SecurityMetrics Vision whitepaper



Similar documents
SecurityMetrics Introduction to PCI Compliance

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

Data Security for the Hospitality

PCI Compliance. Top 10 Questions & Answers

SecurityMetrics. PCI Starter Kit

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

PCI Compliance Top 10 Questions and Answers

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Achieving Compliance with the PCI Data Security Standard

Payment Card Industry Data Security Standards.

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

See page 16. Thomas A. Vallas

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

How To Protect Your Data From Being Stolen

PCI Compliance: Protection Against Data Breaches

Why Is Compliance with PCI DSS Important?

How To Protect Your Business From A Hacker Attack

Closing Wireless Loopholes for PCI Compliance and Security

PCI Compliance for Healthcare

White Paper. Guide to PCI Application Security Compliance for Merchants and Service Providers

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

PCI DSS COMPLIANCE DATA

GFI White Paper PCI-DSS compliance and GFI Software products

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

PCI Compliance: How to ensure customer cardholder data is handled with care

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.

PCI Data Security Standards (DSS)

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Passing PCI Compliance How to Address the Application Security Mandates

WhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program

PCI DSS Reporting WHITEPAPER

SECURING YOUR REMOTE DESKTOP CONNECTION

Kim Decarolis Compliance and Security Specialist (248) Mark Wayne Vice President Compliance and Security Specialist

PCI Data Security Standards

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

PCI Assessments 3.0 What Will the Future Bring? Matt Halbleib, SecurityMetrics

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS Overview and Solutions. Anwar McEntee

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Rational AppScan & Ounce Products

Don t Let Wireless Detour Your PCI Compliance

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

The Business Case for Security Information Management

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

PCI DSS 3.0 : THE CHANGES AND HOW THEY WILL EFFECT YOUR BUSINESS

PCI Compliance for Cloud Applications

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Frequently Asked Questions

External Scanning and Penetration Testing in PCI DSS 3.0. Gary Glover, Sr. Director of Security Assessments

PCI DSS 3.1 and the Impact on Wi-Fi Security

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

The Key to Secure Online Financial Transactions

PAI Secure Program Guide

PCI: The Dark Side. May 2012 Roanoke, VA

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Franchise Data Compromise Trends and Cardholder. December, 2010

New PCI Standards Enhance Security of Cardholder Data

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Bendigo and Adelaide Bank Ltd Security Incident Response Procedure

Sales Rep Frequently Asked Questions

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

PCI Compliance 3.1. About Us

Two Approaches to PCI-DSS Compliance

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Josiah Wilkinson Internal Security Assessor. Nationwide

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Give Vendors Access to the Data They Need NOT Access to Your Network

WHITEPAPER. Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Transcription:

SecurityMetrics Vision whitepaper 1

SecurityMetrics Vision: Network Threat Sensor for Small Businesses Small Businesses at Risk for Data Theft Small businesses are the primary target for card data theft, accounting for 85% of card data compromises*. Although less lucrative than individual large corporations, small businesses offer more opportunities for criminals to steal payment card data. Many small businesses overlook payment card security because it can be time consuming and expensive. The purpose of this paper is to inform merchants of threats facing small businesses and to introduce a network security solution called SecurityMetrics Vision. Varied Network Vulnerabilities Mainstream media rarely publicizes anything other than large-scale data breaches where millions of credit cards are stolen. This creates a deception that criminals do not target small businesses and decreases the urgency of merchants to implement network security. Because small businesses are at great risk for card data compromise, network security is essential. Consider the following: How many employees have access to read, write, or modify sensitive employee information or confidential business data on business computers? What controls are in place to protect sensitive customer information, employee information, or confidential business data? When and how often are employees given training to securely handle cardholder data? These questions only scratch the surface of security measures businesses should evaluate. Not effectively addressing important issues like these has led many businesses to card data compromise, fines and fees, and sometimes closure. * Visa/National Federation of Independent Business 2

System vulnerabilities come from many sources weak wireless security, an improperly configured firewall, or an unauthorized employee browsing confidential files. There are thousands of potential system weaknesses and ways criminals gain network access to retrieve payment card data. The following table lists some common methods criminals use to gain unauthorized access to networks. Threat Password Cracking SQL Injection Cross-site Scripting Man-in-the-Middle Attack Phishing Social Engineering Method Using password generators, criminals identify passwords from databases. Adding code to a web form to make data changes. Exploiting weak user input validation, criminals collect sensitive information such as login credentials. Intercepting communications between two parties usually between a website and the end user. Gathering sensitive information through apparently trustworthy sources via email. Contacting businesses directly to gather sensitive information that allows network access. The hacking community increases in numbers daily because these attacks are simple. Instructions to perform these and numerous other attacks are easily accessible online. Successful Compromise Prevention Businesses must understand that prevention of data theft is not a single action or step, but a series of actions and steps implemented daily. Important portions of these steps include monitoring for system threats and blocking unauthorized network communication. System Monitoring The following section provides four methods businesses can use to monitor for network security threats. Each method discusses sections of requirements from the Payment Card Industry (PCI) Data Security Standard (DSS). These PCI DSS requirements help merchants monitor for network weaknesses. 3

1. Monitor Computer Activity Like a security guard watches security cameras to search for criminal behavior, businesses need to monitor network computer activity for malicious actions. Monitoring network computer activity, also known as event log monitoring, is part of PCI DSS Requirement 10. By storing and monitoring system event logs, businesses discover possible abuses from employees such as data tampering. Most importantly, monitoring event logs provides warning against current hacks in a network. 2. Monitor Internal Network Weakness If an internal network is unsecure, it may be just as dangerous as an unsecured external network. Think of external and internal network security like a security guard who locks all the doors and windows leading into a building then manually checks the doors and locks inside the building. Internal network security checks for thousands of weaknesses on the inside of a business network that could result in compromise. Quarterly internal vulnerability assessment scans (PCI DSS Requirement 11) are required to check for these weaknesses. 3. Monitor Wireless Security In 2007, TJX Corporation experienced one of the largest hacks in history. The cause was an unsecured wireless network. Tracking wireless access points and testing wireless security on networks also fulfills PCI DSS Requirement 11 and reduces compromise. If wireless security measures such as secure encryption settings are not in place, criminals can more easily gain network access. 4. Blocking Unauthorized Network Communication In addition to network monitoring, restricting network communication to only those with permission is essential to prevent card data theft. Just as a lock prevents uninvited people from entering a house, your computer network needs locks that only allow passage to those with permission. PCI DSS Requirement 1, Install and maintain a firewall configuration, prevents unauthorized business network communication. 4

Network Security Options Research shows that 53% of small businesses do not secure their business networks because of the high cost in both time and money*. Additionally, SecurityMetrics has discovered many merchants find it difficult to implement monitoring and blocking network security solutions. Many available security solutions are designed for larger organizations and make implementation cumbersome for small businesses due to their size and noise level. Solutions are found in multiple products across the security industry making management difficult and purchasing expensive. For example, some security businesses specialize in firewalls, some specialize in wireless security, and others only offer PCI approved scans. SecurityMetrics Vision Because current network security solutions that address PCI DSS requirements 1, 10, and 11 are: Addressed with multiple products Not designed for small businesses Expensive Difficult to manage Time consuming SecurityMetrics created a tool for small businesses called SecurityMetrics Vision. It is small, quiet, installs inside business networks, addresses all of the three monitoring solutions listed above, and includes an industry-leading firewall at a quarter of the price merchants now pay to get similar features. SecurityMetrics Vision provides a solid foundation to help merchants comply with PCI DSS requirements 1, 10, and 11. The following table demonstrates how SecurityMetrics Vision addresses security issues these requirements answer. * Visa/National Cyber Security Alliance 5

Security Issue PCI Standard SecurityMetrics Vision Provides Block unauthorized network communication Discover malicious activity on an internal network Remain up to date with internal vulnerabilities that may allow compromise Detect rogue access points and weak wireless authentication/ encryption Requirement 1: Install and maintain a firewall configuration Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 11: Regularly test security systems and processes Requirement 11: Regularly test security systems and processes Industry-leading firewall/router Event log repository, log monitoring, threat notification Internal vulnerability scanning Wireless detection SecurityMetrics Vision: Above Base Security Requirements In addition to providing solutions to PCI DSS monitoring and firewall requirements, SecurityMetrics Vision includes other helpful tools for merchants to manage their network security and avoid card data theft. These additional tools are found in the table below. Additional Security Features Auto populate PCI Self Assessment Questionnaire (SAQ) Immediate threat notification Password strength analyzer Secure file transfer Vulnerability reports 24/7 technical support Benefits Save time with PCI validation Keep up to date with vulnerabilities Ensure passwords are unique and secure Ensure files aren t intercepted by a third party Make remediation as simple as possible with easy to read reports and recommendations Get help resolving discovered weaknesses 24/7, free 6

SecurityMetrics Vision is simple to install and maintain. SecurityMetrics Vision helps small businesses to: Achieve and maintain PCI DSS compliance with PCI requirements 1, 10, and 11 Detect security weaknesses inside networks with internal vulnerability scanning Discover malicious activity with computer event log storage and analysis Block unauthorized network communication with an industry leading firewall Locate rogue wireless devices with wireless security tools Keep informed of current threats with immediate online threat notification Avoid non-compliance fees by automating key PCI requirements Reduce risk of password cracking with a password strength analyzer Keep safe against new threats with constantly updating scan technology Understand how to resolve weaknesses with free, 24/7 technical support Conclusion Small businesses are targeted by criminals because many fail to secure and monitor their business network. Industry options to secure small business networks are expensive and difficult to implement. SecurityMetrics Vision is designed for small businesses. It protects networks by monitoring for threats and blocking unauthorized business network communication. SecurityMetrics Vision simplifies network security management and helps small businesses achieve and maintain PCI DSS compliance with key requirements, at an affordable price. 7 2011 SecurityMetrics

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information