Webinar pcidsssimplified-140319-140319152520-phpapp01

50 %
50 %
Information about Webinar pcidsssimplified-140319-140319152520-phpapp01
Technology

Published on March 21, 2014

Author: albertspijkers

Source: slideshare.net

Description

HOW TO SIMPLIFY PCI DSS WITH UNIFIED SECURITY MANAGEMENT

MARCH 2014 HOW TO SIMPLIFY PCI DSS WITH UNIFIED SECURITY MANAGEMENT Jim Hansen Sr. Director, Product Management Tom D’Aquino Sr. Systems Engineer

AGENDA Common challenges / Pre-audit checklist Core capabilities for PCI Automation & consolidation Key Takeaways Q & A

SETTING THE STAGE… Common Challenges & Pre-audit Checklist

PCI DSS IN THE NEWS…

END OF … UH OH. > 1.9 million Point-of- Sale (POS) machines run Windows XP ~ 95% of American ATMS run Windows XP April 8th, 2014

MOST COMMON PCI FAILURES

MOST COMMON PCI FAILURES

5 MOST COMMON PCI FAILURE AREAS Regularly test security systems and processes Track and monitor all access to network resources and cardholder data Maintain a policy that addresses information security for all personnel. Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters 93% 91% 87% 86% 84% Requirement 11 Requirement 10 Requirement 12 Requirement 1 Requirement 2

QUESTIONS TO ASK YOURSELF… SOONER RATHER THAN LATER. Pre-audit checklist: ! Where do your PCI-relevant assets live, how are they configured, and how are they segmented from the rest of your network? ! Who accesses these resources (and the other W’s… when, where, what can they do, why and how)? ! What are the vulnerabilities that are in your PCI-defined network – app, OS, etc? ! What constitutes your network baseline? What is considered “normal/ acceptable”? Ask your team… What do we NEVER want to happen in our PCI environment? How do we capture those events when they do happen?

FRENEMIES: SECURITY AND COMPLIANCE

SO…. WHAT DO I NEED FOR PCI-DSS?

Piece it all together Figure out what is valuable Identify ways the target could be compromised Start looking  for threats Look for strange activity which could indicate a threat What functionality do I need for PCI DSS?

Asset Discovery •  Active Network Scanning •  Passive Network Scanning •  Asset Inventory •  Host-based Software  Inventory Piece it all together Identify ways the target could be compromised Start looking  for threats Look for strange activity which could indicate a threat Asset Discovery What functionality do I need for PCI DSS?

Asset Discovery •  Active Network Scanning •  Passive Network Scanning •  Asset Inventory •  Host-based Software  Inventory Vulnerability Assessment •  Network Vulnerability Testing Piece it all together Start looking  for threats Look for strange activity which could indicate a threat Asset Discovery Vulnerability Assessment What functionality do I need for PCI DSS?

Asset Discovery •  Active Network Scanning •  Passive Network Scanning •  Asset Inventory •  Host-based Software  Inventory Vulnerability Assessment •  Network Vulnerability Testing Threat Detection •  Network IDS •  Host IDS •  Wireless IDS •  File Integrity Monitoring Piece it all together Look for strange activity which could indicate a threat Asset Discovery Vulnerability Assessment Threat Detection What functionality do I need for PCI DSS?

Asset Discovery •  Active Network Scanning •  Passive Network Scanning •  Asset Inventory •  Host-based Software  Inventory Vulnerability Assessment •  Network Vulnerability Testing Threat Detection •  Network IDS •  Host IDS •  Wireless IDS •  File Integrity Monitoring Behavioral Monitoring •  Log Collection •  Netflow Analysis •  Service Availability Monitoring Piece it all together Asset Discovery Vulnerability Assessment Threat Detection Behavioral Monitoring What functionality do I need for PCI DSS?

Asset Discovery •  Active Network Scanning •  Passive Network Scanning •  Asset Inventory •  Host-based Software  Inventory Vulnerability Assessment •  Network Vulnerability Testing Threat Detection •  Network IDS •  Host IDS •  Wireless IDS •  File Integrity Monitoring Behavioral Monitoring •  Log Collection •  Netflow Analysis •  Service Availability Monitoring Security Intelligence •  SIEM Event Correlation •  Incident Response Asset Discovery Vulnerability Assessment Threat Detection Behavioral Monitoring Security Intelligence What functionality do I need for PCI DSS?

Asset Discovery •  Active Network Scanning •  Passive Network Scanning •  Asset Inventory •  Host-based Software  Inventory Vulnerability Assessment •  Network Vulnerability Testing Threat Detection •  Network IDS •  Host IDS •  Wireless IDS •  File Integrity Monitoring Behavioral Monitoring •  Log Collection •  Netflow Analysis •  Service Availability Monitoring Security Intelligence •  SIEM Event Correlation •  Incident Response Asset Discovery Vulnerability Assessment Threat Detection Behavioral Monitoring Security Intelligence powered by  AV Labs Threat Intelligence Unified Security Management

This is just the technologies… process is a whole ‘nother topic. BY THE WAY…

ALIENVAULT LABS THREAT INTELLIGENCE: COORDINATED ANALYSIS, ACTIONABLE GUIDANCE Let Us Stay Ahead of the Threats For You

DISRUPT THE INCIDENT RESPONSE CYCLE Detect Respond Prevent A traditional cycle … 1.  Prevents known threats. 2.  Detects new threats in the environment. 3.  Respond to the threats – as they happen. This isolated closed loop offers no opportunity to learn from what others have experienced ….no advance notice

TRADITIONAL RESPONSE First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products

TRADITIONAL RESPONSE First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack

TRADITIONAL RESPONSE First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect

TRADITIONAL RESPONSE First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Respond

TRADITIONAL RESPONSE First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Respond

OTX ENABLES PREVENTATIVE RESPONSE Through an automated, real-time, threat exchange framework

A REAL-TIME THREAT EXCHANGE FRAMEWORK First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Open Threat Exchange Puts Preventative Response Measures in Place Through Shared Experience

A REAL-TIME THREAT EXCHANGE FRAMEWORK First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Open Threat Exchange Protects Others in the Network With the Preventative Response Measures

BENEFITS OF OPEN THREAT EXCHANGE !   Shifts the advantage from the attacker to the defender !   Open and free to everyone !   Each member benefits from the incidents of all other members !   Automated sharing of threat data

MAKING THE CYCLE MORE EFFICIENT Detect Respond Prevent ü Automated Detection ü Enabling Response How do we make the response process more effective?

Threats Change. Your event correlation rules, IP reputation data, etc. should change too. It’s impossible to predict all bad things. You need a solution that evolves with you. READING BETWEEN THE LINES What’s not in the fine print but should be… Dynamic threat intelligence updates Flexible use case support

WHY ALIENVAULT FOR PCI DSS COMPLIANCE? ! All-in-one functionality •  Easy management •  Multiple functions without multiple consoles ! Automate what and where you can* •  “Baked in” guidance when you can’t ! Flexible reporting & queries… as detailed as you want it. ! Dynamic Threat intelligence from AlienVault Labs

REQUIREMENT 1: Install and maintain a firewall configuration to protect data PCI DSS Requirement USM Capabilities Benefits 1.1, 1.2, 1.3 ü  NetFlow analysis ü  System availability monitoring ü  SIEM ü  Asset discovery §  Unified and correlated NetFlow analysis and firewall logs delivers “single pane of glass” visibility into access to cardholder-related data and resources §  Built-in asset discovery provides a dynamic asset inventory and topology diagrams. Cardholder-related resources can be identified and monitored for unusual activity. §  Accurate and automated asset inventory combined with relevant security events accelerate incident response efforts and analysis.

REQUIREMENT 2: No use of vendor-supplied parameter defaults PCI DSS Requirement USM Capabilities Benefits 2.1, 2.2, 2.3 ü  Network intrusion detection (IDS) ü  Vulnerability assessment ü  Host-based intrusion detection (HIDS) •  Built-in, automated vulnerability assessment identifies the use of weak and default passwords. •  Built-in host-based intrusion detection and file integrity monitoring will signal when password files and other critical system files have been modified.

PCI DSS Requirement USM Capabilities Benefits 3.6.7 ü  Log management ü  Host-based intrusion detection (HIDS) ü  File integrity monitoring ü  NetFlow analysis ü  SIEM •  Unified log review and analysis, with triggered alerts for high risk systems (containing credit cardholder data). •  Built-in host-based intrusion detection and file integrity monitoring detect and alarm on changes to cryptographic keys. •  Unified NetFlow analysis and event correlation monitors traffic and issues alerts on unencrypted traffic to/from cardholder-related resources. REQUIREMENT 3: Protects stored cardholder data

PCI DSS Requirement USM Capabilities Benefits 4.1 ü  NetFlow analysis ü  Behavioral monitoring ü  Wireless IDS ü  SIEM •  Unified NetFlow analysis and event correlation monitors traffic and issues alerts on unencrypted traffic to/from cardholder-related resources. •  Built-in wireless IDS monitors encryption strength and identifies unauthorized access attempts to critical infrastructure. REQUIREMENT 4: Encrypt cardholder data transmission across open public networks

PCI DSS Requirement USM Capabilities Benefits 5.1, 5.2 ü  Host-based intrusion detection (HIDS) ü  Network intrusion detection (IDS) ü  Log management •  Built-in host-based intrusion detection provides an extra layer of defense against zero day threats (before an anti- virus update can be issued). •  Unified log management provides an audit trail of anti- virus software use by collecting log data from anti-virus software. •  Built-in network intrusion detection identifies and alerts on malware infections in the credit cardholder data environment. REQUIREMENT 5: Use and update anti-virus software

PCI DSS Requirement USM Capabilities Benefits 6.1, 6.2, 6.3, 6.3.2, 6.4, 6.5 ü  Asset discovery ü  Vulnerability assessment ü  Network intrusion detection (IDS) ü  SIEM •  Built-in and consolidated asset inventory, vulnerability assessment, threat detection and event correlation provides a unified view of an organization’s security posture and critical system configuration. •  Built-in vulnerability assessment checks for a variety of well-known security exploits (i.e., SQL injection). REQUIREMENT 6: Develop and maintain secure systems and applications

PCI DSS Requirement USM Capabilities Benefits 7.1, 7.2 ü  SIEM •  Automated event correlation identifies unauthorized access to systems with credit cardholder data. REQUIREMENT 7: Restrict cardholder data access to need to know

PCI DSS Requirement USM Capabilities Benefits 8.1, 8.2, 8.4, 8.5 ü  Log Management •  Built-in log management captures all user account creation activities and can also identify unencrypted passwords on critical systems. REQUIREMENT 8: Assign unique IDs to everyone with computer access

PCI DSS Requirement USM Capabilities Benefits 10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7 ü  Host-based intrusion detection (HIDS) ü  Network intrusion detection (IDS) ü  Behavioral monitoring ü  Log management ü  SIEM §  Built-in threat detection, behavioral monitoring and event correlation signals attacks in progress —for example, unauthorized access followed by additional security exposures such as cardholder data exfiltration. §  Built-in log management enables the collection and correlation of valid and invalid authentication attempts on critical devices. §  Centralized, role-based access control for audit trails and event logs preserves “chain of custody” for investigations. REQUIREMENT 10: Track and monitor access to all network resources and cardholder data

PCI DSS Requirement USM Capabilities Benefits 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 11.7 ü  Vulnerability assessment ü  Wireless IDS ü  Host-based intrusion detection (HIDS) ü  File integrity monitoring ü  SIEM §  Built-in vulnerability assessment streamlines the scanning and remediation process – one console to manage it all. §  Built-in wireless IDS detects and alerts on rogue wireless access points, and weak encryption configurations. §  Built-in host-based intrusion detection identifies the attachment of USB devices including WLAN cards. §  Unified vulnerability assessment, threat detection, and event correlation provides full situational awareness in order to reliably test security systems and processes. §  Built-in file integrity monitoring alerts on unauthorized modification of system files, configuration files, or content. REQUIREMENT 11: Regularly test security systems and processes

Show me!

KEY TAKEAWAYS ! Use the “force” of compliance to enhance your security monitoring / incident response program. ! PCI Compliance is about people, process, and technology ! Find the right technology that meets your business needs ! Automate and consolidate as much as possible to minimize cost, centralize visibility And… throw away that cover page for your TPS reports.

NOW FOR SOME Q&A… Three Ways to Test Drive AlienVault !   Download a Free 30-Day Trial http://www.alienvault.com/free-trial !   Try our Interactive Demo Site http://www.alienvault.com/live-demo-site !   Join our LIVE Demo on Thursday! http://www.alienvault.com/marketing/alienvault-usm- live-demo Sales@alienvault.com

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Ibm data power common use cases

1. © 2013 IBM Corporation DataPower Common Use Cases Bharat Bhushan, Principal Connectivity Architect, IBM UK Christopher Khoury ...
Read more

Power 8 Systems Announcement and Overview

Power 8 Systems Announcement and Overview Technology presentation. Tweet. Power 8 Systems Announcement and Overview. Tweet. Information about Power 8 ...
Read more