Cyber Security & PCI DSS Compliance

Maintain continuous PCI DSS Compliance

 

Organizations that process, store or transmit credit card data face tremendous pressure to comply with the comprehensive set of requirements outlined in the Payment Card Industry Data Security Standard (PCI DSS). Business fines up to $500,00, expensive litigation costs, damage to brand and loss of consumer confidence are just a few of the consequences of non-compliance. Because the PCI DSS mandates that security operations adequately protect customer information, organizations must embrace new policies and implement changes to network configurations while also ensuring that there is technology in place to protect cardholder data.

 

SALIX’s Threat Manager, Log Manager, and Web Security Manager with ActiveAlert provide an organization with the easiest and most affordable means to secure their networks and comply with the PCI DSS. As the security industry’s only cloud-powered vulnerabiltiy assessment, intrusion detection, log management and web application security solutions, SALIX’s services help organizations eliminate the burden of PCI compliance in ways traditional security solutions cannot.

 

SALIX continues to maintain its PCI Security Standards Council Approved Scanning Vendor (ASV) and Level-2 SAQ Attestation of Compliance status. Threat Manager also supports the latest PCI DSS 2.0 requirements and has been enhanced to include advanced risk reporting capabilities, including CVSS risk scoring and “audit-ready” reports and dashboards for PCI QSAs.

Detailed vulnerability assessment and remediation guidance

 

To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during quarterly PCI scans. Threat Manager streamlines this process by providing simple, actionable reports that detail vulnerabilities and recommendations. The Web interface provides easy-to-use dashboards and drill-down capabilities to quickly investigate any discrepancies. There is also a Dispute Wizard that helps document compensating controls that are in place to remediate specific vulnerabilties. PCI scans include the following reports:

 

  • Executive Summary: Overview of scan results and a statement of compliance or non-compliance.
  • Vulnerabilty Details: Provides a detailed description, list of impacted hosts, risk level and remediation tips for each vulnerability found.
  • Attestation of Scan Compliance: Overall summary of network posture, complaince status and assertion that the scan complies with PCI requirements.

PCI DSS SOLUTIONS MAPPING:

salixwebsite37

PRODUCTS & SERVICES:

 

salixwebsite38

Detailed Vulnerability Reports

 

Detailed vulnerability and host reports are produced to provide detailed descriptions, lists of impacted hosts, risk levels and remediation tips.

Expert Security Services With Log Review

 

Log Review, a service enhancement to Log Manager, virtually eliminates the need for processes and personnel to satisfy the daily log review requirements of the PCI DSS. Each day, our 24×7 security analysts use Log Manager to analyze event log data, track and escalate incidents, send notifications, and assess the health of your log collection. The Log Review service is designed to meet the following PCI DSS requirements:

  • Daily log review as specified in requirement 10.6 of PCI DSS
  • Analyzes event log data for potential security incidents such as account lockouts, failed logins, new user accounts and improper access attempts
  • Identifies incidents that warrant investigation and sends notifications for review
  • Creates an incident audit trail for auditors and regulators
  • Monitors log collection activities and alerts you when logs are not being collected
  • Provides daily reports mapped to the PCI standard

Web Application Security

 

SALIX’s Web Security Manager is a managed Web application firewall which meets requirement 6.6 of the PCI DSS. As a virtual patching solution to protect applications from unknown vulnerabilities, it also helps meet requirement 6.5.