Posts Tagged ‘PCI’
Posted by Heather Howland in Retail, Security Intelligence, SIEM
Over the past two weeks, we have been covering the use case of a Q1 Labs’ customer in the retail space with a series of blog posts dissecting their experience with QRadar so far. Now that we have a better idea why using a security intelligence solution is important and how to make choosing a SIEM vendor relatively painless, lets hear from our customer on why they chose Q1 Labs’ QRadar over other vendor solutions.
For starters, here are a few:
- Ease of use and simple customization – Different parties (network team, dba, etc) were able to use QRadar with a very short learning curve: a one hour training session was more than enough. With the ability to easily customize views for each group, the unique needs of each group can be met easily with report and dashboard customization.
- Events Per Second (EPS) and scaling – Our customer needed a solution that can scale EPS based on their varying needs. As they monitor larger portions of their infrastructure with QRadar, they expect correlation to perform efficiently no matter the size of the data volume.
- Unique approach to log aggregation and event management – The combination of traditional log events and flow data give our customer a comprehensive view of their environment, enhancing their ability to detect anomalies and other suspicious activity when compared to competing solutions.
In next week’s post, we will hear about their experience setting up and deploying QRadar. But why wait for that if you can watch the whole webcast now?
Posted by Heather Howland in Retail, Security Intelligence, SIEM
So, you have been given the task of finding a SIEM solution. Not just any solution, but one that is affordable, scalable, easy to deploy and maintain, and creates an impenetrable virtual force-field around your company. Ok, forget that last one.
Does this sound familiar? Your team might be saddled with a looming audit, industry regulations to abide by, overwhelmed by logs, or perhaps having a challenging time monitoring internal and external threats. Whatever the case, it’s clear some new level of intelligence is required to make sense of all that log data and effectively strengthen your security posture.
It just so happens that one of our customers, a worldwide luxury accessory company, had similar challenges and solved many of them by implementing QRadar, which is a next-generation SIEM that we call a Security Intelligence Platform. Of course, while evaluating various solutions, they had several major vendors on their short list. At the time, the industry was dominated by one or two heavyweights, but with a quick and effective POC demonstrating QRadar’s ability to automatically detect log sources and correlate log events with network activity flows at the application layer (such as VoIP, Social Media, and P2P), the decision was made to purchase and deploy QRadar.
Simply put, they wanted a next-generation SIEM and log management solution that integrated easily with their existing infrastructure — rather than adjusting their environment to fit the solution.
If you missed the first post in the series, read why our customer needed a SIEM in the first place. In the next part, we will find out why they chose Q1 Labs over other vendors.
Posted by Heather Howland in Compliance, Retail, Security Intelligence, SIEM
We recently held a webcast with SANS, featuring a major Q1 Labs customer who is a well-known luxury brand in the retail space. They have been relying on the QRadar Security Intelligence Platform to help them tackle compliance regulations, gain visibility into network devices and system logs, display packet level detail, and provide powerful reporting capabilities.
Let’s rewind a bit and discover why they need a SIEM.
PCI compliance is a driving factor since they are a publicly traded company and host payment information. Beyond that, and the reason why they need a SIEM, is the diversity and size of their network. Their infrastructure is comprised of multiple flavors of UNIX (including HPUX and IBM AIX), Red Hat Linux, and Windows servers; with network devices from Cisco, Checkpoint (firewalls), Solarwinds, and Airwave.
With over 500 stores, a corporate network, and a retail network, they faced a challenge of continuously monitoring for threats and suspicious activities. It was clear to them that simply reviewing logs on a periodic basis was not enough. They needed a SIEM solution to help uncover anomalies on their network in real time.
Of course, you don’t have to wait for each of these series to be released – watch the full webcast now. In the next part of the series, we will see why selecting a SIEM vendor is not an easy process.
Posted by Heather Howland in Compliance, Security Intelligence, Threat Management
At a recent customer meeting, I had the opportunity to speak with a Director of Information Security from a large hospital system in the mid -West. I asked him about what Security Intelligence means to his organization. Three things in his reply stood out: compliance, detecting and preventing threats, and the exposure resulting from social media use. As a large healthcare organization, they are responsible for protecting the information of their patients that visit them as well as all hospital associates. They are bound by HIPAA, and because they do a lot of credit card transactions (pharmacies, gift shops, and doctor visit payments), they are bound by PCI DSS as well. These regulations and standards require them to not simply keep logs but also be able to know what is touching and going on in the networks, including smaller sites into which they lack direct visibility.
They need to be able to correlate events to get the intelligence needed to track down possible breaches or anything going on in the network that could involve HIPAA or PCI. Security Intelligence allows them to find that needle in the pile of needles, and this is important: in real time, and to determine what happened when, and proactively prevent things that have the potential to become a big problem. In the past they were reactive and spent a lot of time building special scripts to dig through logs. With Security Intelligence, not only were they able to catch a zero- day attack during a demonstration prior to installation, but now they have the intelligence to see things before they occur, allowing them to easily show value to their executive team.
Compliance and threat detection are pretty common themes with many customers with whom I speak. What really piqued my interest was when we started talking about social media, as my expertise lies in leveraging online media for marketing. This is a topic that over the past year continues to grow with many of our customers. Like many customers, they are still working through their policy for social media. What’s interesting is how the organization is using security intelligence to help build their strategy. Right now they allow their employees to use Facebook, and one of their biggest concerns was around how much time and bandwidth is consumed. With Security Intelligence, they have the visibility they need to help them make better decisions in terms of what they want to allow and how they want to configure devices in terms of limiting or preventing some of that traffic.
Chris Poulin, Q1 Labs’ Chief Security Officer, has recently gotten many requests to speak about this topic. Check out the latest video of Chris talking about “How to Balance the Risks of Social Media.” This video is part of a series we will be publishing on social media risks, so stay tuned!
Posted by Heather Howland in Compliance, Retail, Security Intelligence
In an article on infosecurity.com this week, there’s news that as of Oct 1, 2012 Visa is waiving the requirement for US merchants to annually validate their compliance with the PCI Data Security Standard (PCI DSS) – *if* 75% of the merchant’s Visa transactions come from chip-enabled terminals that support both contact and contactless chips.
Part of Visa’s plan to accelerate migration to the new chip technology is to eliminate the need to annually validate PCI compliance, which I think is a bit short sighted. Here’s some of the “small print” from Visa:
Qualifying merchants must continue to protect sensitive data in their care by ensuring their systems do not store track data, security codes or PINs, and that they continue to adhere to the PCI DSS standards as applicable.
Ok that’s great, but who is enforcing this? In most cases, validation drives compliance, which drives security (or at least budgets). So what will happen when validation goes out the window? While achieving PCI compliance isn’t necessarily the “end-all” solution to security problems, it certainly pushes merchants in the right direction and adds structure to an already hectic environment (considering the frequency of card breaches popping up in the news). According to the 2011 Verizon Breach Report, 89% of organizations that suffered breaches were not validated PCI compliant.
With PCI compliance validation all but off the table, we have to trust that other security measures won’t fall short. How do merchants “ensure” (as Visa states) that they are not storing track data, security codes, PINs and so on? As Gartner’s John Pescatore recently pointed out, “There is a big difference between compliance and security.”
Even though Visa may not be requiring audits for qualifying merchants, it is important to consider the larger security picture beyond just collecting logs. Retailers and other third-party vendors have a responsibility to keep consumer data secure, and to do so, they need a fully featured security intelligence solution to correlate log data, network flows, asset configurations, device & network vulnerabilities, and (internal / external) threat data into one consolidated view, with a goal of exceeding PCI control objectives. Not just to meet Visa’s requirements, but to uphold their duty to protect consumer information. After all, it’s good for business.
The latest on Cyber Security