Ensuring Regulatory Compliance with AccessData Technology ...
PCI Compliance
Ensuring Regulatory Compliance with AccessData Technology
Address the key requirements of PCI compliance with the first cyber security platform to integrate network analysis, host analysis and large-scale auditing. Maintain a firewall configuration to protect cardholder data. Ensure encryption of cardholder data and sensitive information transmitted across public networks. Track and monitor all access to network resources and cardholder data. Manage proactive and reactive regulatory compliance operations in house to dramatically reduce risk. Proactively or reactively audit computers across your enterprise to identify every node that contains payment card information.
Despite defensive mechanisms, such as encryption, access controls and content monitoring systems, payment card information can still find its way onto unsecure segments of your network or be stolen by hackers whose sole purpose is to get their hands on this information. Too often organizations simply rely on the process of accidental discovery when it comes to detecting data leakage, and the prohibitive costs associated with large-scale auditing prevents many organizations from taking a proactive approach to defending their data. In addition, lacking automated visibility into each computer across your enterprise severely limits the efficacy of a compromise assessment.
The technical implications of a massive content audit is often staggering. Even in relatively simple environments, executing a large-scale search for a confidential file can be a daunting and time-consuming task. The problem of course is less about the complexity of the task and more about the lack of technologies designed to address this type of broad search. Without scalable, deep, forensic auditing and remediation capabilities, organizations can’t do much more than wait for somebody to report a data spill and then pursue manual, time-intensive and error-prone solutions, such as a machine-by-machine search. To truly ensure the protection of confidential data, commercial and government entities need an automated way to quickly and thoroughly search tens of thousands of machines, and that is exactly what AccessData’s Cyber Intelligence and Response Technology (CIRT) is designed to do.
HOW DOES CIRT FACILITATE PCI COMPLIANCE AND PROTECT YOUR INFORMATION ASSETS? LEARN MORE...
© 2012 AccessData Group. All Rights Reserved.
Using CIRT...
define data sources
define search criteria
execute search
review results/ report
PROTECT CONFIDENTIAL DATA. Identify and log the locations of confidential data that have spilled onto unsecure segments of your network, using any combination of search criteria: • Keywords (Eyes Only, etc.) • Date ranges (created/modified/accessed) • Data source (network share, email, computer, SharePoint, etc.) • Hashes (to include or exclude) • File Type (400+ pre-defined types) • File size • File status (deleted, hidden) • Location (C:\my documents\...) MASSIVE-SCALE DATA AUDITING WITH UNSURPASSED REACH. Search for payment card information and other types of sensitive data on computers, email servers, network shares and even structured data repositories. Auditing will identify confidential data even in files that are open and in use. CONDUCT THOROUGH INCIDENT RESPONSE INVESTIGATIONS. CIRT is the only cyber security solution to integrate network forensics, host forensics and large-scale data auditing, allowing you to not only identify data leakage, but to chase it down and remediate. Identify security breaches, replay events, analyze logs and correlate that information with what is happening to determine how the leakage propagated. The integrated analysis and built-in remediation capabilities of CIRT allow you to more effectively address security threats of any kind. RESPOND EFFECTIVELY TO CONTENT MONITORING ALERTS. Quickly correlate user activity with a content monitoring alert and forensically preserve relevant data. The CIRT security framework includes the only network forensics technology that analyzes and correlates event logs. PROACTIVELY DETECT DATA LEAKAGE AND CONTAIN IT BEFORE IT BECOMES A NEWS STORY. By scheduling regular audits of the computers across your enterprise, you can proactively identify confidential or classified information living on unsecure nodes. When detected, CIRT allows you trace the spill and remediate automatically, if your policies allow. Having this level of visibility into where your data lives and the ability to take action immediately allows you to mitigate risk and protect your data far more effectively that you can relying on traditional tools.
remediate
re-audit to confirm results
PCI Compliance
Strict security. Robust technology. AccessData’s Secure Network Communications Module, leveraged in our solutions is FIPS 140-2 certified, ensuring that data transferred over a public or private network when employing our certified cryptographic module will be encrypted and protected. In addition, AccessData’s data leakage remediation employs a strong wiping methodology. A configurable architecture and flexible permission structures make it possible for you to control access to information. Find out how AccessData can help you protect your information assets and ensure compliance, call 800.574.5199 / +1.801.377.5410, or email [email protected]
© 2012 AccessData Group. All Rights Reserved.
Ensuring Regulatory Compliance with AccessData Technology
Address the key requirements of PCI compliance with the first cyber security platform to integrate network analysis, host analysis and large-scale auditing. Maintain a firewall configuration to protect cardholder data. Ensure encryption of cardholder data and sensitive information transmitted across public networks. Track and monitor all access to network resources and cardholder data. Manage proactive and reactive regulatory compliance operations in house to dramatically reduce risk. Proactively or reactively audit computers across your enterprise to identify every node that contains payment card information.
Despite defensive mechanisms, such as encryption, access controls and content monitoring systems, payment card information can still find its way onto unsecure segments of your network or be stolen by hackers whose sole purpose is to get their hands on this information. Too often organizations simply rely on the process of accidental discovery when it comes to detecting data leakage, and the prohibitive costs associated with large-scale auditing prevents many organizations from taking a proactive approach to defending their data. In addition, lacking automated visibility into each computer across your enterprise severely limits the efficacy of a compromise assessment.
The technical implications of a massive content audit is often staggering. Even in relatively simple environments, executing a large-scale search for a confidential file can be a daunting and time-consuming task. The problem of course is less about the complexity of the task and more about the lack of technologies designed to address this type of broad search. Without scalable, deep, forensic auditing and remediation capabilities, organizations can’t do much more than wait for somebody to report a data spill and then pursue manual, time-intensive and error-prone solutions, such as a machine-by-machine search. To truly ensure the protection of confidential data, commercial and government entities need an automated way to quickly and thoroughly search tens of thousands of machines, and that is exactly what AccessData’s Cyber Intelligence and Response Technology (CIRT) is designed to do.
HOW DOES CIRT FACILITATE PCI COMPLIANCE AND PROTECT YOUR INFORMATION ASSETS? LEARN MORE...
© 2012 AccessData Group. All Rights Reserved.
Using CIRT...
define data sources
define search criteria
execute search
review results/ report
PROTECT CONFIDENTIAL DATA. Identify and log the locations of confidential data that have spilled onto unsecure segments of your network, using any combination of search criteria: • Keywords (Eyes Only, etc.) • Date ranges (created/modified/accessed) • Data source (network share, email, computer, SharePoint, etc.) • Hashes (to include or exclude) • File Type (400+ pre-defined types) • File size • File status (deleted, hidden) • Location (C:\my documents\...) MASSIVE-SCALE DATA AUDITING WITH UNSURPASSED REACH. Search for payment card information and other types of sensitive data on computers, email servers, network shares and even structured data repositories. Auditing will identify confidential data even in files that are open and in use. CONDUCT THOROUGH INCIDENT RESPONSE INVESTIGATIONS. CIRT is the only cyber security solution to integrate network forensics, host forensics and large-scale data auditing, allowing you to not only identify data leakage, but to chase it down and remediate. Identify security breaches, replay events, analyze logs and correlate that information with what is happening to determine how the leakage propagated. The integrated analysis and built-in remediation capabilities of CIRT allow you to more effectively address security threats of any kind. RESPOND EFFECTIVELY TO CONTENT MONITORING ALERTS. Quickly correlate user activity with a content monitoring alert and forensically preserve relevant data. The CIRT security framework includes the only network forensics technology that analyzes and correlates event logs. PROACTIVELY DETECT DATA LEAKAGE AND CONTAIN IT BEFORE IT BECOMES A NEWS STORY. By scheduling regular audits of the computers across your enterprise, you can proactively identify confidential or classified information living on unsecure nodes. When detected, CIRT allows you trace the spill and remediate automatically, if your policies allow. Having this level of visibility into where your data lives and the ability to take action immediately allows you to mitigate risk and protect your data far more effectively that you can relying on traditional tools.
remediate
re-audit to confirm results
PCI Compliance
Strict security. Robust technology. AccessData’s Secure Network Communications Module, leveraged in our solutions is FIPS 140-2 certified, ensuring that data transferred over a public or private network when employing our certified cryptographic module will be encrypted and protected. In addition, AccessData’s data leakage remediation employs a strong wiping methodology. A configurable architecture and flexible permission structures make it possible for you to control access to information. Find out how AccessData can help you protect your information assets and ensure compliance, call 800.574.5199 / +1.801.377.5410, or email [email protected]
© 2012 AccessData Group. All Rights Reserved.
