Symtrex’s suite of security products and services can assist organizations to meet PCI DSS compliance requirements, as well as ensure that best security practices are adhered to within their organization. As most are aware PCI DSS contains twelve security requirements, which can be reviewed in more detail at the PCI Security Standards Council Web site.
One of first things to mention is that there is no ‘silver bullet’ product that an organization can install, configure and then be able to say I am compliant. Any security product that an organization purchases does need to be properly installed, configured, monitored and adjusted over time to ensure that it continually meets and potentially exceeds the requirements. Second before making any purchase, an organization should assess their environment and requirements. By understanding and documenting your environment, including identifying the devices within the PCI scope, identifying IT resources, etc, this will ensure proper planning and may ultimately save you time and money, as well as achieve compliance.
Our suite of products and services are geared for any size organization that has to comply with PCI DSS or any other compliance requirement/ security best practices. The products can be used individually with other security products that are already in hand as well.
The very first thing is you cannot protect what you do not know that you have – while some have a listing of their assets on a piece of paper, this still relies on someone to physically walk around and document, or you can choose to use a technology that can assist – Solar Windows Network Topology Mapper, which can map you network automatically in minutes, or Hexis NetBeat NAC, which can auto detect all assets (including mobile).
Then of course at the very heart of any compliance requirement is a firewall, with the Sophos UTM, an organization can choose their level or protection from a simple firewall with Intrusion Prevention to a full featured unified threat management system, complete with web security, mail security, as well as web server protection and wireless, as well as protection from APTs.
Along with a firewall , an organization should consider the purchase of some form of End Point Security (Sophos or Kaspersky), that will protect the users mobile devices/laptops. Endpoint protection provides for virus detection and removal, as well as data protection, enabling the organization to ensure that data stays in the organization and not transmitted via USB or email to inappropriate parties.
In addition, to add an extra layer of security, we have the Hexus NetBeat NAC, which enables organizations to determine who is on their network, automatically directing any untrusted asset to a guest area only. It provides for a snapshot of network assets, patch level, as well as deny any unknown traffic from your confidential information. With the NetBeat NAC, you can also develop a security policies and procedures manual, which can be updated as required, complete with time stamps of when changes were made. In addition it will block any traffic that is being sent out of the network to command and control centers, or choose the SolarWinds User Device Tracker.
Review of log files is essential as this provides detailed information as to the activity in your organization. Depending on your budget, expertise and requirement, we currently offer several tools.
SolarWinds Event & Log Management tool, which provides for easy installation, a comprehensive library for most compliance requirements, including PCI DSS. This product is well suited for those organizations that have a limited budget, limited resources but needs to have the power of an SIEM that Enterprise/Global Organizations require.
AlertLogic, which is a cloud based solution.
For those organizations that require security analytics or advanced data analysis and already have deployed a robust SIEM product, the Hawkeye AP is a great addition, allowing an organization to capture petabytes of data to run queries against and then send to the SIEM.
Contact us for information on any of the products/services we offer, and how they can assist you with your PCI DSS compliance requirements.
You can visit our white papers section of additional information on our products and how they can assist with compliance.