SlideShare a Scribd company logo

Quick & Dirty Dozen: PCI Compliance Simplified

ā€¢
ā€¢
AlienVault
AlienVault

Maintaining, verifying, and demonstrating compliance with the PCI-DSS standard is far from a trivial exercise. Find out how AlienVault USM can help you meet PCI compliance requirements.

Technology
1 of 20
Sandy Hawke, CISSP VP, Product Marketing @sandybeachSF QUICK AND DIRTY DOZEN: PCI COMPLIANCE SIMPLIFIED
AGENDA 2 Pre-audit checklist Core capabilities for PCI Automation & consolidation Product Demo Key Take-aways Q & A
Setting the stageā€¦ Pre-audit checklist & more 3
QUESTIONS TO ASK YOURSELFā€¦ SOONER RATHER THAN LATER. Pre-audit checklist: Where do your PCI-relevant assets live, how are theyā€™re configured, and how are they segmented from the rest of your network? Who accesses these resources (and the other Wā€™sā€¦ when, where, what can they do, why and how)? What are the vulnerabilities that are in your PCI-defined network ā€“ app, etc? What constitutes your network baseline? What is considered ā€œnormal/acceptableā€? Ask your teamā€¦ What do we NEVER want to happen in our PCI environment? How do we capture those events when they do happen? 4
FRENEMIES: SECURITY AND COMPLIANCE 55
Soā€¦ what DO I need for PCI-DSS? 6
Piece it all together Look for strange activity which could indicate a threat Start looking for threats Identify ways the target could be compromised What do we need for PCI- DSS? Figure out what is valuable 7
Piece it all together Look for strange activity which could indicate a threat Start looking for threats Identify ways the target could be compromised What do we need for PCI- DSS? 8 Asset Discovery Asset Discovery ā€¢ Active Network Scanning ā€¢ Passive Network Scanning ā€¢ Asset Inventory ā€¢ Host-based Software Inventory
Piece it all together Look for strange activity which could indicate a threat Start looking for threats What do we need for PCI- DSS? 9 Asset Discovery Asset Discovery ā€¢ Active Network Scanning ā€¢ Passive Network Scanning ā€¢ Asset Inventory ā€¢ Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment ā€¢ Network Vulnerability Testing
Piece it all together Look for strange activity which could indicate a threat What do we need for PCI- DSS? 10 Asset Discovery Asset Discovery ā€¢ Active Network Scanning ā€¢ Passive Network Scanning ā€¢ Asset Inventory ā€¢ Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment ā€¢ Network Vulnerability Testing Threat Detection ā€¢ Network IDS ā€¢ Host IDS ā€¢ Wireless IDS ā€¢ File Integrity Monitoring Threat Detection
Piece it all together What do we need for PCI- DSS? 11 Asset Discovery Asset Discovery ā€¢ Active Network Scanning ā€¢ Passive Network Scanning ā€¢ Asset Inventory ā€¢ Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment ā€¢ Network Vulnerability Testing Threat Detection ā€¢ Network IDS ā€¢ Host IDS ā€¢ Wireless IDS ā€¢ File Integrity Monitoring Threat Detection Behavioral Monitoring ā€¢ Log Collection ā€¢ Netflow Analysis ā€¢ Service Availability Monitoring Behavioral Monitoring
What do we need for PCI- DSS? 12 Asset Discovery Asset Discovery ā€¢ Active Network Scanning ā€¢ Passive Network Scanning ā€¢ Asset Inventory ā€¢ Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment ā€¢ Network Vulnerability Testing Threat Detection ā€¢ Network IDS ā€¢ Host IDS ā€¢ Wireless IDS ā€¢ File Integrity Monitoring Threat Detection Behavioral Monitoring ā€¢ Log Collection ā€¢ Netflow Analysis ā€¢ Service Availability Monitoring Behavioral Monitoring Security Intelligence ā€¢ SIEM Correlation ā€¢ Incident Response Security Intelligence
13 Asset Discovery Asset Discovery ā€¢ Active Network Scanning ā€¢ Passive Network Scanning ā€¢ Asset Inventory ā€¢ Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment ā€¢ Network Vulnerability Testing Threat Detection ā€¢ Network IDS ā€¢ Host IDS ā€¢ Wireless IDS ā€¢ File Integrity Monitoring Threat Detection Behavioral Monitoring ā€¢ Log Collection ā€¢ Netflow Analysis ā€¢ Service Availability Monitoring Behavioral Monitoring Security Intelligence ā€¢ SIEM Correlation ā€¢ Incident Response Security Intelligence Unified Security Management BTWā€¦ this is just the technologiesā€¦ process is a whole ā€˜nother topic.
READING IN BETWEEN THE LINESā€¦ D YN A M IC TH R E A T IN TE L L IGE N C E U P D A TE S TH E TH R E A TS C H A N GE , S O S H OU L D YOU R E V E N T C OR R E L A TION R U L E S , IP R E P U TA TI ON D A TA , E TC . FL E X IB L E U S E C A S E S U P P OR T ITā€™ S I M P OS S I B LE TO P R E D IC T A L L B A D OU TC OM E S S O H A V E A S OL U TI ON TH A T GR OW S W ITH YOU WHATā€™S NOT IN THE FINE PRINT BUT SHOULD BEā€¦ Dynamic threat intelligence updates THE THREATS CHANGE, SO SHOULD YOUR EVENT CORRELATION RULES, IP REPUTATION DATA, ETC. Flexible use case support ITā€™S IMPOSSIBLE TO PREDICT ALL BAD OUTCOMES SO HAVE A SOLUTION THAT GROWS WITH YOU 14
QUICK & DIRTY CLEAN = AUTOMATED & CONSOLIDATED All-in-one functionality Easy management Multiple functions without multiple consoles Automate what and where you can* ā€œBaked inā€ guidance when you canā€™t Flexible reporting & queriesā€¦ as detailed as you want it. 15 *Disclaimer: Despite the hype, you canā€™t automate EVERYTHING nor would you want to. This is cyber security weā€™re talking about, not pizza delivery.
LETā€™S HEAR FROM YOU! ALIENVAULT POLL QUESTION What is your biggest pain point when it comes to PCI compliance? ā€¢ Uncertainty about whatā€™s on my network ā€¢ Vulnerability assessment and remediation ā€¢ Concerns about threat detection ā€¢ Compliance reporting ā€¢ None of the above ā€“ Iā€™m a PCI Ninja!
Letā€™s see it in action. AlienVault USM Demo ā€“ Simplified PCI DSS Compliance 17
WHATā€™S COMING IN PCI DSS V3*? Increased clarity Intention and application Scoping and reporting Eliminate redundancy, consolidate documentation Stronger focus on ā€œgreater risk areasā€ in the threat environment Consistency among assessors Key Goals *https://www.pcisecuritystandards.org/security_standards/documents.php Key Themes Education and Awareness Increased flexibility Security as a shared responsibility Nov 7 2013 ā€¢ PCI DSS v3 is published Jan 1 2014 ā€¢ PCI DSS v3 becomes effective Dec 31 2014 ā€¢ PCI DSS v2 expires Key Dates
KEY TAKE-AWAYS Use the ā€œforceā€ of compliance to bolster your security monitoring / incident response program. PCI Compliance is more than just reporting. Automate and consolidate as much as possible. Andā€¦ throw away that cover page for your TPS reports. ā€¦.But keep the red stapler. 19
NOW FOR SOME Q&Aā€¦ Three Ways to Test Drive AlienVault Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo http://www.alienvault.com/live-demo-site Request a Personalized Demo http://www.alienvault.com/schedule-demo Sales@alienvault.com

Recommended

Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
Ā 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
Ā 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...centralohioissa
Ā 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware ā€“ Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware ā€“ Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware ā€“ Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware ā€“ Identi...centralohioissa
Ā 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
Ā 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
Ā 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune Systemcentralohioissa
Ā 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
Ā 

Recommended

Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
Ā 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
Ā 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...centralohioissa
Ā 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware ā€“ Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware ā€“ Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware ā€“ Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware ā€“ Identi...centralohioissa
Ā 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
Ā 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
Ā 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune Systemcentralohioissa
Ā 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
Ā 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
Ā 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter Rahul Neel Mani
Ā 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
Ā 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero TrustIvan Dwyer
Ā 
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response TeamBGA Cyber Security
Ā 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero TrustIvan Dwyer
Ā 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
Ā 
Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachRahul Neel Mani
Ā 
BeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence GapBeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence GapIvan Dwyer
Ā 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
Ā 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
Ā 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things Wolfgang Kandek
Ā 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
Ā 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesAtif Ghauri
Ā 
BeyondCorp Myths: Busted
BeyondCorp Myths: BustedBeyondCorp Myths: Busted
BeyondCorp Myths: BustedIvan Dwyer
Ā 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...North Texas Chapter of the ISSA
Ā 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
Ā 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
Ā 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
Ā 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
Ā 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowAlienVault
Ā 
PCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityPCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityAnton Chuvakin
Ā 

More Related Content

What's hot

Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
Ā 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
Ā 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero TrustIvan Dwyer
Ā 
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response TeamBGA Cyber Security
Ā 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero TrustIvan Dwyer
Ā 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
Ā 
Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachRahul Neel Mani
Ā 
BeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence GapBeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence GapIvan Dwyer
Ā 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
Ā 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
Ā 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things Wolfgang Kandek
Ā 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
Ā 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesAtif Ghauri
Ā 
BeyondCorp Myths: Busted
BeyondCorp Myths: BustedBeyondCorp Myths: Busted
BeyondCorp Myths: BustedIvan Dwyer
Ā 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...North Texas Chapter of the ISSA
Ā 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
Ā 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
Ā 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
Ā 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
Ā 

What's hot (20)

Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
Ā 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
Ā 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
Ā 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero Trust
Ā 
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
Ā 
BeyondCorp and Zero Trust
BeyondCorp and Zero TrustBeyondCorp and Zero Trust
BeyondCorp and Zero Trust
Ā 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
Ā 
Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a Breach
Ā 
BeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence GapBeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence Gap
Ā 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Ā 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
Ā 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things
Ā 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense
Ā 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for Dummies
Ā 
BeyondCorp Myths: Busted
BeyondCorp Myths: BustedBeyondCorp Myths: Busted
BeyondCorp Myths: Busted
Ā 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
Ā 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
Ā 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Ā 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
Ā 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Ā 

Similar to Quick & Dirty Dozen: PCI Compliance Simplified

PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowAlienVault
Ā 
PCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityPCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityAnton Chuvakin
Ā 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
Ā 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
Ā 
How to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMHow to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMAlienVault
Ā 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
Ā 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are ComingErnest Staats
Ā 
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinPCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinAnton Chuvakin
Ā 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentDamon Small
Ā 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
Ā 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big DataRaffael Marty
Ā 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
Ā 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
Ā 
What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?PECB
Ā 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
Ā 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - IdealwareIdealware
Ā 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
Ā 
PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton Chuvakin
PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton ChuvakinPCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton Chuvakin
PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton ChuvakinAnton Chuvakin
Ā 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunk
Ā 

Similar to Quick & Dirty Dozen: PCI Compliance Simplified (20)

PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
Ā 
PCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityPCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and Reality
Ā 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Ā 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Ā 
How to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMHow to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USM
Ā 
PCI Myths
PCI MythsPCI Myths
PCI Myths
Ā 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
Ā 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
Ā 
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinPCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
Ā 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Ā 
Security For Free
Security For FreeSecurity For Free
Security For Free
Ā 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
Ā 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
Ā 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
Ā 
What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?
Ā 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
Ā 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - Idealware
Ā 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
Ā 
PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton Chuvakin
PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton ChuvakinPCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton Chuvakin
PCI DSS Myths 2010: Why Are They STILL Alive by Dr. Anton Chuvakin
Ā 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral Analytics
Ā 

More from AlienVault

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
Ā 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?AlienVault
Ā 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
Ā 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
Ā 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
Ā 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
Ā 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
Ā 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
Ā 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
Ā 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
Ā 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
Ā 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICAlienVault
Ā 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
Ā 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
Ā 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesAlienVault
Ā 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
Ā 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
Ā 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
Ā 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
Ā 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMAlienVault
Ā 

More from AlienVault (20)

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Ā 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?
Ā 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
Ā 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
Ā 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
Ā 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
Ā 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
Ā 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
Ā 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
Ā 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
Ā 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
Ā 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHIC
Ā 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
Ā 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
Ā 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
Ā 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
Ā 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
Ā 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
Ā 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
Ā 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
Ā 

Recently uploaded

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
Ā 
šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜RTylerCroy
Ā 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
Ā 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
Ā 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĆŗjo
Ā 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
Ā 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
Ā 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
Ā 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
Ā 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
Ā 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
Ā 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
Ā 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
Ā 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
Ā 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
Ā 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
Ā 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
Ā 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
Ā 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
Ā 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
Ā 

Recently uploaded (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Ā 
šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜
Ā 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Ā 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
Ā 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Ā 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Ā 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Ā 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Ā 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Ā 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Ā 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
Ā 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Ā 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Ā 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Ā 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Ā 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Ā 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Ā 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Ā 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
Ā 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Ā 

Quick & Dirty Dozen: PCI Compliance Simplified

  • 1. Sandy Hawke, CISSP VP, Product Marketing @sandybeachSF QUICK AND DIRTY DOZEN: PCI COMPLIANCE SIMPLIFIED
  • 2. AGENDA 2 Pre-audit checklist Core capabilities for PCI Automation & consolidation Product Demo Key Take-aways Q & A
  • 4. QUESTIONS TO ASK YOURSELFā€¦ SOONER RATHER THAN LATER. Pre-audit checklist: Where do your PCI-relevant assets live, how are theyā€™re configured, and how are they segmented from the rest of your network? Who accesses these resources (and the other Wā€™sā€¦ when, where, what can they do, why and how)? What are the vulnerabilities that are in your PCI-defined network ā€“ app, etc? What constitutes your network baseline? What is considered ā€œnormal/acceptableā€? Ask your teamā€¦ What do we NEVER want to happen in our PCI environment? How do we capture those events when they do happen? 4
  • 5. FRENEMIES: SECURITY AND COMPLIANCE 55
  • 6. Soā€¦ what DO I need for PCI-DSS? 6
  • 7. Piece it all together Look for strange activity which could indicate a threat Start looking for threats Identify ways the target could be compromised What do we need for PCI- DSS? Figure out what is valuable 7
  • 8. Piece it all together Look for strange activity which could indicate a threat Start looking for threats Identify ways the target could be compromised What do we need for PCI- DSS? 8 Asset Discovery Asset Discovery ā€¢ Active Network Scanning ā€¢ Passive Network Scanning ā€¢ Asset Inventory ā€¢ Host-based Software Inventory
  • 9. Piece it all together Look for strange activity which could indicate a threat Start looking for threats What do we need for PCI- DSS? 9 Asset Discovery Asset Discovery ā€¢ Active Network Scanning ā€¢ Passive Network Scanning ā€¢ Asset Inventory ā€¢ Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment ā€¢ Network Vulnerability Testing
  • 10. Piece it all together Look for strange activity which could indicate a threat What do we need for PCI- DSS? 10 Asset Discovery Asset Discovery ā€¢ Active Network Scanning ā€¢ Passive Network Scanning ā€¢ Asset Inventory ā€¢ Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment ā€¢ Network Vulnerability Testing Threat Detection ā€¢ Network IDS ā€¢ Host IDS ā€¢ Wireless IDS ā€¢ File Integrity Monitoring Threat Detection
  • 11. Piece it all together What do we need for PCI- DSS? 11 Asset Discovery Asset Discovery ā€¢ Active Network Scanning ā€¢ Passive Network Scanning ā€¢ Asset Inventory ā€¢ Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment ā€¢ Network Vulnerability Testing Threat Detection ā€¢ Network IDS ā€¢ Host IDS ā€¢ Wireless IDS ā€¢ File Integrity Monitoring Threat Detection Behavioral Monitoring ā€¢ Log Collection ā€¢ Netflow Analysis ā€¢ Service Availability Monitoring Behavioral Monitoring
  • 12. What do we need for PCI- DSS? 12 Asset Discovery Asset Discovery ā€¢ Active Network Scanning ā€¢ Passive Network Scanning ā€¢ Asset Inventory ā€¢ Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment ā€¢ Network Vulnerability Testing Threat Detection ā€¢ Network IDS ā€¢ Host IDS ā€¢ Wireless IDS ā€¢ File Integrity Monitoring Threat Detection Behavioral Monitoring ā€¢ Log Collection ā€¢ Netflow Analysis ā€¢ Service Availability Monitoring Behavioral Monitoring Security Intelligence ā€¢ SIEM Correlation ā€¢ Incident Response Security Intelligence
  • 13. 13 Asset Discovery Asset Discovery ā€¢ Active Network Scanning ā€¢ Passive Network Scanning ā€¢ Asset Inventory ā€¢ Host-based Software Inventory Vulnerability Assessment Vulnerability Assessment ā€¢ Network Vulnerability Testing Threat Detection ā€¢ Network IDS ā€¢ Host IDS ā€¢ Wireless IDS ā€¢ File Integrity Monitoring Threat Detection Behavioral Monitoring ā€¢ Log Collection ā€¢ Netflow Analysis ā€¢ Service Availability Monitoring Behavioral Monitoring Security Intelligence ā€¢ SIEM Correlation ā€¢ Incident Response Security Intelligence Unified Security Management BTWā€¦ this is just the technologiesā€¦ process is a whole ā€˜nother topic.
  • 14. READING IN BETWEEN THE LINESā€¦ D YN A M IC TH R E A T IN TE L L IGE N C E U P D A TE S TH E TH R E A TS C H A N GE , S O S H OU L D YOU R E V E N T C OR R E L A TION R U L E S , IP R E P U TA TI ON D A TA , E TC . FL E X IB L E U S E C A S E S U P P OR T ITā€™ S I M P OS S I B LE TO P R E D IC T A L L B A D OU TC OM E S S O H A V E A S OL U TI ON TH A T GR OW S W ITH YOU WHATā€™S NOT IN THE FINE PRINT BUT SHOULD BEā€¦ Dynamic threat intelligence updates THE THREATS CHANGE, SO SHOULD YOUR EVENT CORRELATION RULES, IP REPUTATION DATA, ETC. Flexible use case support ITā€™S IMPOSSIBLE TO PREDICT ALL BAD OUTCOMES SO HAVE A SOLUTION THAT GROWS WITH YOU 14
  • 15. QUICK & DIRTY CLEAN = AUTOMATED & CONSOLIDATED All-in-one functionality Easy management Multiple functions without multiple consoles Automate what and where you can* ā€œBaked inā€ guidance when you canā€™t Flexible reporting & queriesā€¦ as detailed as you want it. 15 *Disclaimer: Despite the hype, you canā€™t automate EVERYTHING nor would you want to. This is cyber security weā€™re talking about, not pizza delivery.
  • 16. LETā€™S HEAR FROM YOU! ALIENVAULT POLL QUESTION What is your biggest pain point when it comes to PCI compliance? ā€¢ Uncertainty about whatā€™s on my network ā€¢ Vulnerability assessment and remediation ā€¢ Concerns about threat detection ā€¢ Compliance reporting ā€¢ None of the above ā€“ Iā€™m a PCI Ninja!
  • 17. Letā€™s see it in action. AlienVault USM Demo ā€“ Simplified PCI DSS Compliance 17
  • 18. WHATā€™S COMING IN PCI DSS V3*? Increased clarity Intention and application Scoping and reporting Eliminate redundancy, consolidate documentation Stronger focus on ā€œgreater risk areasā€ in the threat environment Consistency among assessors Key Goals *https://www.pcisecuritystandards.org/security_standards/documents.php Key Themes Education and Awareness Increased flexibility Security as a shared responsibility Nov 7 2013 ā€¢ PCI DSS v3 is published Jan 1 2014 ā€¢ PCI DSS v3 becomes effective Dec 31 2014 ā€¢ PCI DSS v2 expires Key Dates
  • 19. KEY TAKE-AWAYS Use the ā€œforceā€ of compliance to bolster your security monitoring / incident response program. PCI Compliance is more than just reporting. Automate and consolidate as much as possible. Andā€¦ throw away that cover page for your TPS reports. ā€¦.But keep the red stapler. 19
  • 20. NOW FOR SOME Q&Aā€¦ Three Ways to Test Drive AlienVault Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo http://www.alienvault.com/live-demo-site Request a Personalized Demo http://www.alienvault.com/schedule-demo Sales@alienvault.com

Editor's Notes

  1. We all knowā€¦ Security doesnā€™t equal compliance and compliance doesnā€™t equal securityā€¦Butā€¦ you can usecompliance to getyour security projects funded.Use the ā€œforceā€ of compliance to improve your security.Rememberā€¦ compliance is about more than reporting!
  2. Before we go into the nitty gritty of the requirements (and letā€™s face it, thatā€™s the really boring stuff), at a high ā€“level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the ā€œinterestingā€ stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability ā€“ if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity ā€“ especially those with superpowersSecurity IntelligenceEvent Correlation (hereā€™s where ā€œBig Dataā€ comes in, but yawn who cares, thatā€™s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  3. Before we go into the nitty gritty of the requirements (and letā€™s face it, thatā€™s the really boring stuff), at a high ā€“level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the ā€œinterestingā€ stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability ā€“ if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity ā€“ especially those with superpowersSecurity IntelligenceEvent Correlation (hereā€™s where ā€œBig Dataā€ comes in, but yawn who cares, thatā€™s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  4. Before we go into the nitty gritty of the requirements (and letā€™s face it, thatā€™s the really boring stuff), at a high ā€“level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the ā€œinterestingā€ stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability ā€“ if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity ā€“ especially those with superpowersSecurity IntelligenceEvent Correlation (hereā€™s where ā€œBig Dataā€ comes in, but yawn who cares, thatā€™s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  5. Before we go into the nitty gritty of the requirements (and letā€™s face it, thatā€™s the really boring stuff), at a high ā€“level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the ā€œinterestingā€ stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability ā€“ if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity ā€“ especially those with superpowersSecurity IntelligenceEvent Correlation (hereā€™s where ā€œBig Dataā€ comes in, but yawn who cares, thatā€™s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  6. Before we go into the nitty gritty of the requirements (and letā€™s face it, thatā€™s the really boring stuff), at a high ā€“level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the ā€œinterestingā€ stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability ā€“ if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity ā€“ especially those with superpowersSecurity IntelligenceEvent Correlation (hereā€™s where ā€œBig Dataā€ comes in, but yawn who cares, thatā€™s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  7. Before we go into the nitty gritty of the requirements (and letā€™s face it, thatā€™s the really boring stuff), at a high ā€“level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the ā€œinterestingā€ stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability ā€“ if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity ā€“ especially those with superpowersSecurity IntelligenceEvent Correlation (hereā€™s where ā€œBig Dataā€ comes in, but yawn who cares, thatā€™s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  8. Before we go into the nitty gritty of the requirements (and letā€™s face it, thatā€™s the really boring stuff), at a high ā€“level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the ā€œinterestingā€ stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability ā€“ if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity ā€“ especially those with superpowersSecurity IntelligenceEvent Correlation (hereā€™s where ā€œBig Dataā€ comes in, but yawn who cares, thatā€™s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  9. Before we go into the nitty gritty of the requirements (and letā€™s face it, thatā€™s the really boring stuff), at a high ā€“level what are the core functionalities I need to pass my audit and stay in compliance?Asset visibility (broad and deep)Vulnerability assessment (network, apps, etc)Threat detectionFile integrity monitoringHost-based IDS (on the ā€œinterestingā€ stuff)Network-based IDSWireless IDSBehavioral MonitoringService availability ā€“ if credit card processing breaks, you have bigger problemsNetwork anomaliesPolicy violationsUser activity ā€“ especially those with superpowersSecurity IntelligenceEvent Correlation (hereā€™s where ā€œBig Dataā€ comes in, but yawn who cares, thatā€™s just a processing challenge)Incident ResponseCompliance ReportingExecutive DashboardsEasy management (RBAC, output types, filters, etc.)
  10. Create ā€œPCI in scopeā€ host group ā€“ define the report so itā€™s focused on that group
  11. The updated versions of PCI DSS and PA-DSS will:ļ‚§ Provide stronger focus on some of the greater risk areas in the threat environmentļ‚§ Provide increased clarity on PCI DSS & PA-DSS requirementsļ‚§ Build greater understanding on the intent of the requirements and how to apply themļ‚§ Improve flexibility for all entities implementing, assessing, and building to the Standards ļ‚§ Drive more consistency among assessorsļ‚§ Help manage evolving risks / threatsļ‚§ Align with changes in industry best practicesļ‚§ Clarify scoping and reportingļ‚§ Eliminate redundant sub-requirements and consolidate documentation While not stated in the August document, itā€™s anticipated that the new standard will address issues of what falls within the scope of the standard, as well as network segmentation, and defense fortification to ward off specific threats that have been identified since the 2010 release. In addition, the new requirements are likely to address card data handling in mobile, cloud and e-commerce environments in the wake of previous guidance issued by the council.
  12. Use the ā€œforceā€ of compliance to bolster your security monitoring / incident response program.PCI Compliance is more than just reporting ā€“ itā€™s about basic security hygiene ā€“ donā€™t focus JUST on reporting, although that is importantAutomate and consolidate as much as possible ā€“ reduces cost, complexity, and accelerates remediation.If mgmt wants to do this w/home grown or manual processes or tools (canā€™t get budget for more software), try open source, specifically OSSIM.