PCI Compliance
Quickly Secure Your Remote Workforce Environment,
Prevent Data Breaches, and Lower Audit Costs
PCI DSS compliance is hard. If it was easy, PCI sustainability trends would be going up and reports of data breaches would be going down.
Relying on traditional segmentation methods like data center firewalls and VLANs to secure East-West traffic in complex, multi-cloud data centers and payment architectures present challenges like:
- How to get your scope right and lower your assessment cost.
- How to eliminate flat networks and misconfigured and out-of-date firewall rules.
- How to quickly adapt the applicable firewall rules and keep up with IT Ops and DevOps – at scale and without breaking applications.
- How to avoid the cost and complexity from using networking/SDN and data center firewalls.
Real-time scoping and host-based segmentation are the critical first steps to identifying changes in your CDE and in-scope PCI components during your remote work transition, reducing your attack surface, and lowering your audit burden.
The Illumio Adaptive Security Platform® (ASP) delivers a host-based, infrastructure-agnostic solution for accurately scoping and segmenting your PCI environment’s East-West traffic while avoiding the cost and management complexity of networking/SDN and data center firewalls.
Benefits
Quickly identify changes in PCI scope and reduce your attack surface while you transition to a remote workforce environment
The transition to remote work potentially changes how employees are collecting or processing cardholder data. You need to take stock of legitimate external connections to your data center and evaluate how they change your PCI scope and potential attack surface. These changes also increase the urgency of eliminating flat networks. Relying on perimeter security tools like VPN and MFA won’t prevent lateral movement attacks to your payment and ecommerce systems via compromised remote machines.
Illumio ASP enables you to identify changes in legitimate PCI connections and flows in real time. You accelerate your ability to segment your in-scope PCI environment and reduce your attack surface. You are also able to quickly secure traffic as you scale out your VDI infrastructure.
Eliminate flat networks while avoiding the cost and complexity of data center firewalls
If you don’t have real-time visibility into changes in your application dependencies and connections, changing firewall rules could break applications. You end up with flat networks and misconfigured and obsolete firewall rules.
You shouldn’t have to re-architect your networking environment and deploy more data center firewalls to enable fine-grained segmentation of your East-West PCI traffic.
Illumio ASP decouples security from networking, allowing you to create more granular segmentation perimeters with confidence. You can also bake segmentation into your IT Ops and DevOps processes – at scale.
Enhance the capabilities of your vulnerability management program
Relying on CVSS scores alone to prioritize patching isn’t the most optimal use of your resources. Illumio ASP enhances the capabilities of your vulnerability management program by overlaying your third-party vulnerability scan data on top of the real-time application dependency map to calculate exploitability and show an attacker’s potential attack pathways. You can use process-based segmentation as a compensating control, and reduce exploitable workloads without breaking critical applications.
August 23, 2019
"We had a compliance need which required us to enable firewalls on approximately 500 internal systems within a 3-month period. Without the ability to map and visualize traffic ahead of setting up firewall policies for these systems, we would not have been
Resources
Supporting PCI DSS Requirements: An Illumio/Protiviti Research Project
Download white paper
Solution briefMapping Ilumio ASP to PCI DSS 321 Controls
Download solution brief
Customer storyLeading eCommerce Retailer Achieves PCI Compliance in Record Time with Illumio
Download customer story