance With Redhat Enterprise Linux

BANKING SECURITY and COMPLIANCE

Real-Time Database Protection and. Overview IBM Corporation

RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

Compliance and Industry Regulations

Security Information Lifecycle

Best Practices for Choosing a Content Control Solution

AUTOMATING AUDITS AND ENSURING CONTINUOUS COMPLIANCE WITH ALGOSEC

Passing PCI Compliance How to Address the Application Security Mandates

plantemoran.com What School Personnel Administrators Need to know

Two Approaches to PCI-DSS Compliance

Symantec DLP Overview. Jonathan Jesse ITS Partners

How DataSunrise Helps to Comply with SOX, PCI DSS and HIPAA Requirements

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Compliance Management, made easy

Closing the Security Gap Extending Microsoft SharePoint, OCS, and Exchange to Support Secure File Transfer

Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems

Credit Cards and Oracle E-Business Suite Security and PCI Compliance Issues

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

Outbound Security and Content Compliance in Today s Enterprise, 2005

Protecting personally identifiable information: What data is at risk and what you can do about it

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

Making Your Network Safe

RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Online Lead Generation: Data Security Best Practices

Accepting Payment Cards and ecommerce Payments

Comodo MyDLP Software Version 2.0. Administration Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

ipatch System Manager - HIPAA Compliance

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

PCI DSS COMPLIANCE DATA

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

Transcription:

Using Data Loss Prevention for Financial Institutions Banks, Credit Unions, Payments How Data Loss Prevention (DLP) Technology can Protect Sensitive Company & Customer Information and Meet Compliance Requirements, PCI- DSS Disclaimer: This white paper is not intended to provide legal guidance for PCI-DSS, GLBA, SOX compliance. If you have questions about the meaning of particular provisions of these regulations, you should consult your attorney. The Somansa Data Loss Prevention product suite is a tool that people can use to help them comply with these requirements,

Financial service institutions worldwide chose Somansa to protect sensitive data and meet compliance requirements Somansa Data Loss Prevention solutions provide financial service institutions, banks/credit unions, investment firms, and credit card and payment companies the most comprehensive security solution to protect sensitive company and customer data including credit card and social security numbers while helping meet regulatory compliance requirements. The average cost of a corporate data breach increased 15 percent in the last year to $3.5 million. Ponemon Study, 2014 Somansa provides a complete Data Loss Prevention (DLP) solution to Discover, Monitor, and Protect Sensitive Data Monitor and Prevent sensitive company and customer data leakage through Network Protocols, Email, Webmail, FTP, Network Share and Removable Storage, USB, ipads, Printing, and Databases. Discover by scanning and locating sensitive data on endpoints, laptops, PCs, and servers based on pre-defined and customizable detection methods and polices. 20 million customer s data stolen from 3 credit card companies using USB devi ce. New York Times, 2014 Meet Regulatory Compliance and Audit requirements related to financial service institutions with Somansa Comply with PCI DSS, HIPAA, Sarbanes-Oxley (SOX), GLB, etc.

CONTENTS o Regulatory Compliance PCI- DSS Other Regulatory Compliance o Federal and States Governments laws and regulations to protect customers' personal data: Sarbanes Oxley, GLBA, CA-SB1386, CA-AB1950, FISMA o Data Loss Prevention Solution Protect Sensitive Company and Customer Data

Main PCI-DSS requirements Requirement 3: Protect Stored Data Requirement 7: Restrict access to cardholder data by business need to know Requirement 10: Track and monitor all access to network resources and cardholder data Identify sensitive company and customer data Where is the data located How is data used PCI DSS (version 2.0), mandates DLP data discovery functionality by stating that a merchant should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data. Enforce controls to protect the data. 1) Define PCI DSS policies 2) Remediation 3) Enforcement- after identifying policies and data location, enforce data protection 4) Reports Using Somansa DLP Data Discovery: - Run on storage and endpoints o Customer data including credit card and account numbers o Scan for inappropriately stored credit card and sensitive data on laptops, desktops, and servers Remediation: - Enforce policies to protect data

Data Protection and Compliance with Somansa Data Security As more corporate data and confidential information is being exchanged through the network via Email, IM, FTP, Databases, and stored/transferred to USB s and portable storage devices, the liabilities and amount of resources exhausted for financial institutions have also increased. Confidential and sensitive information leakage, meeting compliance regulations, penalties and legal lawsuits, and brand damage can all lead to financial and resource loss for organizations. Data loss, whether intentional or unintentional need to be addressed. Employee uses personal webmail (ie. Gmail, Yahoo) to send sensitive customer data from home to work Employee copies customers credit card numbers to USB/removable storage Posting confidential company information to social networking (ie. Facebook, Twitter) Somansa is an affordable and easy to use data security solution designed for organizations to meet regulatory compliance in the financial services industry such as PCI-DSS while protecting sensitive company and customer data. Somansa provides financial institutions with a complete data security solution that includes network and endpoint DLP features to Monitor, Protect, and Discover confidential and customer data. HOW IT WORKS Somansa Monitors, Discovers, and Prevents sensitive data in the company network

POLICY SETTINGS Based on defined policy rules, Somansa DLP monitors and detects sensitive company and customer data in motion (Network) or at rest (Endpoint). Policies can be defined according to Users/Departments, IP Addresses, Protocols, Keywords- Patterns related to specific industries or Compliance including: Data Monitoring Social Security Numbers Credit Card Numbers Medical Record Numbers ABA Bank Routing Numbers Document Matching (Hash) Monitor and Prevent Data Leakage through Network Protocols, Email, Webmail, FTP, Network Share and Removable Storage, USB, ipods, Printing, and Databases. Discover sensitive data on endpoints by scanning and locating data on desktops, laptops, servers based on pre-defined and customizable detection methods and polices.

NETWORK PROTOCOLS Somansa supports more messaging protocols than any other DLP product. DATABASE AUDIT & PROTECTION (DAP) Central Management: Supports various database platforms. Mirroring, In-line, or Proxy methods to monitor data. Monitor and Record: Monitor data from all access points to the database including Console Access, AP Server, and Query Tools. Security: Access and Change Control ID and Password validation, Policy Settings, User Audit, and Real-time Alerts and Reports. Plus, Data Masking (ie. credit card numbers)

DASHBOARD-REPORTING Somansa provides status user/event reports including audit trails.

Compliance Requirements PCI-DSS 3.1 Keep cardholder data storage to a minimum. Develop a data retention and disposal policy. Limit storage amount and retention time to that which is required for businesses, legal, and regulatory purposes, as documented in the data retention policy 3.2 Do not store sensitive authentication data subsequent to authorization. Sensitive authentication data includes the data as cited in the requirements 3.2.1 to 3.2.3 3.3 Mask the primary account number (PAN) when displayed (the first six and last four digits are the maximum number of digits to be displayed) 7.1 Limit access to system components and cardholder data ton only those individuals whose job requires such access. 7.2 Establish an access control system for systems components with multiple users that restricts access based on a user s need to know, and is set to deny all unless specifically allowed. 10 Track and monitor all access to network resources and cardholder data. Somansa DLP Solution Using Somansa Endpoint DLP functions to Monitor and Discover cardholder data stored on desktops, laptops, and servers that are in violation of the PCI data retention and disposal policy. Discover sensitive authentication data and take action using Somansa Endpoint DLP policy rules. Credit card numbers and other sensitive data can be masked using Somansa Database Audit & Protection solution based on user access through the policy rules function. Identify cardholder data stored in desktops, laptops, servers, and databases and enforce user rights to access the data with Somansa Endpoint DLP and Database policy rules. Restrict file access to specified users based on the type of information and enforce user rights to access the data with Somansa Endpoint DLP and Database policy rules. Based on policies rules, cardholder data including credit card numbers viewed or transferred via email, copied, FTP, print, etc. can be monitored with Somansa Network, Endpoint DLP and Database functions. Alerts and Reports are also provided for audits.

Over 1000 worldwide customers use Somansa After evaluating several other solutions, Center Bank selected Somansa to identify and protect confidential company and customer information. The majority of our customer and confidential company information is stored in electronic format, said Jae Choi, Director of IT for Center Bank. We needed a solution that would protect our data and meet compliance and regulatory rules. About Somansa Somansa is a global leader in Data Security and Compliance solutions designed to protect valuable company information from leakage and help meet regulatory compliance requirements. Using its advanced packet and protocol analysis technology, Somansa provides a total security solution to Monitor, Protect, and Discover sensitive company data in motion and at rest including network protocols, email, IM, FTP, endpoints such as USB and Database activity to meet regulatory compliance requirements while protecting valuable company information. www.somansatech.com For more information please contact: Tel: (408) 701-1302 Email: sales@somansatech.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information