SlideShare une entreprise Scribd logo

PCI DSS Simplified: What You Need to Know

Télécharger en tant que PPTX, PDF
AlienVault
AlienVault

Maintaining, verifying, and demonstrating PCI DSS compliance is far from a trivial exercise. Those 12 requirements often translate into a lot of manual and labor-intensive tasks – chasing down discrepancies in asset inventory spreadsheets, removing false positives from network vulnerability assessment reports, and weeding through log data trying to make sense of it all. In fact, you may need to consult at least a dozen different tools for those dozen requirements. Thankfully, there’s a simpler alternative. AlienVault Unified Security Management (USM) consolidates the five essential capabilities you need for PCI DSS compliance. As a nearly complete PCI compliance solution, AlienVault’s USM delivers the security visibility you need in a single pane-of-glass. And it solves more than the single purpose PCI DSS compliance software alternatives do. During this webcast, you will learn how to: Achieve, demonstrate and maintain PCI DSS compliance Consolidate and simplify SIEM, log management, vulnerability assessment, IDS, and file integrity monitoring in a single platform Implement effective incident response with emerging threat intelligence Plus, you'll see how quickly and easily you can simplify and accelerate PCI DSS compliance. Register Now to secure your spot.

Technologie
1  sur  24
PCI DSS SIMPLIFIED: WHAT YOU NEED TO KNOW Sandy Hawke, CISSP VP, Product Marketing @sandybeachSF Tom D’Aquino Technical Lead
AGENDA 2 Common challenges Pre-audit checklist Core capabilities for PCI Automation & consolidation Product Demo Key Takeaways Q & A
SETTING THE STAGE… Pre-audit checklist & more
QUESTIONS TO ASK YOURSELF… SOONER RATHER THAN LATER. Pre-audit checklist: Where do your PCI-relevant assets live, how are they’re configured, and how are they segmented from the rest of your network? Who accesses these resources (and the other W’s… when, where, what can they do, why and how)? What are the vulnerabilities that are in your PCI-defined network – app, etc? What constitutes your network baseline? What is considered “normal/acceptable”? Ask your team… What do we NEVER want to happen in our PCI environment? How do we capture those events when they do happen? 7
FRENEMIES: SECURITY AND COMPLIANCE 88
SO…. WHAT DO I NEED FOR PCI-DSS?
Piece it all together Look for strange activity which could indicate a threat Start looking for threats Identify ways the target could be compromised What do we need for PCI- DSS? Figure out what is valuable 10
Piece it all together Look for strange activity which could indicate a threat Start looking for threats Identify ways the target could be compromised What do we need for PCI- DSS? 11 Asset Discovery Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory
Piece it all together Look for strange activity which could indicate a threat Start looking for threats What do we need for PCI- DSS? 12 Asset Discovery Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment • Network Vulnerability Testing
Piece it all together Look for strange activity which could indicate a threat What do we need for PCI- DSS? 13 Asset Discovery Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment • Network Vulnerability Testing Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Threat Detection
Piece it all together What do we need for PCI- DSS? 14 Asset Discovery Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment • Network Vulnerability Testing Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Threat Detection Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring Behavioral Monitoring
What do we need for PCI- DSS? 15 Asset Discovery Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment • Network Vulnerability Testing Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Threat Detection Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring Behavioral Monitoring Security Intelligence • SIEM Correlation • Incident Response Security Intelligence
16 Asset Discovery Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment • Network Vulnerability Testing Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Threat Detection Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring Behavioral Monitoring Security Intelligence • SIEM Correlation • Incident Response Security Intelligence Unified Security Management BTW… this is just the technologies… process is a whole ‘nother topic.
READING IN BETWEEN THE LINES… D YN A M IC TH R E A T IN TE L L IGE N C E U P D A TE S TH E TH R E A TS C H A N GE , S O S H OU L D YOU R E V E N T C OR R E L A TION R U L E S , IP R E P U TA TI ON D A TA , E TC . FL E X IB L E U S E C A S E S U P P OR T IT’ S I M P OS S I B LE TO P R E D IC T A L L B A D OU TC OM E S S O H A V E A S OL U TI ON TH A T GR OW S W ITH YOU WHAT’S NOT IN THE FINE PRINT BUT SHOULD BE… Dynamic threat intelligence updates THE THREATS CHANGE, SO SHOULD YOUR EVENT CORRELATION RULES, IP REPUTATION DATA, ETC. Flexible use case support IT’S IMPOSSIBLE TO PREDICT ALL BAD OUTCOMES SO HAVE A SOLUTION THAT GROWS WITH YOU 17
LET’S HEAR FROM YOU! ALIENVAULT POLL QUESTION What is your biggest pain point when it comes to PCI compliance? • Uncertainty about what’s on my network • Vulnerability assessment and remediation • Concerns about threat detection • Compliance reporting • None of the above – I’m a PCI Ninja!
WHY ALIENVAULT FOR PCI DSS COMPLIANCE? All-in-one functionality • Easy management • Multiple functions without multiple consoles Automate what and where you can* • “Baked in” guidance when you can’t Flexible reporting & queries… as detailed as you want it. Threat intelligence from AlienVault Labs 19 *Disclaimer: Despite the hype, you can’t automate EVERYTHING nor would you want to. This is cyber security we’re talking about!
ALIENVAULT USM: AUTOMATION & CONSOLIDATION ① Install and Maintain a Firewall Configuration to Protect Data ② No Use of Vendor-Supplied Parameter Defaults ③ Protects Stored Cardholder Data ④ Encrypt Cardholder Data Transmission Across Open Public Networks ⑤ Use and Update Antivirus Software ⑥ Develop and Maintain Secure Systems and Applications ⑦ Restrict Cardholder Data Access to Need to Know ⑧ Assign Unique IDs to Everyone with Computer Access ① Track and Monitor Access to All Network Resources and Cardholder Data ② Regularly Test Security Systems and Processes http://www.alienvault.com/products-solutions/compliance- management/pci-dss-compliance
LET’S SEE IT IN ACTION. AlienVault USM Demo – PCI DSS Compliance Simplified
WHAT’S COMING IN PCI DSS V3*? Increased clarity • Intention and application • Scoping and reporting • Eliminate redundancy, consolidate documentation Stronger focus on “greater risk areas” in the threat environment Consistency among assessors Key Goals *https://www.pcisecuritystandards.org/security_standards/documents.php Key Themes Education and Awareness Increased flexibility Security as a shared responsibility Nov 7 2013 • PCI DSS v3 is published Jan 1 2014 • PCI DSS v3 becomes effective Dec 31 2014 • PCI DSS v2 expires Key Dates
KEY TAKE-AWAYS Use the “force” of compliance to bolster your security monitoring / incident response program. PCI Compliance is more than just reporting. Automate and consolidate as much as possible. And… throw away that cover page for your TPS reports. ….But keep the red stapler. 23
NOW FOR SOME Q&A… Three Ways to Test Drive AlienVault Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Join our LIVE Demo on Thursday! http://www.alienvault.com/marketing/alienvault-usm-live- demo Sales@alienvault.com

Recommandé

Pci dss-for-it-providers
Pci dss-for-it-providersPci dss-for-it-providers
Pci dss-for-it-providersCalyptix Security
 
PCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowPCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowTerra Verde
 
PCI DSS Essential Guide
PCI DSS Essential GuidePCI DSS Essential Guide
PCI DSS Essential GuideKim Jensen
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataInMobi Technology
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overviewsameh Abulfotooh
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
PA-DSS
PA-DSSPA-DSS
PA-DSSChristian Heinrich
 

Recommandé

Pci dss-for-it-providers
Pci dss-for-it-providersPci dss-for-it-providers
Pci dss-for-it-providersCalyptix Security
 
PCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowPCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowTerra Verde
 
PCI DSS Essential Guide
PCI DSS Essential GuidePCI DSS Essential Guide
PCI DSS Essential GuideKim Jensen
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataInMobi Technology
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overviewsameh Abulfotooh
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
PA-DSS
PA-DSSPA-DSS
PA-DSSChristian Heinrich
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualKimberly Simon MBA
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certificationAlexander Polyakov
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSSSaumya Vishnoi
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarAriel Ben-Harosh
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guideMohammad Makchudul Alam (Arif)
 
PCI DSS
PCI DSSPCI DSS
PCI DSSDuy Do Phan
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2Kimberly Simon MBA
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS ComplianceSaumya Vishnoi
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSSKimberly Simon MBA
 
SFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveSFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveMark Akins
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSSKimberly Simon MBA
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI complianceJisc
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsAnton Chuvakin
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...John Baines
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewisc2-hellenic
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSSKimberly Simon MBA
 
PCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionPCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionControlCase
 
Quick & Dirty Dozen: PCI Compliance Simplified
Quick & Dirty Dozen: PCI Compliance SimplifiedQuick & Dirty Dozen: PCI Compliance Simplified
Quick & Dirty Dozen: PCI Compliance SimplifiedAlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 

Contenu connexe

Tendances

PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualKimberly Simon MBA
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certificationAlexander Polyakov
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSSSaumya Vishnoi
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarAriel Ben-Harosh
 
SFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveSFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveMark Akins
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSSKimberly Simon MBA
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI complianceJisc
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONhimalya sharma
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsAnton Chuvakin
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...John Baines
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewisc2-hellenic
 
PCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionPCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionControlCase
 

Tendances (20)

PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certification
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
 
SFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveSFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA Perspective
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton Chuvakin
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSS
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and review
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
 
PCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionPCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed Introduction
 

Similaire à PCI DSS Simplified: What You Need to Know

Quick & Dirty Dozen: PCI Compliance Simplified
Quick & Dirty Dozen: PCI Compliance SimplifiedQuick & Dirty Dozen: PCI Compliance Simplified
Quick & Dirty Dozen: PCI Compliance SimplifiedAlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
How to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMHow to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunk
 
Chamber Technology Committee Presentation
Chamber Technology Committee PresentationChamber Technology Committee Presentation
Chamber Technology Committee PresentationTony DeGonia (LION)
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessJoAnna Cheshire
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
The Truth About Viruses on Power Systems - Powertech
The Truth About Viruses on Power Systems - PowertechThe Truth About Viruses on Power Systems - Powertech
The Truth About Viruses on Power Systems - PowertechHelpSystems
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security IntelligenceSplunk
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 

Similaire à PCI DSS Simplified: What You Need to Know (20)

Quick & Dirty Dozen: PCI Compliance Simplified
Quick & Dirty Dozen: PCI Compliance SimplifiedQuick & Dirty Dozen: PCI Compliance Simplified
Quick & Dirty Dozen: PCI Compliance Simplified
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
 
How to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMHow to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USM
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral Analytics
 
PCI Myths
PCI MythsPCI Myths
PCI Myths
 
Chamber Technology Committee Presentation
Chamber Technology Committee PresentationChamber Technology Committee Presentation
Chamber Technology Committee Presentation
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
The Truth About Viruses on Power Systems - Powertech
The Truth About Viruses on Power Systems - PowertechThe Truth About Viruses on Power Systems - Powertech
The Truth About Viruses on Power Systems - Powertech
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 

Plus de AlienVault

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?AlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICAlienVault
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesAlienVault
 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMAlienVault
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 

Plus de AlienVault (20)

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHIC
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
 

Dernier

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Dernier (20)

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

PCI DSS Simplified: What You Need to Know

  • 1. PCI DSS SIMPLIFIED: WHAT YOU NEED TO KNOW Sandy Hawke, CISSP VP, Product Marketing @sandybeachSF Tom D’Aquino Technical Lead
  • 2. AGENDA 2 Common challenges Pre-audit checklist Core capabilities for PCI Automation & consolidation Product Demo Key Takeaways Q & A
  • 4.
  • 5.
  • 6.
  • 7. QUESTIONS TO ASK YOURSELF… SOONER RATHER THAN LATER. Pre-audit checklist: Where do your PCI-relevant assets live, how are they’re configured, and how are they segmented from the rest of your network? Who accesses these resources (and the other W’s… when, where, what can they do, why and how)? What are the vulnerabilities that are in your PCI-defined network – app, etc? What constitutes your network baseline? What is considered “normal/acceptable”? Ask your team… What do we NEVER want to happen in our PCI environment? How do we capture those events when they do happen? 7
  • 8. FRENEMIES: SECURITY AND COMPLIANCE 88
  • 9. SO…. WHAT DO I NEED FOR PCI-DSS?
  • 10. Piece it all together Look for strange activity which could indicate a threat Start looking for threats Identify ways the target could be compromised What do we need for PCI- DSS? Figure out what is valuable 10
  • 11. Piece it all together Look for strange activity which could indicate a threat Start looking for threats Identify ways the target could be compromised What do we need for PCI- DSS? 11 Asset Discovery Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory
  • 12. Piece it all together Look for strange activity which could indicate a threat Start looking for threats What do we need for PCI- DSS? 12 Asset Discovery Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment • Network Vulnerability Testing
  • 13. Piece it all together Look for strange activity which could indicate a threat What do we need for PCI- DSS? 13 Asset Discovery Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment • Network Vulnerability Testing Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Threat Detection
  • 14. Piece it all together What do we need for PCI- DSS? 14 Asset Discovery Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment • Network Vulnerability Testing Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Threat Detection Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring Behavioral Monitoring
  • 15. What do we need for PCI- DSS? 15 Asset Discovery Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment • Network Vulnerability Testing Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Threat Detection Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring Behavioral Monitoring Security Intelligence • SIEM Correlation • Incident Response Security Intelligence
  • 16. 16 Asset Discovery Asset Discovery • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment • Network Vulnerability Testing Threat Detection • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring Threat Detection Behavioral Monitoring • Log Collection • Netflow Analysis • Service Availability Monitoring Behavioral Monitoring Security Intelligence • SIEM Correlation • Incident Response Security Intelligence Unified Security Management BTW… this is just the technologies… process is a whole ‘nother topic.
  • 17. READING IN BETWEEN THE LINES… D YN A M IC TH R E A T IN TE L L IGE N C E U P D A TE S TH E TH R E A TS C H A N GE , S O S H OU L D YOU R E V E N T C OR R E L A TION R U L E S , IP R E P U TA TI ON D A TA , E TC . FL E X IB L E U S E C A S E S U P P OR T IT’ S I M P OS S I B LE TO P R E D IC T A L L B A D OU TC OM E S S O H A V E A S OL U TI ON TH A T GR OW S W ITH YOU WHAT’S NOT IN THE FINE PRINT BUT SHOULD BE… Dynamic threat intelligence updates THE THREATS CHANGE, SO SHOULD YOUR EVENT CORRELATION RULES, IP REPUTATION DATA, ETC. Flexible use case support IT’S IMPOSSIBLE TO PREDICT ALL BAD OUTCOMES SO HAVE A SOLUTION THAT GROWS WITH YOU 17
  • 18. LET’S HEAR FROM YOU! ALIENVAULT POLL QUESTION What is your biggest pain point when it comes to PCI compliance? • Uncertainty about what’s on my network • Vulnerability assessment and remediation • Concerns about threat detection • Compliance reporting • None of the above – I’m a PCI Ninja!
  • 19. WHY ALIENVAULT FOR PCI DSS COMPLIANCE? All-in-one functionality • Easy management • Multiple functions without multiple consoles Automate what and where you can* • “Baked in” guidance when you can’t Flexible reporting & queries… as detailed as you want it. Threat intelligence from AlienVault Labs 19 *Disclaimer: Despite the hype, you can’t automate EVERYTHING nor would you want to. This is cyber security we’re talking about!
  • 20. ALIENVAULT USM: AUTOMATION & CONSOLIDATION ① Install and Maintain a Firewall Configuration to Protect Data ② No Use of Vendor-Supplied Parameter Defaults ③ Protects Stored Cardholder Data ④ Encrypt Cardholder Data Transmission Across Open Public Networks ⑤ Use and Update Antivirus Software ⑥ Develop and Maintain Secure Systems and Applications ⑦ Restrict Cardholder Data Access to Need to Know ⑧ Assign Unique IDs to Everyone with Computer Access ① Track and Monitor Access to All Network Resources and Cardholder Data ② Regularly Test Security Systems and Processes http://www.alienvault.com/products-solutions/compliance- management/pci-dss-compliance
  • 21. LET’S SEE IT IN ACTION. AlienVault USM Demo – PCI DSS Compliance Simplified
  • 22. WHAT’S COMING IN PCI DSS V3*? Increased clarity • Intention and application • Scoping and reporting • Eliminate redundancy, consolidate documentation Stronger focus on “greater risk areas” in the threat environment Consistency among assessors Key Goals *https://www.pcisecuritystandards.org/security_standards/documents.php Key Themes Education and Awareness Increased flexibility Security as a shared responsibility Nov 7 2013 • PCI DSS v3 is published Jan 1 2014 • PCI DSS v3 becomes effective Dec 31 2014 • PCI DSS v2 expires Key Dates
  • 23. KEY TAKE-AWAYS Use the “force” of compliance to bolster your security monitoring / incident response program. PCI Compliance is more than just reporting. Automate and consolidate as much as possible. And… throw away that cover page for your TPS reports. ….But keep the red stapler. 23
  • 24. NOW FOR SOME Q&A… Three Ways to Test Drive AlienVault Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Join our LIVE Demo on Thursday! http://www.alienvault.com/marketing/alienvault-usm-live- demo Sales@alienvault.com

Notes de l'éditeur

  1. We all know… Security doesn’t equal compliance and compliance doesn’t equal security…But… you can usecompliance to getyour security projects funded.Use the “force” of compliance to improve your security.Remember… compliance is about more than reporting!
  2. Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  3. Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  4. Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  5. Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  6. Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  7. Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  8. Before we go into the nitty gritty of the requirements (and let’s face it, that’s the really boring stuff), at a high –level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the “interesting” stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability – if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity – especially those with superpowersSecurity IntelligenceEvent Correlation (here’s where “Big Data” comes in, but yawn who cares, that’s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  9. The updated versions of PCI DSS and PA-DSS will: Provide stronger focus on some of the greater risk areas in the threat environment Provide increased clarity on PCI DSS & PA-DSS requirements Build greater understanding on the intent of the requirements and how to apply them Improve flexibility for all entities implementing, assessing, and building to the Standards  Drive more consistency among assessors Help manage evolving risks / threats Align with changes in industry best practices Clarify scoping and reporting Eliminate redundant sub-requirements and consolidate documentation While not stated in the August document, it’s anticipated that the new standard will address issues of what falls within the scope of the standard, as well as network segmentation, and defense fortification to ward off specific threats that have been identified since the 2010 release. In addition, the new requirements are likely to address card data handling in mobile, cloud and e-commerce environments in the wake of previous guidance issued by the council.
  10. Use the “force” of compliance to bolster your security monitoring / incident response program.PCI Compliance is more than just reporting – it’s about basic security hygiene – don’t focus JUST on reporting, although that is importantAutomate and consolidate as much as possible – reduces cost, complexity, and accelerates remediation.If mgmt wants to do this w/home grown or manual processes or tools (can’t get budget for more software), try open source, specifically OSSIM.