DataStealth and your PCI-DSS audit



Similar documents
A PCI Journey with Wichita State University

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

PCI Compliance for Healthcare

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

PCI DSS 3.1 and the Impact on Wi-Fi Security

PCI Compliance: How to ensure customer cardholder data is handled with care

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor January 23, 2014

Click&DECiDE s PCI DSS Version 1.2 Compliance Suite Nerys Grivolas The V ersatile BI S o l uti on!

Payment Card Industry Data Security Standard

PCI Security Compliance

Is the PCI Data Security Standard Enough?

PCI DSS COMPLIANCE DATA

WHITEPAPER. Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

PCI Data Security Standards (DSS)

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

How To Protect Your Credit Card Information From Being Stolen

SecurityMetrics Introduction to PCI Compliance

Passing PCI Compliance How to Address the Application Security Mandates

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

Payment Card Industry Data Security Standards.

How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism

Two Approaches to PCI-DSS Compliance

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

Version 7.4 & higher is Critical for all Customers Processing Credit Cards!

PCI Compliance. Top 10 Questions & Answers

Give Vendors Access to the Data They Need NOT Access to Your Network

File Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions

White Paper: Are there Payment Threats Lurking in Your Hospital?

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

Project Title slide Project: PCI. Are You At Risk?

Achieving Compliance with the PCI Data Security Standard

How To Protect Your Business From A Hacker Attack

PCI Compliance Updates

INFORMATION SUPPLEMENT. Migrating from SSL and Early TLS. Version 1.0 Date: April 2015 Author: PCI Security Standards Council

Credit Card & echeck Processing

The PCI DSS Compliance Guide For Small Business

Closing Wireless Loopholes for PCI Compliance and Security

Application Delivery in PCI DSS Compliant Environments

Need to be PCI DSS compliant and reduce the risk of fraud?

Security. Tiffany Trent-Abram VP, Global Product Management. November 6 th, One Connection - A World of Opportunities

Kim Decarolis Compliance and Security Specialist (248) Mark Wayne Vice President Compliance and Security Specialist

PCI Security Standards Council

SecurityMetrics. PCI Starter Kit

PCI Compliance Top 10 Questions and Answers

University Policy Accepting Credit Cards to Conduct University Business

How To Protect Your Data From Being Stolen

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Security Features of SellerDeck Web Sites

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

PAI Secure Program Guide

PCI Compliance Overview

White Paper September 2013 By Peer1 and CompliancePoint PCI DSS Compliance Clarity Out of Complexity

PCI Compliance for Cloud Applications

Josiah Wilkinson Internal Security Assessor. Nationwide

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

Implementation Guide

PCI Compliance 3.1. About Us

Complying with Payment Card Industry (PCI-DSS) Requirements with DataStax and Vormetric

The Value of a Payment Gateway. White Paper

See page 16. Thomas A. Vallas

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper Executive Director, Product Development

What Do You Mean My Cloud Data Isn t Secure?

How To Protect A Web Application From Attack From A Trusted Environment

/ BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE. By Melbourne IT Enterprise Services

Using Skybox Solutions to Achieve PCI Compliance

Transcription:

Because Intruders Cannot Steal What Is Not There DataStealth and your PCI-DSS audit Datex Inc. 2333 North Sheridan Way Suite 200 Mississauga ON L5K 1A7 +1-855-55-DATEX www.datexdatastealth.com

Executive Summary Payment Card Industry (PCI) Data Security Standard (DSS) compliance audits are expensive and expansive. These audits require time, resources, capital, and potentially large amounts of remediation. And they are required annually by all organizations that store, process or transmit credit cards. There is good news; As an industry, compliance rates are going up. But there is also bad news; The ability of organizations to sustain compliance is going down. The 2015 Verizon PCI Compliance Report stated that 93.8 % of companies are validated as compliant during their PCI assessment, however, 80% of these organizations fail to sustain the security controls that they put in place to maintain their compliance between annual audits. Intruders know this, and the number of security breaches keeps going up each year as intruders find more ways to monetize stolen payment card information. Complicating matters, the threat landscape is changing at unprecedented speed. Newer vulnerabilities such as Poodle, Logjam and Heartbleed are surfacing at an alarming rate. Being compliant yesterday does not mean that you are compliant today. Not being compliant with the PCI-DSS standard, aside from risking your organizations ability to accept payment cards as a method of payment, is a clear sign that your infrastructure is susceptible to vulnerabilities. The responsibility for ensuring that an organization is not breached has worked its way all the up to the CEO office and to the Board of Directors, and executives are being held to the highest standard. This was evidenced by the departure of two high profile CEOs following the breach of their respective organizations; a significant retailer that had 70 million payment cards stolen, and a government agency after what has been described as one of the largest breaches of government data in history. Organizations that have suffered a breach have seen their loyal customers leave, their revenues eroded, and their share prices fall, not to mention the actual hard and soft costs of the breach. All of these outcomes have had catastrophic effects on the financial health and shareholder value of these organizations. DataStealth has taken a completely different approach to solving this challenge. DataStealth removes payment card information entirely from your organization s network, both in transit, and at rest. In the event of a breach, whether external or internal in nature, there is no payment card information in your network. With DataStealth, intruders cannot steal what is not there. 01

The traditional approach It has been said that it is not a matter of if your network will be breached, but rather when your network will be breached. Intruders will gain access to your network. User credentials will be compromised. Employees will make mistakes. And when any of these occurrences happen, your payment card information is no longer private and secure. Virtually all traditional data security solutions attempt to prevent intruders from gaining access to our network in one way or another. Common approaches to solving the challenge include: Perimeter and endpoint protection Access controls including strong passwords Intrusion detection Logging, monitoring, patching, and maintaining Employee training Encryption and tokenization All of these approaches have inherent weaknesses and significant implementation efforts including; Infrastructure changes Application and code development Resource requirements to manage change, operation and support Encryption key management It is clear that the traditional approach is no longer working. One of the biggest reasons for PCI-DSS releasing a new standard just 3 months after the last major release was due to a recently discovered vulnerability in the secure socket layer (SSL) technology that is used to protect the majority of website security. All versions of SSL have been deemed to be weak encryption. Early versions of TLS have suffered the same fate. Many applications, both commercial and proprietary, will require significant heavy lifting just to get them ready for the next annual audit. Albert Einstein once said Doing the same thing over and over, and expecting a different result, is the definition of insanity. A new and different solution is required. Enter DataStealth. 02

DataStealth in a PCI Environment Imagine what would happen if your network was breached, but there was no payment card information anywhere inside your network to steal. Welcome to DataStealth. DataStealth is a paradigm-changing technology that will significantly reduce the scope of your PCI audit by completely removing payment card information from your network, both in transit, and at rest. As a matter of fact, we remove the entire Cardholder Data Environment (CDE) as well. The implementation is stunningly simple. DataStealth sits between your users and your network. It inspects network traffic, looking for PCI (Payment Card Information) data. It doesn t matter if the data is flowing in real-time or in a batch, HTTP(S) or (S)FTP, unstructured data or inside a document, DataStealth will find it. Once identified in the network traffic, DataStealth extracts the PCI data on the fly, in real-time. It then replaces the original data with a smart substitute, one that will not break the underlying applications or integrations. Lastly, once removed, the PCI data that was removed is stored in a way that is computationally infeasible to breach. The only PCI data that traverses your network, is used by your applications, and is stored in your primary and other databases, is the substitute data. PCI data never touches your network. NEVER. DataStealth uplifts the security on all of your web assets to the most current standards from NIST, CIS, and PCI-DSS 3.1. With DataStealth in front of your websites, you are no longer susceptible to vulnerabilities such as Poodle, Logjam and Heartbleed, which are surfacing at an alarming rate. At Datex, we recognize the challenge of building and sustaining a PCI Compliant network. We also realize that getting PCI Compliance is only the first step to securing your entire network. It is a great place to start. But the end of the day, if your network were to be breached, whether by an external or internal source, with DataStealth the data is just not there. Intruders cannot steal what is not there. DataStealth is a simple plug and play solution that just works. Plug it in. Power it on. Your PCI-DSS problems are gone! 03

Myths about PCI-DSS PCI Compliance is the law. PCI Compliance is not the law. It is mandated by the PCI Council, which was created by the major card brands, Visa, Mastercard, and American Express, in an attempt to stop payment card fraud. The PCI Council has the power to levy sanctions on non-compliant merchants ranging from fines, to holding merchants responsible for fraud losses, to having merchant accounts suspended. Compliance and Security are the same thing. Not true. Being PCI compliant does not equate to having a secure payment network. According to insiders, most if not all of the larger retail organizations that have been breached in the recent past were PCI Compliant at the time of their breach. PCI Compliance is designed to be best practices and to force organizations to be proactive when it comes to securing payment card information. I passed my audit. I am secure. Just because you are validated as being compliant, does not ensure that there were unidentified areas of non-compliance. And it certainly does not ensure your sustained compliance going forward. Nobody can state with any degree of certainty that a breach cannot occur. I have not been breached. I don t have to worry. James Carney, Director of the FBI stated recently There are only two kinds of companies. Those who have been hacked, and those who don t know they have been hacked. Not being breached just proves that you are unaware if you have been breached. Nothing more. 04

DataStealth is different With DataStealth there is: No hardware or software to install No changes required to applications or user behaviour No encryption keys to manage No databases, agents, browser plugins or APIs to install The best part about DataStealth in a PCI environment is that payment card information, although nowhere in your infrastructure, remains 100% available and useable to authorized users without any changes to existing processes or applications. DataStealth is 100% transparent to both users and to the underlying applications and infrastructure. At the end of the day, if your network were to be breached, whether by an external or internal source, with DataStealth the data is just not there. Intruders cannot steal what is not there. Plug it in. Power it on. And say goodbye to long, expensive and time consuming PCI Compliance audits. Contact Us w. www.datexdatastealth.com p. +1.855.55.DATEX e. info@datex.ca 05

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information