PCI DSS Get Compliant, Stay Compliant Seminar
ValueSYS Solutions & Services Wael Hosny CEO ValueSYS Wael.hosny@valuesys.net Solutions you Need, with Quality you Deserve
Seminar Agenda Time 09:00 10:00 Topic Registration 10:00 10:30 ValueSYS: Welcome & Introduction 10:30 11:15 11:15 11:45 VISA: Account Information Security Program (AIS) ValueSYS: Ensuring Continuous Compliance with Tripwire 11:45 12:30 MSCC: Solutions & PCI DSS Coffee Break 3 01:00 02:00 PM ValueSYS: Solutions for Complying with PCI-DSS 02:00 03:00 PM Q&A Lunch
ValueSYS ValueSYS founded in 2001 to provide organizations with innovative and proven software solutions, as well as comprehensive consulting and technical support to help organizations achieve their business goals in Egypt and Middle East region. ValueSYS provides a full-range of solutions for the enterprise, including Business, Infrastructure and security Solutions. 300+ Corporate Customers ValueSYS Technology Partners 2001 SunSystems Partner 2004 SUSE Linux Gold Partner 2004 Novell Gold Partner Linux Specialist 2005 Novell VAD Distributor 2005 Red Hat Partner 2005 Kaspersky Business Partner 2006 Kaspersky VAD Distributor 2007 Juniper Partner 2007 Source Fire Distributor 2008 Tripwire Partner 2008 Citrix Solution Advisor 4
Enterprise Infrastructure & Security Solutions Internet Oracle RAC IP SAN (iscsi) Storage Proxy Directory DNS, DHCP FTP Database Cluster Web Server Cluster Windows, Mac and Linux users Network Services Admin Tools Server Consolidation Messaging & Collaboration Resource Management 5 Virtualization
Enterprise Infrastructure & Security Solutions Infrastructure Solutions Linux & Open Source SW Resource & PC Life Cycle Management Network Monitoring Messaging & Collaboration Identity Management Virtualization High Availability Web& Portal Development 6 Security Solutions Vulnerability Assessment UTM / NGFW IDS/IPS Anti-Virus & Anti-SPAM SIEM - Security Info. & Event Management LMI -Log Management Intelligence Configuration Audit & Control IT Compliance
ValueSYS Security Solutions & PCI DSS 7 Tripwire: configuration audit & control Sourcefire: Adaptive IPS Citrix: Application Delivery Infrastructure Kaspersky: Anti-virus & Anti-SPAM Juniper: New Generation Firewall
ValueSYS Security Solutions & PCI DSS 8 Tripwire: configuration audit & control Sourcefire: Adaptive IPS Citrix: Application Delivery Infrastructure Kaspersky: Anti-virus & Anti-SPAM Juniper: New Generation Firewall
Tripwire: configuration audit and control Configuration Assessment Change Auditing Proactively Assess & Validate Datacenter Configurations Rapidly Detect & Enforce Configuration Changes Configuration Audit & Control 9
Why Configuration Assessment Security Compliance Operational FISMA SOX Reduce Vulnerabilities Provide a Risk Profile Quantify risk based on prescriptive security benchmarks Having controls blocks 80 95% of vulnerabilities 10 Pass Audits Achieve and maintain continuous compliance Avoid fines and penalties Out-of-the-box policies based on regulatory standard Improve Availability Ensure performance of business-critical services Reduce unplanned work and MTTR Reducing business risk through automation
PCI DSS Requirements and Tripwire Tripwire software and services solutions help enable compliance with numerous sections in eleven of the twelve PCI DSS requirements: PCI REQUIREMENT 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters 3. Protect Stored Data 4. Encrypt transmission of cardholder data across open, public networks 5. Use and regularly update anti-virus software or programs 6. Develop and maintain secure systems and applications 7. Restrict access to cardholder data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes N/A 12. Maintain a policy that addresses information security for employees and contractors 11
Sample of Tripwire s 6,000+ Customers FINANCIAL SERVICES MANUFACTURI NG RETAIL & HOSPITALITY 12 COMMUNICATIO NS GOVERNME NT EDUCATIO N
ValueSYS Security Solutions & PCI DSS 13 Tripwire: configuration audit & control Sourcefire: Adaptive IPS Citrix: Application Delivery Infrastructure Kaspersky: Anti-virus & Anti-SPAM Juniper: New Generation Firewall
ValueSYS Security Solutions & PCI DSS 14 Tripwire: configuration audit & control Sourcefire: Adaptive IPS Citrix: Application Delivery Infrastructure Kaspersky: Anti-virus & Anti-SPAM Juniper: New Generation Firewall
FACT: Sourcefire has been depicted by Gartner as the most visionary leader in Gartner s IPS Magic Quadrant since 2006! 15
The Sourcefire: Unifies Security Through Intelligence Intrusion Prevention Vulnerability Assessment Network Behavior Analysis (NBA) Network Access Control (NAC) T g Tuning Adaptive IPS 16
PCI DSS Requirements and Sourcefire PCI REQUIREMENT 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters 3. Protect Stored Data 4. Encrypt transmission of cardholder data across open, public networks 5. Use and regularly update anti-virus software or programs 6. Develop and maintain secure systems and applications 7. Restrict access to cardholder data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes 12. Maintain a policy that addresses information security for employees and contractors 17
ValueSYS Security Solutions & PCI DSS 18 Tripwire: configuration audit & control Sourcefire: Adaptive IPS Citrix: Application Delivery Infrastructure Kaspersky: Anti-virus & Anti-SPAM Juniper: New Generation Firewall
ValueSYS Security Solutions & PCI DSS 19 Tripwire: configuration audit & control Sourcefire: Adaptive IPS Citrix: Application Delivery Infrastructure Kaspersky: Anti-virus & Anti-SPAM Juniper: New Generation Firewall
Magic Quadrant for Application Delivery Products, 2007 Source: Gartner (January 2007) 20
End-to-End Application Delivery Infrastructure Sense and respond to change Control & deliver desktops deployed in the datacenter 21 Control & deliver Windows apps Control & deliver Web apps Control app workloads on physical and virtual servers
End-to-End Application Delivery Infrastructure Workflow Studio XenApp XenServer XenDesktop NetScaler 22
PCI DSS Requirements and Citrix PCI REQUIREMENT 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters 3. Protect Stored Data 4. Encrypt transmission of cardholder data across open, public networks 5. Use and regularly update anti-virus software or programs 6. Develop and maintain secure systems and applications 7. Restrict access to cardholder data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes 12. Maintain a policy that addresses information security for employees and contractors 23
ValueSYS Security Solutions & PCI DSS 24 Tripwire: configuration audit & control Sourcefire: Adaptive IPS Citrix: Application Delivery Infrastructure Kaspersky: Anti-virus & Anti-SPAM Juniper: New Generation Firewall
ValueSYS Security Solutions & PCI DSS 25 Tripwire: configuration audit & control Sourcefire: Adaptive IPS Citrix: Application Delivery Infrastructure Kaspersky: Anti-virus & Anti-SPAM Juniper: New Generation Firewall
Kaspersky Technologies Highest detection rate of known malware; Fastest speed of response to new malware threats; Most frequent signature database updates; Effective proactive technologies; Best-of-class spyware protection; Comprehensive Host Intrusion Prevention System; Antispam: Urgent Detection System. Best Detection Quality combined with minimal false alarms! 26
27
Triple Protection concept of new versions personal products 1 2 3 3 28
ValueSYS Security Solutions & PCI DSS 29 Tripwire: configuration audit & control Sourcefire: Adaptive IPS Citrix: Application Delivery Infrastructure Kaspersky: Anti-virus & Anti-SPAM Juniper: New Generation Firewall
Magic Quadrant for Enterprise Network Firewalls, 2H07 30 Source: Gartner (September 2007)
Secure Service Gateway Family Secure Services Gateway (SSG) family SSG 5 integrates proven security of ScreenOS SSG 20 and WAN connectivity to deliver secured and assured networking SSG 140 New levels of price/performance and SSG 320M I/O flexibility SSG 350M Unified Threat Management features complement FW, IPSec VPN Ideal small to medium stand alone business / branch office offerings SSG 520M Can be deployed as a traditional Firewall, as a Site-to-Site VPN and as a Security Router 31 SSG 550M
Unified Threat Management (UTM) Features Stop Common and Emerging Threats Inbound Threats IPS Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Recon, Scans Web Filtering AV Anti Spam Core Security 32 Outbound Threats Juniper IDP detects/stops Worms, Trojans SurfControl to block to Spyware / Phishing / Unapproved Site Access Kaspersky Lab AV stops Viruses, file-based Trojans, Spyware, Adware, Keyloggers Kaspersky Lab AV stops Viruses, file-based Trojans or spread of Spyware, Adware, Keyloggers Symantec stops Spam / Phishing Juniper Stateful Firewall, VPN, Access Control Juniper Stateful Firewall, VPN, Access Control
Thank You Wael Hosny CEO ValueSYS Wael.hosny@valuesys.net Solutions you need, with quality you deserve
Seminar Agenda Time 09:00 10:00 Topic Registration 10:30 10:30 ValueSYS: Welcome & Introduction 10:30 11:15 11:15 11:45 VISA: Account Information Security Program (AIS) ValueSYS: Ensuring Continuous Compliance with Tripwire 11:45 12:30 MSCC: Solutions & PCI DSS Coffee Break 34 01:00 02:00 PM ValueSYS: Solutions for Complying with PCI-DSS 02:00 03:00 PM Q&A Lunch