Borderless Networks and PCI compliance palo/Rozne/cisco-expo-2009/Presentati · PDF file...

Click here to load reader

  • date post

    23-Aug-2020
  • Category

    Documents

  • view

    0
  • download

    0

Embed Size (px)

Transcript of Borderless Networks and PCI compliance palo/Rozne/cisco-expo-2009/Presentati · PDF file...

  • © 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

    Borderless Networks and PCI compliance

    Philippe Roggeband - [email protected]

    Emerging Markets Borderless Networks

    mailto:[email protected]

  • One year ago…

    In what could be the biggest security incident in history, Heartland Payment Systems announced on Tuesday 20th of January that it was the victim of a data breach that possibly compromised more than 100 million accounts after malicious software was found in its payment processing system.

    http://www.crn.com/encyclopedia/defineterm.jhtml?term=software&x=&y= http://www.crn.com/encyclopedia/defineterm.jhtml?term=processing&x=&y=

  • Philippe Roggeband - [email protected]

    Emerging Markets Borderless Networks team

    Borderless Networks and PCI Compliance

    mailto:%E2%80%[email protected]

  • © 2009 Cisco Systems, Inc. All rights reserved. Cisco public

    Cisco Expo

    Bratislava 4© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 4

    Borderless Networks Security & PCI compliance

    Agenda

     Cisco’s approach to security

     PCI Compliance overview

     Cisco’s PCI Compliance solutions

     Call to action

  • © 2009 Cisco Systems, Inc. All rights reserved. Cisco public

    Cisco Expo

    Bratislava 5© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 5

    Cisco Architectural Approach

    Security Policy

    Borderless Networks

    Collaboration Virtualization

    Product Portfolio

    Desktop VirtualizationMulti-Stream

    Video

    WAAS Wireless

    Switching

    Routing

    Security

  • © 2009 Cisco Systems, Inc. All rights reserved. Cisco public

    Cisco Expo

    Bratislava 6© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 6

    Anyone

    Anywhere

    Any Device

    Any Resource

    A Next Generation Architecture to Deliver the New Workspace Experience

    BORDERLESS NETWORKS

    The Transformation: The World Is Our New Workspace

  • © 2009 Cisco Systems, Inc. All rights reserved. Cisco public

    Cisco Expo

    Bratislava 7© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 7

    Changing Environment; Shifting Borders

    IT Consumerization

    Device Border

    Mobile Worker

    Location Border

    Video/ Cloud

    IaaS,SaaS

    Application Border

    External-Facing Apps Internal

    Apps

  • © 2009 Cisco Systems, Inc. All rights reserved. Cisco public

    Cisco Expo

    Bratislava 8© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 8

    Securing Borderless Networks

    Traditional Borders are Blurred; Access

    From Anywhere

    Threats are Constantly Changing—Viruses and

    Worms to Malware to Botnet

    Identity - Who Is Accessing the Network

    and What They Can Do

    How to Monitor and Enforce Global

    Policies

    Business Challenges

    Where? What? Who? How?

  • © 2009 Cisco Systems, Inc. All rights reserved. Cisco public

    Cisco Expo

    Bratislava 9© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 9

    Criminal Specialization Driving More

    Sophisticated Attacks

    The Evolving Security Threats

    Web Ecosystem Becomes Number

    one Threat Vector

    Criminals Exploit Users Trust, Challenging

    Traditional Security Solutions

    Creative Methods (Business

    Models) Used to Attract Victims

    9

  • © 2009 Cisco Systems, Inc. All rights reserved. Cisco public

    Cisco Expo

    Bratislava 10© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 10

    Building Secure Borderless Networks

    Borderless Security Architecture

    Network Security Trusted Client

    Content Security

    Appliance Hybrid HostedSecurity ModuleSoftware

    Policy and Identity

    Defend Extend Protect Comply

    Cisco Security Intelligence Operations

    Network Infrastructure

  • © 2009 Cisco Systems, Inc. All rights reserved. Cisco public

    Cisco Expo

    Bratislava 11© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 11

    Cisco Security Product Portfolio

    Network Security Trusted Client

    Content Security

    Cisco Security Intelligence Operations

    AnyConnect VPN Client

    ISR

    FWSM

    Network Admission Control

    ACE Web App Firewall

    IPS 4200

    Cisco Virtual Off ice

    Cisco Security Manager

    Cisco Secure ACS

    IronPort Hosted Email Security

    IronPort S-Series

    IronPort C-Series

    Cisco Secure MARS

    ASA 5500

    IronPort M-Series

    Policy and Identity

  • © 2009 Cisco Systems, Inc. All rights reserved. Cisco public

    Cisco Expo

    Bratislava 12© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 1212

    Cisco Security Intelligence Operations Powering Cisco Security

    SensorBase

     700,000+ global sensors over four threat vectors

     Historical library of 40,000 threats

     500 third-party feeds, 100 news feeds,

    open source, and vendor partnerships

    Threat Operations Center

     Automated tracking of over 200 parameters

     SenderBase: categorizes and rates reputation

     Global threat correlation

    Advanced Protection

     Automated rule and/or signature creation

     Innovative virus outbreak filters

    Fast Accurate Detection, Advanced Mitigations

  • © 2009 Cisco Systems, Inc. All rights reserved. Cisco public

    Cisco Expo

    Bratislava 13© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 13

    Defend

    Defend Against Threats

    Protect

    Protect Business Assets

    Extend

    Secure Enterprise Connectivity

    Comply

    Achieve Regulatory Compliance

    Cisco Solution Examples

    Threat Defense Secure Remote Workforce

    Data Loss Prevention

    Solution for PCI

    Secure Borderless Network

    Securing the Borderless Network Through Systems and Solutions

  • © 2009 Cisco Systems, Inc. All rights reserved. Cisco public

    Cisco Expo

    Bratislava 14© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 14

    Overview of PCI standards

  • © 2009 Cisco Systems, Inc. All rights reserved. Cisco public

    Cisco Expo

    Bratislava 15© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 15

    Who does what ?

     The PCI SSC sets the PCI DSS Standard

     Each card Brand has its own program for :

    Compliance

    Validation Levels

    Enforcement

     QSA – Qualified Security Assessor

    Assess compliance with the PCI DSS

     ASV – Approved Scanning Vendor

    Validate adherence to the PCI DSS Scan requirements by performing vulnerability scans of Internet-facing environments of merchants and service providers

     SAQ – Self Assessment Questionnaire

    Validation tool for organizations that are not required to undergo an on- site assessment for PCI DSS compliance

  • © 2009 Cisco Systems, Inc. All rights reserved. Cisco public

    Cisco Expo

    Bratislava 16© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 16

    Card brands websites

     American Express:

    www.americanexpress.com/datasecurity

     Discover Financial Services:

    www.discovernetwork.com/fraudsecurity/disc.html

     JCB International:

    www.jcb-global.com/english/pci/index.html

     MasterCard Worldwide:

    www.mastercard.com/sdp

     Visa Inc:

    www.visa.com/cisp

    http://www.americanexpress.com/datasecurity http://www.discovernetwork.com/fraudsecurity/disc.html http://www.jcb-global.com/english/pci/index.html http://www.jcb-global.com/english/pci/index.html http://www.jcb-global.com/english/pci/index.html http://www.mastercard.com/sdp http://www.visa.com/cisp

  • © 2009 Cisco Systems, Inc. All rights reserved. Cisco public

    Cisco Expo

    Bratislava 17© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 17

    The Payment Card Industry (PCI) Data Security Standard

    Build and Maintain a

    Secure Network

    Protect Cardholder Data

    1. Install and maintain a firewall configuration to protect data

    2. Do not use vendor-supplied defaults for system passwords and other security parameters

    3. Protect stored data 4. Encrypt transmission of cardholder data and

    sensitive information across public networks

    Maintain a Vulnerability Management

    Program

    5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and

    applications

    Implement Strong Access

    Control Measures

    7. Restrict access to data by business need-to- know

    8. Assign a unique ID to each person with computer access

    9. Restrict physical access to cardholder data

    Regularly Monitor and Test

    Networks

    10. Track and monitor all access to network resources and cardholder data

    11. Regularly test security systems and processes

    Maintain an Informa