Embed Size (px)
DESCRIPTION
Maintaining, verifying, and demonstrating PCI DSS compliance is far from a trivial exercise. Those 12 requirements often translate into a lot of manual and labor-intensive tasks – chasing down discrepancies in asset inventory spreadsheets, removing false positives from network vulnerability assessment reports, and weeding through log data trying to make sense of it all. In fact, you may need to consult at least a dozen different tools for those dozen requirements. Thankfully, there’s a simpler alternative. AlienVault Unified Security Management (USM) consolidates the five essential capabilities you need for PCI DSS compliance. As a nearly complete PCI compliance solution, AlienVault’s USM delivers the security visibility you need in a single pane-of-glass. And it solves more than the single purpose PCI DSS compliance software alternatives do. During this webcast, you will learn how to: Achieve, demonstrate and maintain PCI DSS compliance Consolidate and simplify SIEM, log management, vulnerability assessment, IDS, and file integrity monitoring in a single platform Implement effective incident response with emerging threat intelligence Plus, you'll see how quickly and easily you can simplify and accelerate PCI DSS compliance. Register Now to secure your spot.
Citation preview
PCI DSS SIMPLIFIED: WHAT YOU NEED TO KNOW
Sandy Hawke, CISSPVP, Product Marketing
@sandybeachSF
Tom D’Aquino Technical Lead
AGENDA
2
Common challenges
Pre-audit checklist
Core capabilities for PCI
Automation & consolidation
Product Demo
Key Takeaways
Q & A
SETTING THE STAGE…Pre-audit checklist & more
QUESTIONS TO ASK YOURSELF… SOONER RATHER THAN LATER .
Pre-audit checklist:
Where do your PCI-relevant assets live, how are they’re configured, and how are they segmented from the rest of your network?
Who accesses these resources (and the other W’s… when, where, what can they do, why and how)?
What are the vulnerabilities that are in your PCI-defined network – app, etc?
What constitutes your network baseline? What is considered “normal/acceptable”?
Ask your team… What do we NEVER want to happen in our PCI environment? How do we capture those events when they do happen?
7
FRENEMIES: SECURITY AND COMPLIANCE
88
SO…. WHAT DO I NEED FOR PCI-DSS?
Piece it all together
Look for strange activity which could
indicate a threat
Start looking for threats
Identify ways the target could be compromised
What do we need for PCI-DSS?
Figure out what is valuable
10
Piece it all together
Look for strange activity which could
indicate a threat
Start looking for threats
Identify ways the target could be compromised
What do we need for PCI-DSS?
11
AssetDiscovery
Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software
Inventory
Piece it all together
Look for strange activity which could
indicate a threat
Start looking for threats
What do we need for PCI-DSS?
12
AssetDiscovery
Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software
Inventory
VulnerabilityAssessment
Vulnerability Assessment• Network Vulnerability Testing
Piece it all together
Look for strange activity which could
indicate a threat What do we need for PCI-DSS?
13
AssetDiscovery
Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software
Inventory
VulnerabilityAssessment
Vulnerability Assessment• Network Vulnerability Testing
Threat Detection• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
ThreatDetection
Piece it all together
What do we need for PCI-DSS?
14
AssetDiscovery
Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software
Inventory
VulnerabilityAssessment
Vulnerability Assessment• Network Vulnerability Testing
Threat Detection• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
ThreatDetection
Behavioral Monitoring• Log Collection• Netflow Analysis• Service Availability Monitoring
BehavioralMonitoring
What do we need for PCI-DSS?
15
AssetDiscovery
Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software
Inventory
VulnerabilityAssessment
Vulnerability Assessment• Network Vulnerability Testing
Threat Detection• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
ThreatDetection
Behavioral Monitoring• Log Collection• Netflow Analysis• Service Availability Monitoring
BehavioralMonitoring
Security Intelligence• SIEM Correlation• Incident Response
SecurityIntelligence
16
AssetDiscovery
Asset Discovery• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software
Inventory
VulnerabilityAssessment
Vulnerability Assessment• Network Vulnerability Testing
Threat Detection• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
ThreatDetection
Behavioral Monitoring• Log Collection• Netflow Analysis• Service Availability Monitoring
BehavioralMonitoring
Security Intelligence• SIEM Correlation• Incident Response
SecurityIntelligence
Unified Security
Management
BTW… this is just the technologies… process is a whole ‘nother topic.
READING IN BETWEEN THE LINES…
DYNAMIC THREAT INTELLIGENCE UPDATES
THE THREATS CHANGE, SO SHOULD YOUR EVENT CORRELATION RULES, IP REPUTATION DATA, ETC.
FLEXIBLE USE CASE SUPPORT
IT’S IMPOSSIBLE TO PREDICT ALL BAD OUTCOMES SO HAVE A SOLUTION THAT GROWS WITH YOU
WHAT’S NOT IN THE FINE PRINT BUT SHOULD BE…
Dynamic threat intelligence updates
THE THREATS CHANGE, SO SHOULD YOUR EVENT CORRELATION RULES, IP REPUTATION DATA, ETC.
Flexible use case supportIT’S IMPOSSIBLE TO PREDICT ALL BAD OUTCOMES SO HAVE A SOLUTION THAT GROWS WITH YOU
17
LET’S HEAR FROM YOU!ALIENVAULT POLL QUESTION
What is your biggest pain point when it comes to PCI compliance?
• Uncertainty about what’s on my network
• Vulnerability assessment and remediation
• Concerns about threat detection
• Compliance reporting
• None of the above – I’m a PCI Ninja!
WHY ALIENVAULT FOR PCI DSS COMPLIANCE?
All-in-one functionality
• Easy management
• Multiple functions without multiple consoles
Automate what and where you can*
• “Baked in” guidance when you can’t
Flexible reporting & queries… as detailed as you want it.Threat intelligence from AlienVault Labs
19
*Disclaimer: Despite the hype, you can’t automate EVERYTHING nor would you want to. This is cyber security we’re talking about!
ALIENVAULT USM: AUTOMATION & CONSOLIDATION
① Install and Maintain a Firewall Configuration to Protect Data
② No Use of Vendor-Supplied Parameter Defaults
③ Protects Stored Cardholder Data
④ Encrypt Cardholder Data Transmission Across Open Public Networks
⑤ Use and Update Antivirus Software
⑥ Develop and Maintain Secure Systems and Applications
⑦ Restrict Cardholder Data Access to Need to Know
⑧ Assign Unique IDs to Everyone with Computer Access
⑨ Track and Monitor Access to All Network Resources and Cardholder Data
⑩ Regularly Test Security Systems and Processes
http://www.alienvault.com/products-solutions/compliance-management/pci-dss-compliance
LET’S SEE IT IN ACTION.AlienVault USM Demo – PCI DSS Compliance Simplified
WHAT’S COMING IN PCI DSS V3*?
Increased clarity
• Intention and application
• Scoping and reporting
• Eliminate redundancy, consolidate documentation
Stronger focus on “greater risk areas” in the threat environmentConsistency among assessors
Key Goals
*https://www.pcisecuritystandards.org/security_standards/documents.php
Key ThemesEducation and AwarenessIncreased flexibilitySecurity as a shared responsibility
Nov 7
2013
• PCI DSS v3 is published
Jan 12014
• PCI DSS v3 becomes effective
Dec
31 2014
• PCI DSS v2 expires
Key Dates
KEY TAKE-AWAYS
Use the “force” of compliance to bolster your security monitoring / incident response program.PCI Compliance is more than just reporting.Automate and consolidate as much as possible.And… throw away that cover page for your TPS reports.
….But keep the red stapler.23
NOW FOR SOME Q&A…
Three Ways to Test Drive AlienVault
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Try our Interactive Demo Site
http://www.alienvault.com/live-demo-site
Join our LIVE Demo on Thursday!
http
://www.alienvault.com/marketing/alienvault-usm-
live-
demo
