COMPLY WITH Payment Card Industry (PCI) Data Security Standards (DSS)
Protecting Cardholder Data (CHD)
Facing the well-publicized rise of identity theft and criminal cyber attacks, consumers have demanded assurances that their personal data will remain safe whenever they use their bank payment or credit cards. Since 2004, the industry has mandated a set of security guidelines known as the Payment Card Industry Data Security Standards, or PCI. It includes guidelines for computer networks that store or process the cardholder personal data. However, until now enterprise security officers have not had access to a single product with the broad set of capabilities required to address the many categories of network security covered by PCI. They have also lacked the levels of visibility and automation needed to ensure that all the varied systems containing cardholder data are in continuous compliance.
What is your security compliance score?
Elemental understands the challenges associated with security compliance and has developed a unique framework along with innovative technologies to reduce the overall time, cost and effort involved in demonstrating and maintaining compliance with PCI DSS security controls. Elemental Security Platform (ESP) is an enterprise cyber security automation framework that provides your organization with an adaptive compliance automation mechanism which addresses out-of-the-box and on a 24/7 basis most of the PCI DSS security mandates.
How does it work?
Elemental Cyber Security has created an automated policy framework within the Elemental Security Platform (ESP) that enables enterprises to comply with PCI guidelines for network segmentation, host security configuration management, access control, while also providing the visibility necessary to continuously monitor the systems on which cardholder information resides. Within minutes of ESP software installation on target machines, the ESP system will accurately calculate your compliance score for the PCI DSS policy and generate a pass/fail list of specific technical security controls. With that information in hand, your team in charge of security compliance will know exactly where your weak points are, and how to address them. Through historical compliance monitoring and reporting, they can also demonstrate continuous security posture improvements to management and auditors thus reducing cost and time-to-compliance.
ESP provides policies that directly address the following security controls mandated by PCI DSS:
- BUILD and MAINTAIN a SECURE NETWORK
- MAINTAIN a VULNERABILITY MANAGEMENT PROGRAM
- IMPLEMENT STRONG ACCESS CONTROL MEASURES
- REGULARLY MONITOR and TEST NETWORKS
- MAINTAIN an INFORMATION SECURITY POLICY
Report and demonstrate compliance
The PCI standard also requires systems to report on the activities of administrator access, including whether permissions on audit files are set appropriately and that all successful and failed attempts to access systems are logged and maintained. The ESP contains more than 70 individual rules (controls) that enable organizations to apply a consistent configuration of logging systems cross-platform.
Utilizing the Elemental PCI policy framework together with the advanced capabilities of the ESP, organizations can address PCI requirements by augmenting traditional firewalls and IDS systems with endpoint-level security that protects data where it resides, and with policy-based access controls that dynamically adapt to changes in the compliance or security posture of systems on the network.
Proven enterprise-class capabilities:
- Pre-defined PCI DSS policy templates ready to be customized and deployed
- Extensive library containing thousands of “drag-and-drop“ cyber security controls (PCI, HIPAA, NIST, SOX, NSA, CIS, industry best practices, etc.)
- Immediate availability of compliance scores
- 24/7 monitoring and enforcement of deployed policies
- Audit-ready logs of all security policies and system use
- Automation of security configuration management
- Deep network visibility at any managed endpoint level
- Adaptive network segmentation
- Cross-platform containment in case of compromise
Not just a compelling best-in-class technology:
ESP comes with much more than a complete and integrated suite of security compliance and risk management functions:
- Fast, scalable on premise or cloud-based deployment
- Dedicated support and training during system implementation, policy creation, deployment, and reporting
- Currency with global standards and regulatory mandates
- Baseline consulting based on the subscription level
How is Elemental different?
Elemental's unique Cyber Security Platform enables continuous compliance by actually implementing and enforcing the technical security controls mandated by PCI DSS. The solution offers faster time-to-compliance, audit-ready reports, improved network security, ready to deploy security policies and risk assessment — all from one unified easy-to-use web based user interface
The Bottom Line
Elemental provides the visibility needed to quickly establish a baseline for compliance with PCI guidelines. It also furnishes a powerful framework for automating and streamlining the deployment of PCI-related policies to computing resources that store and handle cardholder data. Only the Elemental solution combines all the capabilities required to address the broad range of network security areas addressed in the PCI standard.
- Sarbanes-Oxley Compliance
- NIST 800-171 Compliance
- HIPAA/HITECH Compliance
- Implementing Role-Based Access Controls
- Protecting Data Against Compromise or Loss
- Managing Security Policies
- Unauthorized Host Containment
"At the time of compromise, the average merchant was not compliant with at least 47% of PCI requirements. The average total cost of a data breach is $4 Million. 69% of consumers is less inclined to do business with a breached organization." Source: Verizon report