Payment Card Industry Solution
Enabling the virtualization of PCI systems
- Cost effective–the broadest coverage for PCI requirements available from any single virtual security vendor
- Reduced operational costs- automate PCI security and compliance tasks
- Simple to deploy- 100% virtual, nothing to install on VMs (agentless)
The Payment Card Industry (PCI) has much to gain from virtualization. With huge processing centers, server consolidation is a natural fit. But the industry is also heavy regulated, given the tremendous amount of personal consumer data in the hands of PCI entities. PCI operators had taken a cautious approach to virtualization, as concerns over security and compliance competed with the many benefits of virtualized infrastructure. In recognition of this, the PCI Security Standards Council–the industry's standards-setting body–recently updated its guidelines to enable more widespread use of virtual technology in payment card systems.
Catbird, the leader in virtual security and compliance, monitors and enforces compliance to PCI in virtualized data centers. Catbird has worked with the some of the largest payment card processors in North America to ensure their payment card operations are PCI compliant.
PCI Green Lights Virtual Payment Card Processing
Payment card systems are free to take full advantage of the economic benefits and green efficiencies delivered by virtualization. The Virtual Security Guidelines issued in June of 2011 regulate all twelve Requirement Areas, with 61 specific requirements. Catbird can help accelerate the migration of Payment Systems to virtual infrastructure while staying compliant with these guidelines.
PCI Auditing of Virtualized Assets
Beginning in January 2012, Qualified Security Assessors (QSAs) will begin to work with the new guidelines issued in June of 2011. These requirements will bring stringent governance of asset protection, role-based controls and secondary validation to virtual system components. While operators of virtualized payment systems can now rest assured that clear guidelines are available, those who fail to adopt virtualized security controls will face audit failures.
Industry's Broadest PCI Coverage from a Single vendor
Catbird addresses the key, high-priority, requirements of PCI DSS 2.0. Catbird monitors and enforces a third of the requirements in the Virtualization Guidelines that pertain to network infrastructure, more than any other single vendor. Catbird achieves this with the industry's most comprehensive set of security controls for virtual network infrastructure available today.
vCompliance: PCI Compliance with Catbird
Catbird vCompliance® is an automated solution that monitors and enforces PCI compliance of virtualized data centers, quarantining assets that do not meet the PCI compliance standard. vCompliance measures PCI controls in real-time through the capture of events, classifying these events into their respective PCI requirement and indicating which security controls need to be activated to remediate the asset and return it to a compliant state. Out-of-compliance assets are (optionally) isolated until they can be remediated, preserving the overall compliance posture of the data center as a whole. Catbird provides workflow based on real-time measurements of vSecurity security controls against the PCI requirements.
Reporting in Catbird can optionally be a single page with a summary of the security health of the whole organization, or a deep dive for an auditor who needs to track specific Test Procedures.
PCI Compliance from the inside
Catbird secures virtual systems from deep inside the virtual infrastructure, enabling a perfect inventory of all virtual machines. Only by running inside the virtual host can one ensure PCI requirements are being met.Payment card processors who attempt to meet these requirements using traditional physical security devices running outside the virtual infrastructure may fail the Test Procedures since traditional network-based security solutions were not designed to deal with the highly dynamic nature of virtual systems.
Benefits of Catbird to PCI-regulated data centers
Catbird has an extensive track record of helping the financial industry meet regulatory compliance. Hundreds of banks have already chosen Catbird. Catbird's policy-based approach automates PCI security and compliance by:
- Protecting card holder data from unauthorized access and system attack risks
- Automating vulnerability management to reduce software vulnerability risks
- Enforcing access controls and providing audit trails for verification
- Automated monitoring of virtual network security, with testing of systems and processes
- Implementing and continuously monitoring firewall configurations within the virtual infrastructure
An extensive review of the PCI 2.0 Virtualization Guidelines can be found in the Catbird Compliance Center, which includes detailed reporting, white papers and ‘how to’ guides.