1 / 17

PCI DSS Managed Service Solution October 18, 2011

PCI DSS Managed Service Solution October 18, 2011. Who is Vendor Safe?. Founded in 1989 in Houston, Texas: 20 Plus Years of Security Experience Internet Security Network Security Data Security Transformation in 2007: Managed Firewall Architecture

teo
Download Presentation

PCI DSS Managed Service Solution October 18, 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PCI DSS Managed Service SolutionOctober 18, 2011

  2. Who is Vendor Safe? Founded in 1989 in Houston, Texas: 20 Plus Years of Security Experience Internet Security Network Security Data Security Transformation in 2007: Managed Firewall Architecture Provide Security First – PCI Compliance Will Follow PCI DSS Security Experts 2

  3. Why Care about PCI Compliance The Problem: “Many Franchise owners and IT Managers underestimate the high risk of credit card fraud and the consequences that follow.” 3

  4. PCI - Terms • PA - DSS ( Payment Application) • PCI- DSS ( Data Security) • SAQ -( Self Assessment Questionnaire) • Scans - External, Internal, Wireless • ASV - Authorized Scanning Vendor • QSA – Qualified Security Assessor • Compliance vs. Validation

  5. I Signed What? Merchants have already agreedtobe PCI Compliant ! 5

  6. It Won’t Happen to Me! Hackers Shift Attacks to Small Firms Hacking at small businesses "is a prolific problem," says Dean Kinsman, a special agent in the Federal Bureau of Investigation's cyber division, which has more than 400 active investigations into these crimes. "It's going to get much worse before it gets better." Joe Angelastri, owner of City News stand in the Chicago area, is out $22,000 because cyber hackers attacked his stores' payment system. Article – Wall Street Journal 7-21-2011 6

  7. Breach - Ugly Facts • Forensic Audit 6k - 10K (per location) • Audit sent to Card Brands and Merchant Bank • Scope of Breach Determined • Fees / Fines Assessed (+ 10k cards) • Remediation - Required for Lack of Security – or Additional Fines (5k) • Customer Loss and Brand Damage

  8. PCI Solution Overview PCI is More Than POS 8

  9. PCI Solution Overview 12-286

  10. VST Value Proposition • Heavy Lifting Components of PCI - DSS • High End Firewall, Secure Network Segments required (In Scope) Devices for PCI DSS • Provides Secure Remote Access, Policy Based • 2 Factor Authentication, SMS or Email • Logging and Storage – Firewall, Remote Access • Managed Service, Updates, and 24x7 Monitoring • System Logs and File Integrity Monitoring (LAN Scribe) • Internal Scan • Wireless Detection Scan

  11. Platinum Package Global Security Mesh™ $100,000 TrustVault™ Certificate Managed Juniper Firewall with VPN Implementation, Set-up, and Configuration Gateway Session Logging Logs Stored Online for 1 Year Secure Remote Access with Two Factor Authentication SMS / Email OTP Validation Forced Configuration Manager™ Ensures Secure Communications Enforces Antivirus policies

  12. Platinum Package Cont’d Global Security Mesh™ Network Segmentation to meet PCI Standards IPS / IDS Web Filtering / Content Management 24 x 7 x 365 Event Logging, Monitoring, and Support Centralized Firewall Configuration Management Firewall Security Policy Template Updates Ongoing Firewall Change Control and Policy Updates Includes Technological Changes to PCI-DSS Standard Next Business Day Hardware Replacement

  13. Platinum Package Package Geared towards SAQ D Attestation Level Merchants Automated security policies that reflect the more complicated requirements of the environment LANScribe™ - Workstation Logging and File Integrity Monitoring (Up to 6 Workstations)

  14. Beyond PCI™ Security Beyond PCI Security Services • Rogue Device Manager™ • Identifies unknown devices plugged into network • “Block” Mechanism Built into System • IP Data Blocker™ • Centrally managed system to prevent unauthorized data transmission to unknown IP addresses for an organization

  15. TrustVault™ Certificate The Vendor Safe Guarantee: • Covers up to $100,000 in Direct Expenses Relating to a Data Breach including: • Mandatory Security Audit • Card Replacement Fees • Fines and Penalties, ex. VISA • Covers Electronic Data Breach at Every Franchisee Location 15

  16. PCI Solution Validation Web Portal Services: Self Assessment Questionnaire SAQuick™ Questionnaire On-Line Access to Compliance Status Quarterly Vulnerability Scanning Schedule scans automatically Print out vulnerability reports ASV on record 403-Labs Report Generator Real-time Report Generator Print SAQ and Scan reports PCI Compliance Reporting Services 16

  17. Questions David Bones dbones@vedorsafe.com 210-412-4756 17

More Related