Payment Card Industry Data Security Standard



Similar documents
North American Electric Reliability Corporation (NERC) Cyber Security Standard

The Impact of HIPAA and HITECH

Cisco Advanced Services for Network Security

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Managed Security Services D e l i vering real-time protection to help organizations st r e n g t h e n their security posture in the face of today s

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

PCI Compliance for Cloud Applications

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Managed Security Services for Data

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

Injazat s Managed Services Portfolio

How To Achieve Pca Compliance With Redhat Enterprise Linux

PCI Data Security Standards (DSS)

INFORMATION PROTECTED

How To Protect Your Network From Attack From A Network Security Threat

Symantec Messaging Gateway powered by Brightmail

Symantec Protection Suite Small Business Edition A simple, effective and affordable solution designed for small businesses

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

PCI Requirements Coverage Summary Table

Symantec Mobile Security

Current IBAT Endorsed Services

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Caretower s SIEM Managed Security Services

March

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

PCI Requirements Coverage Summary Table

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Overcoming PCI Compliance Challenges

Symantec Mobile Management 7.2

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

8 Key Requirements of an IT Governance, Risk and Compliance Solution

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Symantec Protection Suite Add-On for Hosted and Web Security

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

SANS Top 20 Critical Controls for Effective Cyber Defense

Symantec Mobile Management 7.1

Clavister InSight TM. Protecting Values

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Preemptive security solutions for healthcare

Symantec Messaging Gateway 10.6

Security. Security consulting and Integration: Definition and Deliverables. Introduction

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Symantec Messaging Gateway 10.5

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

LogRhythm and PCI Compliance

Cyber Security Services: Data Loss Prevention Monitoring Overview

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Symantec Mobile Management 7.1

Josiah Wilkinson Internal Security Assessor. Nationwide

Clean VPN Approach to Secure Remote Access for the SMB

Symantec ServiceDesk 7.1

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

PCI Compliance. Top 10 Questions & Answers

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Solution Brief: Enterprise Security

PCI Solution for Retail: Addressing Compliance and Security Best Practices

IBM Global Technology Services Preemptive security products and services

Achieving Compliance with the PCI Data Security Standard

Leveraging a Maturity Model to Achieve Proactive Compliance

Did you know your security solution can help with PCI compliance too?

Small and Midsize Business Protection Guide

Click&DECiDE s PCI DSS Version 1.2 Compliance Suite Nerys Grivolas The V ersatile BI S o l uti on!

PCI DSS Reporting WHITEPAPER

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

2012 Endpoint Security Best Practices Survey

PCI Security Compliance

Symantec Control Compliance Suite. Overview

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

IBM Internet Security Systems products and services

Franchise Data Compromise Trends and Cardholder. December, 2010

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

TRIPWIRE NERC SOLUTION SUITE

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Boosting enterprise security with integrated log management

Need to be PCI DSS compliant and reduce the risk of fraud?

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

How To Secure Your Store Data With Fortinet

Symantec Enterprise Vault for Lotus Domino

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Avoiding the Top 5 Vulnerability Management Mistakes

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

Alcatel-Lucent Services

IT Security & Compliance. On Time. On Budget. On Demand.

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Meeting PCI Data Security Standards with

Transcription:

Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security measures on a global basis and to counter increasing levels of payment card fraud. It prescribes over 290 technical controls, rolling up to 12 requirements, that must be proven to be in place in order to achieve compliance. Although compliance is no guarantee of security, without these basic measures in place an organization is at far greater risk of a breach. More importantly, non-compliance can mean penalties such as fines, increased per-transaction fees, and ultimately losing the ability to accept and process payment cards. Demonstrating compliance with PCI DSS can be a time-consuming and costly process. The requirements are far-reaching and detailed, encompassing an organization's infrastructure and call for cooperation between security, operations, and IT teams. The sheer volume of data, disparate log repositories, broken or inefficient processes, and limited internal expertise to dedicate to audit preparation are amongst the biggest challenges. Symantec Managed Security Services Solutions for PCI DSS Symantec Managed Security Services provides acquirers, merchants and service providers with comprehensive services to meet the PCI standard, identify and reduce overall risk associated with payment card processing, and ensure a more resilient infrastructure. This integrated approach allows organizations to achieve compliance as an output of good security practice without additional burden on security staff. By partnering with Symantec Managed Security Services as their independent, remote security team, acquirers, merchants and service providers can leverage Symantec s global network of Security Operation Centers (SOCs), security experts, best practices, information correlation capabilities, and global intelligence to protect cardholder data and the cardholder data environment. Symantec Managed Security Solutions can help address these most pressing compliance and security needs: Protect against real-time threats in a fast-changing threat environment Improve the overall security posture to reduce the risk of compromise Reduce the security data management and audit burden with centralized log collection, retention, and compliance-specific reporting, creating an enterprise-wide common view of activity Gain control of security expenses with manageable, budgeted costs Eliminate the pressure and difficulty of finding, training, and retaining knowledgeable security personnel Demonstrate PCI DSS compliance with standard requirements to avoid potential penalties and increased industry scrutiny Lower total cost of ownership by addressing multiple regulatory, compliance management, and monitoring requirements, as well as internal policies 1

Providing effective security protection for acquirers, merchants, and service providers requires powerful technology, accurate threat intelligence, proven processes, and experienced professionals. Symantec brings all of this together as an acknowledged industry-leading Managed Security Service Provider (MSSP). Symantec is staffed with 100 percent Global Information Assurance Certification (GIAC) certified analysts and the Security Operations Centers hold both the SAS70 Type II attestation and ISO27001 certification, which testify to our world-class service delivery. With an integrated approach to security and compliance, Symantec enables organizations to proactively protect information, rapidly respond to threats, automate compliance processes, and reduce costs. Customers benefit from easier management of compliance technologies, reduced impact of audit requests, and reduced exposure to security and compliance risk. Meeting the 12 PCI DSS Requirements Symantec Managed Security Services help you quickly and consistently meet the requirements of the PCI DSS and functions across all 12 requirements of the PCI standard to protect sensitive cardholder data from perimeter to endpoint, on and off the network. Requirement 1: Install and maintain a firewall configuration to protect cardholder data Managed Protection Services provide expertise to help secure and manage security architectures by remotely delivered change, lifecycle, and incident/fault management. Included are approval and validation of customer-requested configuration changes to firewalls and UTMs, intrusion detection/prevention devices, endpoint security infrastructure, and critical server protection in accordance with customer policies and Symantec best practices. Symantec Managed Security Services: Managed Protection Services Requirement 2: Do not t use vendor supplied defaults for system passwords and other security parameters Vulnerability Management Services thoroughly scan your network for potential vulnerabilities, such as un-patched systems or improper settings, and have the results automatically sent to the Managed Security Services SOC for inclusion in security analysis. Additionally, you can leverage Symantec experts and Managed Protection Services to manage your security infrastructure according to best practice standards. This includes security protection infrastructure hardening (secure passwords, port blocking, services removal, etc.), rule efficacy checking, and configuration management to ensure optimum security protection. Symantec Managed Security Services: Vulnerability Management Services, Managed Protection Services Requirement 3: Protect stored cardholder data Symantec products help safeguard sensitive data and minimize performance impact with intelligent archiving, data loss prevention, endpoint access control, and encryption technologies. Symantec Managed Security Services operates facilities according to the framework of ISO27001 and SAS70 Type II controls, and subject to independent audit. 2

Requirement 4: Encrypt t transmission of cardholder data across open, public networks Security Monitoring Services provide monitoring and exception alerting for gateway devices (mail appliances, web proxies, and web gateways), firewalls, web application firewalls, network behavior analysis devices, switches, and routers that all can participate in ensuring secure communication/transmission of cardholder data. Managed Protection Services including Managed Firewall Protection, Managed IDP Protection, and Managed Endpoint Protection provide policy implementation and content filter management to help enforce compliance-related data and traffic encryption requirements. Symantec Managed Security Services: Security Monitoring Services, Managed Protection Services Requirement 5: Use and regularly update antivirus software Security Monitoring Services help you maintain the highest level of threat protection by monitoring your environment in realtime and helping you ensure the efficacy of your security protections. Rapid, automated prioritization and remediation reduces the impact of security incidents. Symantec DeepSight Early Warning Services provide global threat and vulnerability intelligence based on the Symantec Global Information Network. Symantec Managed Endpoint Protection protects data from threats by transferring management of the endpoint protection solution to experienced Symantec security experts under strict SLAs. The remotely delivered Managed Endpoint Protection provides comprehensive end-to-end management of the endpoint protection infrastructure to detect, remove, and protect against other forms of malicious software, including spyware and adware. Symantec Managed Security Services: Security Monitoring Services, Early Warning Services, Managed Protection Services Requirement 6: Develop and maintain secure systems and applications Symantec Managed Security Services use consistent management procedures and best practices to protect information. Managed Endpoint Protection Services provide expertise to help secure and manage security architectures by remotely delivered change, lifecycle, and incident/fault management for network security infrastructure. Real-time monitoring of systems and applications ensures that proper security management controls are in place to make sure that the cardholder data environment is protected in support of PCI standards. Early Warning Services maintain comprehensive databases of vulnerabilities, malicious code, security risks, exposures, malicious IP addresses. Symantec Managed Security Services analyst teams use this information to develop alerts, analysis and remediation recommendations for infrastructure monitored by Symantec Security Monitoring Services and managed by Managed Protection Services. With personalized notification triggers and expert analysis, Early Warning Services enable organizations to identify potentially exploitable security vulnerabilities, protect critical information assets against potential attacks, mitigate threats, and remove security risks. Symantec Security Monitoring Services can provide web application firewall monitoring to help ensure the effectiveness of web application protections. Symantec Vulnerability Management Services enable you to easily identify and remediate vulnerable hosts and network components. 3

Symantec Managed Security Services: Security Monitoring Services, Vulnerability Management Services, Early Warning Services, Managed Protection Services Requirement 7: Restrict access to cardholder data by business need-to-know Security Monitoring Services provide an organizational hierarchy feature within the portal that provides access to event logs and incident details in a secure, organizationally-partitioned manner. This ensures access to security data by properly authorized security personnel only. To help meet this requirement,use: Symantec Managed Security Services: Security Monitoring Services Requirement 8: Assign a unique ID to each person with computer access Security Monitoring Services help ensure access control and data integrity with ongoing network, operating system, and application log monitoring as well as automated alerts to policy violations. In addition, authorized users access the Managed Security Services portal with two-factor strong authentication. Policy configuration and management for file, application, and device access, file integrity monitoring and activity reporting (daily summary) are included with Managed Protection Services. Symantec Managed Security Services: Security Monitoring Services, Managed Protection Services Requirement 9: Restrict physical access to cardholder data Symantec Managed Security Services provide a mature approach to physical security on a global basis, with strong security controls implemented at all SOCs. All Symantec best practices and methodologies have been audited against the ISO27001 criterion to protect the cardholder data environment monitored by Symantec Managed Security Services. To ensure a physically secure environment, Managed Security Services SOCs provide two-factor authentication into the facility, including biometric authentication. In addition, SOCs undergo regular on-site security reviews complemented by continual physical and wireless network access monitoring. Requirement 10: Track and monitor all access to network resources and cardholder data Security Monitoring Services provide enterprise-wide log retention and real-time security monitoring of networks and security infrastructures, for the purpose of protecting information assets and demonstrating compliance with industry regulations. Symantec Security Monitoring Services provide the operational foundation for the ongoing monitoring of the security perimeter (VPNs, modems, and dial-up concentrators). Managed Security Services provide the secure management of these devices, delivering immediate notification of security incidents, policy exceptions, and access violations of monitored devices. In addition, Managed Security Services provide both reporting and evidentiary data to support audits, with the ability of the SOC to verify the access controls on managed devices. Managed Security Services continuously monitor, collect and analyze log data, correlating incidents and threats across your environment to find root cause and measure impact. Symantec retains logs for a minimum of three months online and one year offline. Symantec Managed Protection Services can configure customer policies to enable logs/alerts on data and network activity involving cardholder data. Symantec Managed Security Services: Security Monitoring Services, Managed Protection Services 4

Requirement 11: Regularly test t security systems and processes Frequently test your environment for vulnerabilities using automation tools and certified assessment services. Symantec Managed Security Services provide a mature approach to business continuity and disaster recovery on a global basis, delivering built-in system redundancy to ensure that data is available when and where it is needed. This includes failover to a U.S.-based data center, as well as across multiple SOCs worldwide. Symantec Vulnerability Management Service provide customers with the ability to remotely conduct vulnerability scans and automatically upload resultant scan data and then correlate it with other security incident analysis data. Symantec Managed Protection Services provide health monitoring for security protection infrastructure and alert on failed protections. Symantec Managed Security Services: Vulnerability Management Services Requirement 12: Maintain a policy that addresses information security Security Monitoring Services provide an integrated, central log retention repository to allow enterprise-wide consolidation of security information and compliance reporting. Through the secure web portal, authorized users can view the organization s security posture and gain a deeper perspective on how to mitigate risks in the global threat landscape. Users can access at-aglance summary pages, information on critical emerging threats and vulnerabilities, and recommendations on how to respond to security incidents and threats to an organization s network. This allows you to maintain a holistic view of your compliance posture to support reviews and audits. With Symantec Managed Protection Services, security infrastructure is managed to Symantec best-practice standards and in accordance with organization policy. Symantec Managed Security Services: Security Monitoring Services, Managed Protection Services 5

Twelve PCI DSS Requirements and Symantec Managed Security Services Symantec Managed Security Services Symantec Managed Security Services provide trusted solutions to identify and manage data security risks for merchants and service providers that manage cardholder data. By partnering with Symantec Managed Security Services as their remote security team, organizations can leverage Symantec s global network of SOCs, security experts, best practices, correlation capabilities, and intelligence to protect their IT assets, people, and information in a rapidly evolving threat environment. 6

Complementary Symantec Products and Services Symantec offers an extensive portfolio of security products and services to enhance security protection and address additional PCI DSS requirements, including: Symantec Data Loss Protection Simplifies the detection and protection of enterprise information Symantec Control Compliance Suite Manage all aspects of IT risk and compliance at lower levels of cost and complexity Symantec Critical System Protection Monitor and prevent malicious host activities to preserve system integrity and performance Symantec Protection Center Unifies information security management across systems, networks, and data to effectively protect against the inherent risks in today s IT infrastructures Symantec Education Services Extensive curriculum covering security awareness, security policies, and best practices Symantec Security Information Manager Enables a documented, repeatable process for security threat response and IT policy compliance via integrated log management and incident response solutions Symantec Endpoint Protection Advanced threat prevention to deliver an unmatched defense against malware for laptops, desktops, and servers in both physical and virtual environments Symantec NetBackup Provides the ability to protect completely, store efficiently, recover anywhere, find easily and manage centrally 7

More Information Visit our website http://enterprise.symantec.com To speak with a Product Specialist in the U.S. Call toll-free 1 (800) 745 6054 To speak with a Product Specialist outside the U.S. For specific country offices and contact numbers, please visit our website. About Symantec Symantec is a global leader in providing security, storage, and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. Headquartered in Mountain View, Calif., Symantec has operations in 40 countries. More information is available at www.symantec.com. Symantec World Headquarters 350 Ellis St. Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com Copyright 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 20051657-2 02/12 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information