Home Support Contact
 
 
 
   
 
SOLUTIONS
 

HOW CAN
WE HELP?

Ask us today
about how you can
address security
and compliance
management
concerns
 

“When Telefonica asked us to recommend a SIM solution, the only option was clearly netForensics, which provides the critical security information we need to make fast decisions about threats.”

Javier Garcia,
Director SIM Services,
STE

Payment Card Industry (PCI) Compliance

lineblur
Implementing Best Practices for PCI: Preventing Data Breaches and Safeguarding Critical Data lineblur

Companies with responsibility for consumer credit card information face an ongoing challenge to ensure the integrity and security of credit card data. And in 2005, information security accountability intensified for merchants and payment service providers when the Payment Card Industry (PCI) Data Security Standard was introduced worldwide. Since then, all merchants and service providers that store, process, or transmit credit card data must comply with the PCI mandates or can face costly consequences such as:

  • Fines of $5,000 to $25,000 a month for each merchant who does not validate PCI compliance
  • An estimated 78 percent of consumers declining to shop where a breach occurs
  • The cost of a fraudulent or erroneous data breach ranging from $182 to $350 per data record
  • Merchants facing the possibility of bankruptcy without the appropriate data security practices in place to maintain PCI compliance

Security Compliance Management for PCI

Compliance with PCI demands that you continuously monitor and manage the cardholder data environment—demonstrating a proactive foundation for effective security against breaches and attacks. Recognized best practices and security compliance management solutions can assist in managing even the most complex PCI requirements.

netForensics provides the security information management (SIM) and log management infrastructure to successfully address PCI compliance challenges. The nFX One suite provides organizations that store, process, or transmit cardholder data greater visibility, better intelligence, and more effective response to threats.

With its integrated Security Audit Framework and associated PCI module, netForensics’ nFX SIM One security information management application enables you to more effectively manage your organization against the IT controls requirements outlined in this standard.

The PCI compliance module decreases the time and resources needed to spend on meeting PCI compliance requirements, gathers information for self-assessments from an auditor’s perspective, and provides third-party auditors information needed to evaluate organizational compliance.

Within the PCI Data Security Standard, there are 12 sections and over 100 subsections that make up the requirements. The netForensics PCI Security Audit Framework module covers the following requirements:

  • 1.1.1 - A formal process for approving and testing all external network connections and changes to the firewall configuration

  • 1.1.3 - Requirements for a firewall at each Internet connection and between any demilitarized zone (DMZ) and the internal network zone

  • 1.1.4 - Description of groups, roles, and responsibilities for logical management of network components

  • 1.3.7 - Denying all other inbound and outbound traffic not specifically allowed

  • 3.4 - Render account numbers, at minimum, unreadable anywhere it is stored (including data on portable digital media, backup media, in logs, and data received from or stored by wireless networks) by using any of the following approaches:
    • - Strong one-way hash functions (hashed indexes)
    • - Truncation
    • - Index tokens and pads (pads must be securely stored)
    • - Strong cryptography with associated key management
      - processes and procedures

  • 10.1 - Establish a process for linking all access to system components (especially access done with administrative privileges such as root) to each individual user

  • 10.2.1 - All individual user accesses to cardholder data.

But whether you’re beginning to explore the importance of collecting and analyzing log data, enhancing your security practices to protect your applications and databases from data breaches and insider threats, or need real-time actionable security and PCI compliance information throughout your enterprise, netForensics can help you meet all your security compliance management challenges.

netForensics is a member of the PCI Security Standards Council - actively participating in the ongoing development of PCI standards.

nFX One: Helping You Maintain PCI Compliance While Securing Your Enterprise nFX One

netForensics nFX One is a streamlined yet robust security compliance management suite that empowers you to continuously manage risk while leveraging recognized security best practices. Through data collection, log management, real-time monitoring, threat identification, rapid response, and actionable reporting, you can tackle information security and PCI compliance at the same time with nFX One solutions:

  • nFX SIM One for Security Information Management, empowers you to transform huge volumes of complex security-related data into understandable, actionable information. This streamlined, easy-to-deploy SIM solution allows you to respond to security events in real time—for active compliance management from the perimeter to the core. nFX SIM One’s new Security Audit Framework delivers unprecedented guidance and knowledge support to help you in your efforts to achieve compliance with multiple regulations and standards.
  • nFX Data One for Database Threat Management, delivers a new level of insight into user activities, so you know who’s touching your critical data and what they are doing with it—at all times across your enterprise. nFX Data One protects your agency from data breaches by monitoring databases and applications and alerting on any hostile and unauthorized activity.
  • nFX Log One for Log Management, enables easy-to-use log management for collecting, documenting, and storing log data for PCI compliance audits. With broad access to your log data—plus the power to take action on it when necessary—you can effectively meet your compliance demands while enhancing your overall information security posture.

Learn more about achieving and maintaining PCI compliance through proactive threat and risk management.

Download: PCI: How to Safeguard Customer Data Against Real Threats



ACTION ITEM
PCI Compliance:
Learn how to implement a flexible and scalable solution to PCI compliance and get real-time visibility into risk and compliance data.

Read the Whitepaper:
PCI: How to Safeguard Customer Data Against Real Threats

Download Whitepaper
(PDF)
 

MORE RESOURCES
 

 
 
© 2008 netForensics, Inc. | 200 Metroplex Drive | Edison, NJ 08817 | 1.866.525.5666 | 1.732.393.6000
Privacy Policy Site Index
 
 
HOME COMPANY SOLUTIONS PRODUCTS SERVICES NEWS & EVENTS PARTNERS RESOURCES SUPPORT