In January 2015, version 3.0 of the Payment Card Industry Data Security Standard (PCI-DSS) comes into force and compliance gets tougher. Much tougher. This is concerning for all retail, professional and financial companies that handle credit card data, but it is a particularly troubling issue for the many organisations that already struggle to comply with previous versions of the standard. There is, however, a simple solution: Redscan’s ThreatDetect service. Gubi Singh describes how it works and what the benefits are. All organisations that process, retain or transmit customer information that includes credit card data have an obligation to meet PCI-DSS requirements. Adhering to these requirements is challenging for organisations of all sizes. In fact, 89% of organisations failed their 2013 baseline assessment according to the Verizon 2014 PCI Compliance Report. Too often, companies bolt together a range of disconnected point products in an attempt to comply with the requirements. This results in a solution that is complex to manage, expensive, and likely to increase the risk of failure. With the implementation of PCI-DSS version 3.0 now mandatory, organisations are facing the challenge of meeting even more demanding requirements. PCI-DSS is no longer a simple audit that must be passed once a year; instead organisations must demonstrate that they are continuously monitoring and assessing their information assets and implementing strong security practices while adhering to 12 requirements with over 400 controls. Inevitably, version 3.0 will place increased demands on already stretched IT resources. Organisations don’t just have to find the time and money to implement the technology to comply, but will also have to dedicate a specialist team to continuously monitor their environment. Failure to meet the specified technical and operation standards exposes businesses to fines, penalties and litigation costs. However, the reputational damage caused by a data leak can be more significant than any cost as it can lead to a loss of customer confidence and business. Redscan ThreatDetect: The hassle-free way to meet PCI-DSS v3.0 requirements and improve security Redscan ThreatDetect is a managed security service that removes the cost and complexity of meeting PCI-DSS v3.0 requirements. Simple to deploy and hassle-free, the service requires no capital expenditure, expensive security technology or specialised security skills. Redscan combines the technology and skilled security personnel required to deliver a proactive security and compliance service with fixed operational expenditure.
- ThreatDetect can enable you to meet your PCI-DSS requirements by: Collecting and securely logging, signing and archiving logs and events. This provides a record in one place of all relevant events, greatly reducing the cost of forensics if required.
- Implementing rules that allow suspicious events to be identified and acted on. As the amount of data collected grows, there has to be some way of making sense of it and ThreatDetect does this by correlating events from different sources to identify suspicious activity.
- Performing vulnerability scanning, enabling internal scans to be carried out at least four times a year and providing a portal in which to track these events and act on issues they raise.
- Supporting asset management, allowing companies to know what is on their network which in turns means companies can better administer their networks.
- Generating reports designed specifically for PCI-DSS compliance that enable companies to see how they are conforming to the regulation.
- Regular internal vulnerability scans at no extra cost
- Asset management to understand and monitor the systems on the network
- Log management to safely store and retrieve logs on demand
- Security Information and Event Management to make sense of logs
- File integrity monitoring to protect valued data
- Early identification of breaches allowing for rapid remediation
- Detection of gaps in your security architecture so that future investments can focus on delivering the greatest security improvements
- Improved understanding of the effectiveness of your IT security controls enabling the prioritisation of areas that require attention
- Clear, concise and detailed executive and technical reports
- A highly skilled and experienced team of certified security experts: CISSP, CISSP-ISSAP, CISA, CISM, CEH, OSCP, OSWP & CREST
- Customer portal to manage compliance
- External intelligence from a range of diverse sources
- Additional analysis to detect malicious behaviour from a great range of proprietary technologies
In conclusion, the Redscan ThreatDetect service provides the continuous compliance that the PCI Security Standards Council now requires organisations to adopt. It also allows companies to make a significant improvement to their security, rather than treating PCI-DSS as a ‘tick the box’ exercise.