Tripwire ExpertOps and PCI

The Payment Card Industry Data Security Standard (PCI DSS) was created to help organizations that process credit card payments, secure the cardholder environment to prevent credit card fraud, cyber threats and other security vulnerabilities. The latest version, 4.0, provides specific security guidance on handling, processing, transmitting and storing credit card data to minimize the theft, exposure and leakage of a customer’s personal and financial credit information.

The Challenge

Credit card data has long been a prime target for attackers. Research and multiple forensic investigations show that it can take attackers only seconds to minutes to breach an organization’s defenses, but it takes an average of eight months to discover a breach—and by that time millions of records have often been exfiltrated.

The Goal: Continuous PCI Compliance

Organizations, struggling to address ever growing cybersecurity risks with limited resources—the lack of cybersecurity talent and high turnover on cybersecurity teams—typically focus their energies by employing a “check box” mentality for passing each PCI compliance audit and then simply return to business as usual after the administrative scramble. This is when configurations can “drift” out of compliance, even though at a particular point in time the organization may have undergone third party penetration testing and vulnerability assessments and passed their audit. As IT security professionals know, compliance is no guarantee of security. However, the PCI Security Standards Council states “to ensure security controls continue to be properly implemented, PCI DSS should be implemented into BAU (business as usual) activities as part of an entity’s overall security strategy.” BAU translates into continuous compliance every day. Tripwire ExpertOps can help organizations achieve continuous PCI DSS compliance while insulating their teams from the challenges of turnover and the cybersecurity talent gap.

Your Solution: Tripwire ExpertOps

Tripwire ExpertOps combines managed services with the industry’s best File Integrity Monitoring (FIM) and Security Configuration Management (SCM), and addresses 11 of the 12 PCI DSS requirements. The solution provides personalized consulting, audit support, and cloud based infrastructure to help you achieve and maintain compliance. The solution is easy to deploy and use, with simple subscription pricing and a low total cost of ownership. Tripwire ExpertOps enables you to rapidly achieve compliance with PCI 4.0 throughout your environment by reducing the attack surface, increasing system integrity and delivering continuous compliance. Plus, because Tripwire ExpertOps includes personalized consulting, you receive ongoing support from a designated Tripwire Expert.

Benefits

• PCI DSS 4.0 audit support
• 24/7 compliance visibility via a customized dashboard
• Alerts and reports in your inbox
• Waivers and change requests made easy
•  No more awkward or incomplete hand offs when your staff changes

How It Works

Tripwire ExpertOps provides you with continuous staffing to operate and manage Tripwire provided PCI DSS controls at peak efficiency. The solution adapts to your unique environment—reports and profiling tasks are customized to meet your specific needs. You will receive expert guidance to configure your system and policy configurations to best align with your requirements. And you’ll gain visibility via 24/7 access to compliance information via a tailored dashboard and management console.

A Tripwire Expert will act as an extension of your team by prioritizing work efforts and managing critical escalations. Together you will jointly develop a Service Plan that outlines communication practices, escalation procedures and any specialized requests.

The Tripwire Expert will then tune and operate your Tripwire provided PCI DSS controls to provide:

• Prescriptive policy and content guidance to enable PCI DSS compliance for your specific network or system security requirements
• Recommendations for maximizing automation capabilities for compliance and event alerting practices, change management process integrations, and audit prep activities
• Prioritized remediation to identify opportunities to efficiently improve compliance posture
• Organizational grading for each accountable department to provide visibility into groups needing additional resources and attention

Get 24/7 visibility without deploying additional hardware, databases and backend software. Tripwire ExpertOps is built on a cloud computing platform, allowing the service to quickly scale to meet your needs while maintaining high levels of security. The service uses a single tenancy model to ensure that data remains segregated between customer accounts. Tripwire applies multiple controls for security and privacy of your data, including secure configurations, vulnerability scanning, data encryption, malware defenses, access control, log management, multifactor authentication, VPN and much more.