Do My Security Controls Achieve Wireless PCI DSS?



Similar documents
Do My Security Controls Achieve Wireless PCI DSS?

Wireless Security Strategies for ac and the Internet of Things

PCI DSS 3.1 and the Impact on Wi-Fi Security

PCI Wireless Compliance with AirTight WIPS

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Experience-Defined Wi-Fi for Restaurants

Wireless (In)Security Trends in the Enterprise

Windows 7 Virtual Wi-Fi: The Easiest Way to Install a Rogue AP on Your Corporate Network

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard

Payment Card Industry (PCI) Data Security Standard (DSS) Motorola PCI Security Assessment

Closing Wireless Loopholes for PCI Compliance and Security

Anonymous Visibility and Association Analytics for Retail W-Fi

Don t Let Wireless Detour Your PCI Compliance

How To Secure Your Store Data With Fortinet

PCI DSS Top 10 Reports March 2011

PCI Solution for Retail: Addressing Compliance and Security Best Practices

PCI DSS Reporting WHITEPAPER

WHITE PAPER. Preventing Wireless Data Breaches in Retail

PCI DSS Compliance White Paper

A I R T I G H T N E T W O R K S W H I T E P A P E R

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

All You Wanted to Know About WiFi Rogue Access Points

$ Drive awareness and increase participation. National account program. Flexible managed Security Solutions for hospitality

WLAN Security Why Your Firewall, VPN, and IEEE i Aren t Enough to Protect Your Network

The PCI Dilemma. COPYRIGHT TecForte

PCI Compliance: How to ensure customer cardholder data is handled with care

White Paper. Retail Made Personal. Make the shopping experience personal, relevant, and profitable

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

PCI White Paper Series. Compliance driven security

The digital future for retail, hospitality and travel.

A strategic approach to fraud

PCI v2.0 Compliance for Wireless LAN

PCI DSS READINESS AND RESPONSE

#ITtrends #ITTRENDS SYMANTEC VISION

PCI Compliance: Improve Payment Security

Conquering PCI DSS Compliance

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Using AirWave RAPIDS Rogue Detection to Implement Your Wireless Security and PCI Compliance Strategy

Tackling 4 of the Top Challenges in ecommerce

How To Buy Nitro Security

Vulnerability Assessment and Penetration Testing Across the Enterprise:

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

AirTight C-55 Access Point

SmartLink HEARTLAND PAYMENT SYSTEMS

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

White Paper: Are there Payment Threats Lurking in Your Hospital?

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Nine Steps to Smart Security for Small Businesses

Sarbanes-Oxley Compliance and Wireless LAN Security

Cloud Computing and Mobility

Wireless Local Area Network Deployment and Security Practices

WHITE PAPER. WEP Cloaking for Legacy Encryption Protection

How To Protect Your Restaurant From A Data Security Breach

Boosting enterprise security with integrated log management

Privilege Gone Wild: The State of Privileged Account Management in 2015

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Protect Data. Secure Business.

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS COMPLIANCE DATA

Privilege Gone Wild: The State of Privileged Account Management in 2015

WE THRIVE ON YOUR SUCCESS

THE VX 9000: THE WORLD S FIRST SCALABLE, VIRTUALIZED WLAN CONTROLLER BRINGS A NEW LEVEL OF SCALABILITY, COST-EFFICIENCY AND RELIABILITY TO THE WLAN

How To Test For Security On A Network Without Being Hacked

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

What s New in PCI DSS Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

How To Manage Log Management

Maintaining Strong Security and PCI DSS Compliance in a Distributed Retail Environment

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Payment Card Industry Standard - Symantec Services

WHITE PAPER. Preventing Wireless Data Breaches in Retail

PCI DSS. Payment Card Industry Data Security Standard.

Statement for the Record. Martin Casado, Senior Vice President. Networking and Security Business Unit. VMware, Inc. Before the

2015 VORMETRIC INSIDER THREAT REPORT

2014 Cisco and/or its affiliates. All rights reserved.

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

A5 Flyer (Landscape)

Addressing PCI Compliance

Windows XP End-of-Life Handbook for Upgrade Latecomers

Observer Analyzer Provides In-Depth Management

Symantec Messaging Gateway powered by Brightmail

MANAGED SECURITY SERVICES

SecurityMetrics Introduction to PCI Compliance

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Sage 100 ERP I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know

NETWORK SECURITY FOR SMALL AND MID-SIZE BUSINESSES

Driving Service Efficiency and Customer Engagement with In-Store WiFi

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

Verizon 2014 PCI Compliance Report

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Security and Privacy of Electronic Medical Records

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

Whitepaper: 7 Steps to Developing a Cloud Security Plan

Wi-Fi is Easy, Secure Wi-Fi is the Challenge.

Transcription:

Do My Security Controls Achieve Wireless PCI DSS? PCI compliance in the new world of threats 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2015 AirTight Networks, Inc. All rights reserved.

Table of Contents The Cost of Non-compliance 3 Impact of Latest Trends on Wi-Fi Security 4 New 802.11ac standard creates security blind spots Internet of Things is fast becoming a reality Mobile POS drives new requirements for Wi-Fi networks 4 5 6 How to Leverage Technology to Lower the Barriers to Wireless Security 7 2015 AirTight Networks, Inc. All rights reserved. 2

The Cost of Non-compliance The cost of non-compliance and gap remediation is something many retailers consider as they conduct their yearly PCI audit. Non-compliance fines can range anywhere from $5,000 200,000 per month depending on the card brand, the nature of non-compliance, and the number of incidents. The Cost of Non-Compliance $5,000 - $200,000 Non-compliance fines per month (Depending on the card brand, the nature of non-compliance, and the number of incidents) If your business accepts payment cards, it needs to be PCI compliant to protect customer data. Wi-Fi is a common attack vector. Rising threat levels and new technologies that make networked devices more mobile and interconnected mean that your wireless networks must conform to PCI standards. Source: Focus on PCI http://www.focusonpci.com/site/index.php/pci-101/pci-noncompliant-consequences.html On top of audit costs and non-compliance fines, the cost of remediating a breach can be high. According to InfoWeek s Dark Reading October 2014 article, It now takes a large organization an average of 31 days, at a cost of $20,000 per day, to clean up and remediate after a cyber-attack, with the total price tag for a data breach now at $640,000. And if those costs aren t formidable, consider the enduring negative impacts from bad publicity and waning customer loyalty on brand equity the retailer has spent a fortune building. If we take a look at the most recent high profile retail data breach, thieves stole 40 million credit and debit cards from Target between Nov. 27 and Dec. 15, 2013. And the impact was devastating. The Cost of Remediation Impact of a cyber-attack 43M PwC detected 43 million security incidents in 2014, a CAGR of 66% since 2009 days Average Remediation Timeframe $20,000 Cost per day $640,000 Total price tag for a data breach 69% 69% of consumers are less likely to shop at an organization that has been breached Source: Dark Reading, October 2014 http://www.darkreading.com/attacks-breaches/cost-of-a-data-breach-jumps-by-23-/d/d-id/131663 Source: Verizon 2015 PCI Compliance Report http://www.verizonenterprise.com/resources/reports/rp_pci-report-2015_en_xg.pdf According to AdWeek, Target s massive data breach racked up 150 billion media impressions between December 2013 and July 2014. Given the media attention and feelings of mistrust, 35% of the retailer s customers changed their shopping behavior post-data breach (Source: BizRate Insights). A recent Forbes article estimated that Target s December 2013 data breach has cost the company $148 million in lost sales. Target eventually slashed its second quarter earnings per share guidance from $0.85-$1.00 to $0.78, citing the data breach as well as debt retirement expenses as primary reasons. 2015 AirTight Networks, Inc. All rights reserved. 3

Target s Data Breach by the Numbers 40 million Number of credit and debit cards stolen from Target between Nov. 27 and Dec. 70 million Number of records stolen that included the name, address, email address and phone number of Target shoppers 46 Percentage drop in profits at Target in the fourth quarter of 2013, compared with the year before 200 million Estimated dollar cost to credit unions and community banks for reissuing 21.8 million cards 100 million Dollars Target says it will spend upgrading their payment terminals to support Chip-and-PIN enabled cards Brand impact: Target s massive data breach racked up 150 billion media impressions between December and July (AdWeek) Loyalty impact: 35% of the retailer s customers have changed their shopping behavior post-data breach (BizRate Insights) Financial impact: Target estimated that its December 2013 data breach has cost the company $148 million in losses (Forbes) Impact of Latest Trends on Wi-Fi Security New 802.11ac standard creates security blind spots Compliance officers need to consider the adoption of the 802.11ac Wi-Fi standard and take an informed approach to securing against vulnerabilities in that spectrum. According to IDC s 2015 Wi-Fi shipment data, the 802.11ac standard continues to see adoption at a breakneck pace in the enterprise segment. The 802.11ac standard already accounts for 30% of access point shipments, representing a noticeably faster adoption rate than the 802.11a/b/g to 802.11n transition several years ago. 802.11ac standard is also coming to consumer devices and anyone can buy an 802.11ac access point at a local Best Buy, creating a pool of potential rogue access points. Many merchants may be reluctant to invest in 802.11ac technology for their store networks due to limited capacities of their backhaul. However, the risk of not being able to detect and mitigate 802.11ac threats is real. From the standpoint of wireless intrusion prevention (WIPS), you need 802.11ac sensors to perform your wireless PCI compliance scanning 802.11n radios can only detect a subset of security threats in the 802.11ac spectrum. So if you have an aging 802.11n or earlier infrastructure, this is a strong reason to upgrade to 802.11ac technology. Best of all, this upgrade does not come at a CapEx premium as 802.11ac and 802.11n infrastructure are generally available at comparable pricing. Impact of Latest Trends on Wi-Fi Security New high-performance 802.11ac standard creates security blind spots 30% 802.11ac standard accounts for 30% of access point shipments* 11n radio cannot monitor 11ac frame formats! *Source: IDC Worldwide Quarterly WLAN Tracker, March 2015 http://www.idc.com/getdoc.jsp?containerid=prus25453915 2015 AirTight Networks, Inc. All rights reserved. 4

Internet of Things is fast becoming a reality IDC predicts that 28 billion connected devices will exist by 2020 how will network and security professionals cope? Awareness around IoT continues to grow rapidly, even though full IoT reality is expected to come to fruition over the next several years. Still, with new network infrastructure getting deployed today, having an expected lifespan of five to seven years, it is reasonable to expect it will be able to handle the increased demands of IoT-related apps and traditional network access concurrently, says Nolan Greene, Research Analyst with IDC s Network Infrastructure group. AirTight is helping merchants prepare by scaling up network monitoring capabilities on its 802.11ac platform. It now has the ability to monitor 2000 active wireless devices per AP/sensor, which is critical as industries of all kinds move into realms of wider connectivity. Equally important is the capacity of AirTight s cloud management system to scale to hundreds of thousands of devices being monitored across multiple geographies and customers. This scalability is coupled with AirTight s patented 802.11ac WIPS technology, which allows for fully-automated 24X7 protection, with zero false positive / false negative operation. It requires no IT involvement for mitigation of wireless threats or compliance reporting. Internet of Things Becoming Reality 28B IDC predicts that 28 billion connected devices will exist by 2020 how will network and security professionals cope? IoT requires compliance officers to address both device volume and device diversity: THE INTERNET of THINGS Device Volume Device Diversity System Scalability Operational Scalability 2015 AirTight Networks, Inc. All rights reserved. 5

Mobile POS drives new requirements for Wi-Fi networks Point of sale systems are the lifeblood of any merchant s business. This is a well-established market and upgrade cycles can be long. However, adding mobile POS and prepping for EMV is pushing 47% of restaurants to look at POS upgrades, according to Hospitality Technology s POS Software Trend Report 2015. Restaurant operators are pragmatic, and rightfully expect that their wireless networks play multiple roles to justify the investment. Wi-Fi has to contribute to business efficiency, improve employee productivity, and play a role in customer engagement. The availability of complimentary Wi-Fi access is becoming an increasingly significant factor in consumers choice of restaurants, according to the food industry research and consulting firm Technomic. About 40% of participants in a recent study conducted by the company deemed free Wi-Fi an important or very important consideration in restaurant selection second only to whether an establishment includes such information as menus on its website, reports Hospitality Technology. These multi-function networks must be open enough to welcome guests, but also highly secure to protect your brand from data loss and breaches. Both openness and security are needed to achieve operators vision of digitally enabled restaurants and the two terms do not have to be a contradiction. Compliance officers can leverage WIPS technology to lock trusted devices to authorized networks and prevent them from joining neighboring access points. This keeps sensitive applications and data secure and prevents any wireless honeypot attacks. Mobile Technologies Create New Requirements for Wi-Fi Networks Consumers are becoming more mobile and want to pay and access the internet from anywhere. Businesses must protect these communications. 47% 40% of restaurants are planning POS upgrades to add mobile POS and EMV* of participants in a study conducted by Technomic deemed free Wi-Fi an important or very important consideration in restaurant selection** * Source: Hospitality Technology s POS Software Trend Report 2015 http://hospitalitytechnology.edgl.com/news/pos-software-trend-report-201597065 ** Source: Hospitality Technology, Restaurants Add Free Wi-Fi to the Menu http://hospitalitytechnology.edgl.com/news/restaurants-add-free-wi-fi-to-the-menu99463 2015 AirTight Networks, Inc. All rights reserved. 6

How to Leverage Technology to Lower the Barriers to Wireless Security Compliance officers are rightly concerned about human factors which can often be the soft underbellyof any security policy. To future-proof themselves against both inadvertent security lapses and malicious internal or external actions, merchants should consider behavior-based security, which includes: Strong device behavioral analysis logic, since traditional signatures and threshold based security solutions can t catch up with the evolving monitoring scenarios. Fast response time to threats, to tackle new and optimized attack and policy violation triggers. How should merchants determine whether a wireless PCI solution stands up to the test of security beyond checklist compliance? Is threat scanning 24 7 or is it only occasional spot scanning? PCI does not require 24 7 scanning, but continuous scanning is the best practice. Notably, the entire Target breach occurred over only 3 weeks that is a much briefer period than a quarter. Does the scan merely serve up raw data to compliance officers or does it filter out genuine threats so they can be mitigated? With too many alarms, it s natural to become desensitized, letting the human behavioral factors undermine your security and compliance posture. Is the solution capable of detecting all types of vulnerabilities? Can it identify various types of rogue APs? If it can only identify a few types of rogues (such as rogues with correlation between their wired and wireless MAC addresses so called MAC adjacency), how can you trust that report since there could be unidentified rogue APs connected to the CDE among the large number of APs detected during the scan? Is the solution capable of automatically containing the identified vulnerabilities? Although automatic mitigation is not a PCI requirement, in large nationwide deployments, automatic containment is a requirement for security. Automatic containment reduces the window of vulnerability. Moreover, automatic containment has to occur without false alarms which can disrupt legitimate operations. Is the solution capable of full security operation at the store level without critical dependence on WAN links? The answer to these critical questions will determine if merchants can be fully armed to protect themselves either during a compliance audit or against a legitimate wireless threat. AirTight Networks, Inc. 339 N. Bernardo Avenue #200, Mountain View, CA 94043 T +1.877.424.7844 T 650.961.1111 F 650.961.1169 www.airtightnetworks.com info@airtightnetworks.com 2015 AirTight Networks, Inc. All rights reserved. AirTight Networks and the AirTight Networks logo are trademarks, and AirTight is a registered trademarks of AirTight Networks, Inc. All other trademarks mentioned herein are properties of their respective owners. Specifications are subject to change without notice. Secure Cloud-Managed Wi-Fi

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information