More than 200 million personally-identifiable data records have
been lost, stolen, or otherwise compromised since the beginning of
2005, a significant percentage of which were credit card records.
Actiance solutions can help businesses effectively comply with
PCI-DSS regulations as they apply to the control of real-time
communications traffic and anti-malware protection.
What is PCI-DSS?
PCI-DSS (Payment Card Industry - Digital Security Standards) is
a collaborative effort between multiple credit card organizations
to achieve a common set of security standards for use by entities
that process, store, or transport payment card data.
Many of the requirements of PCI-DSS overlap with those for other
data protection and information privacy statutes, with two
important differences:
- PCI-DSS applies to every organization that accepts credit
cards, so it encompasses business of all sizes, from small retail
and online outlets to global enterprises - with similarly widely
differentiated information security
- Cardholder data is extremely portable and can be vulnerable at
many different points as it flows across multiple networks from the
merchant to the credit card issuer, not the least of which is
real-time communications networks
By protecting the integrity of credit card data, PCI compliance
should lead to greater consumer confidence that their personal data
will not be compromised by using credit cards.
The threat landscape is constantly evolving; threats are
becoming more complex, sophisticated and innovative, and data and
information are much more accessible. It is incumbent upon all
businesses handling credit card information to view PCI compliance
as an integral part of securing real-time communications.
Risks of non-compliance
Any company whose network intersects with credit card data as it
flows from merchant to credit card issuer is vulnerable to the
charge of endangering customer information and the consequent
penalties should that company be found liable to a charge of
insufficient care of that data:
- Fines levied by the acquiring banks
- The cost of replacing the cards and perhaps covering fraudulent
charges
- The cost of credit monitoring for compromised individuals
- Demotion or loss of merchant status
- Public relations fallout
- Loss of shareholder and customer confidence
PCI-DSS vulnerability concerns in a Web 2.0 world
The Web 2.0 world is all about sharing, collaboration, and
interactivity. The technology underpinning Web 2.0 is powerful,
dynamic, and designed for collaboration and communication. It's
also, for the most part, extremely easy to use and customize, hence
the rapidly-growing popularity of Facebook applets and other
mini-applications.
Web 2.0 gives users direct control over powerful technology in a
medium that does not have security as its first priority. The
applications and communications emanating from this new environment
frequently intersect with corporate and other private networks,
creating the potential for significant vulnerabilities in the
security of those networks.
But without the right tools, IT is unable to monitor and manage
these new points of vulnerability at all, because they bypass
traditional corporate network protection measures.
How Actiance can help
Actiance recognizes that Web 2.0 in general and social networks
in particular can deliver real business benefits, and that
organizations need a way to control, monitor and secure its use
that ensures compliance without impeding those benefits.
Here's how Actiance's Unified Security Gateway
addresses certain key requirements of PCI-DSS compliance:
|
PCI-DSS Requirement |
Actiance Solution |
Actiance Benefit |
| 1.3.7: Denying all other inbound and outbound
traffic not specifically allowed |
Deploy USG at the gateway to filter web traffic,
prevent unauthorized IM/P2P use, and block malware at the
gateway |
- Prevents unauthorized traffic not detected by firewalls or IPS
from entering the or leaving the network
|
| 1.4.1 Implement a DMZ to filter and screen all
traffic and prohibit direct routes for inbound and outbound
Internet traffic |
Deploy USG at the gateway to:
- locally route public IM traffic
- filter credit card data in IM traffic
- block malware over IM channels
|
- Prevent credit card information leakage over IM
- Achieve compliance for real-time communication channels
|
| 5.1.1: Ensure that anti-virus programs are capable
of detecting, removing, and protecting against other forms of
malicious software, including spyware and adware |
Deploy USG with GEM for gateway detection and
prevention |
- Complements desktop firewalls
- Remediates infected endpoints without deploying an agent on the
client
|
Actiance USG gives IT control over Web 2.0, social networking,
IM, P2P applications, and enterprise unified communications
platforms through a single dedicated appliance that sits at the
interface between the corporate network and the Internet.
Key PCI compliance features of USG include:
- Prevents unauthorized Web, IM, and P2P traffic not blocked by
firewalls
- Provides gateway malware prevention and targeted remediation of
infected endpoints
- Enforces policies, manages use, and prevents information
leakage over permitted real-time communications channels, using
industry-leading URL databases
- Enables unified policy management and enforcement across all
real-time Internet traffic
- Real-time content filtering across all communications channels
prevents inadvertent or malicious data leakage
- Prevents inadvertent or malicious data leakage over all
channels with real-time content filtering
- Protects against inbound and outbound threats (SpIM, spyware,
rootkits, worms, botnets).
- Ensures non-repudiation of archived messages with tamper-proof
logging and archival of online conversations
With flexible deployment options, USG fits seamlessly into
existing network topologies to offer the highest level of security
with zero latency and a low total cost of ownership.
Learn more about Unified Security Gateway