Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World...
Transcript of Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World...
![Page 1: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/1.jpg)
Matt Dean– Product ManagementMatt Hines – Product Marketing
August 12, 2014
Automating PCI 1.1.7 with FireMon Policy Optimizer
![Page 2: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/2.jpg)
Agenda
Welcome
PCI DSS Compliance Challenges
PCI DSS Requirement 1.1.7
Automating using Policy Optimizer
FireMon and PCI – Other Areas
Demo – Policy Optimizer
Q&A
![Page 3: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/3.jpg)
PCI DSS Compliance Challenges
Today’s Hurdles:
“Continuous” Compliance
Controls must be constantly validated
Complexity and Change
Business demands, threats, infrastructure
Oversight and Overhead
Audit prep and resource allocation
![Page 4: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/4.jpg)
PCI DSS Requirement 1.1.7
Rules Recertification
Cleanup rules – Specifically unnecessary, outdated or incorrect rules, ensuring that all rules allow only authorized
services and ports that match documented business justifications. Organizations with a high volume of changes
to rules may wish to consider performing reviews more frequently, to ensure that the rule sets continue to
meet the needs of the business.
![Page 5: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/5.jpg)
PCI DSS 1.1.7 Challenges
Existing Pain Points:
Changing Access Demands
Evolving business and landscape
Access/Rules Recertification
What’s necessary? Who owns it?
Fixed Internal Resources
Leveraging staff to do more
![Page 6: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/6.jpg)
New Product – Policy Optimizer
![Page 7: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/7.jpg)
Policy Optimizer - Bridging Silos
New, Automated Workflow:
Integrated policy review cycle
Optimize posture for operational, security & compliance requirements
Automated rule recertification
Business process implementation ensuring organizational adoption
Refined, documented access
Consistent review and closed-loop process for management
Network Ops, Security Mgmt,Audit/Compliance, Risk Mgmt
Policy Optimizer
![Page 8: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/8.jpg)
Product Features: Rule Review
Rule Optimization:
Data for Review & Certification
Access, usage, documentation
Intelligent Policy/Rule Review
Smart policy/rules routing
Automated Review Process
Business process for review
![Page 9: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/9.jpg)
Product Features: Edit Control
Policy Improvement:
Dynamic configuration search
Find all similar rules/controls
FireMon SIQL technology
Proprietary query language
Evaluate, review and test
Detailed intelligence and reports
![Page 10: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/10.jpg)
Benefit – Integrated Workflow
Process Automation:
Fills gap in security& risk mgmt
Automated policy optimization
Significant compliance benefit
Continuous rules re-certification
Business-security communication
Bridging silos with workflow automation
![Page 11: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/11.jpg)
Case Study – Global Financial
Real-World Demand:
Significant pain & expense
Manually recertify rules (PCI DSS)
15 full time staff worldwide
Using Policy Optimizer
Enable staff with data, workflow
Replaced rival shelf ware
Immediate benefits
Closed-loop process for PCI review
Rapidly addressed existing problems
![Page 12: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/12.jpg)
FireMon Solutions: PCI Overview
Solutions Applicability:
Security Manager Platform
Firewall rules and policy assessment
Policy Planner Module
Policy analysis and change mgmt
Risk Analyzer Module
Prioritized vulnerability mitigation
![Page 13: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/13.jpg)
FireMon Solutions: 7-of-12 Addressed
DSS-Wide Applicability:
PCI 1 Firewall rules and policy assessment
PCI 2 Policy analysis and change mgmt
PCI 6 Prioritized vulnerability mitigation
PCI 7 Control network access
PCI 10 Network logging and monitoring
PCI 11 Security system testing
PCI 12 Maintain policy effectiveness
![Page 14: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/14.jpg)
FireMon Solutions: PCI Applicability
Requirements Addressed: PCI 1
Firewall rules and policy assessment
1.1 - Establish and implement firewall and router configuration standards.
1.2 - Build firewall and router configurations that restrict connections between untrusted networks.
1.3 - Prohibit direct public access between the Internet and card data.
1.5 - Ensure that security policies and operational procedures for managing firewalls are documented.
![Page 15: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/15.jpg)
FireMon Solutions: PCI Applicability
Requirements Addressed: PCI 2
Policy analysis and change mgmt
2.2 - Develop configuration standards for all system components.
2.3 - Encrypt all non-console administrative access using strong cryptography.
2.4 - Maintain an inventory of system components that are in scope for PCI DSS.
2.5 - Ensure that security policies and operational procedures for managing vendor defaults and security parameters are
documented and validated.
![Page 16: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/16.jpg)
FireMon Solutions: PCI Applicability
Requirements Addressed: PCI 6
Prioritized vulnerability mitigation
6.1 - Establish a process to identify security vulnerabilities using outside sources for security vulnerability ranking.
6.4 - Follow change-control processes and procedures for all changes to system components.
Requirements Addressed: PCI 7
Control network access
7.1 - Limit access to system components and cardholder data.
7.2 - Establish an access control system for systems components that restricts access based on need-to-know set to “deny all” unless specifically allowed.
7.3 - Ensure that security policies and operational procedures for managing firewalls are documented.
![Page 17: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/17.jpg)
FireMon Solutions: PCI Applicability
Requirements Addressed: PCI 10
Prioritized vulnerability mitigation
10.1 - Implement audit trails to link all access to system components to each individual user.
10.2 - Implement automated audit trails for all system components to reconstruct events.
10.3 - Record particular audit trail entries for all system components for specified events.
Requirements Addressed: PCI 11
Security system testing
11.2 - Run internal and external network vulnerability scans quarterly and after any significant change in the network .
11.3 - Implement a standards-based methodology for penetration testing.
![Page 18: Automating PCI 1.1.7 with FireMon Policy Optimizer...Case Study –Global Financial Real-World Demand: Significant pain & expense Manually recertify rules (PCI DSS) 15 full time staff](https://reader033.fdocuments.us/reader033/viewer/2022050515/5f9eee81ea689e014f12976d/html5/thumbnails/18.jpg)
FireMon Solutions: PCI Applicability
Requirements Addressed: PCI 11
Change Detection Alerting
11.5 - Deploy a change-detection mechanism to alert personnel to unauthorized change of critical system files, configuration files, or
content files.
Requirements Addressed: PCI 12
Maintain policy effectiveness
12.2 - Implement a risk-assessment process that is performed at least annually and upon significant changes to the environment.