Achieve PCI DSS compliance faster, with Identity-Based PCI micro-segmentation

Frees up IT personnel by 60 percent on average, while fortifying enterprises’ security posture

Situation overview

Endorsed by the majority of credit card companies worldwide, PCI DSS (Payment Card Industry Data Security Standard) compliance is required by any merchant and service provider that stores, processes or transmits cardholder data. With transactions swiftly moving beyond traditional brick and mortar store fronts, banks, healthcare organizations, and merchants are also wrestling with cloud-based infrastructures to accommodate hybrid environments.

While the underlying networking and compute infrastructure is ever evolving, you are on the hook to conform to PCI standards. The security and integrity of your customers’ data is at stake. A PCI compliant environment, however, does not mean your network and assets are secure, which is why we continue to witness so many hacks of PCI compliant networks across the marketplace.

 

Additional Resources

SUMMARY

CHALLENGE

  • Adhering to PCI DSS requirements is complex, time consuming and costly
  • Meeting PCI compliance requirements does not make your environment secure

 

SOLUTION

  • Identity-based PCI micro-segmentation with centralized policy-based orchestration
  • Easily isolate sensitive resources with machine-to-machine encryption, reducing PCI scope

 

BUSINESS VALUE

  • Simple and centralized PCI policy orchestration, significantly reduces overall cost of PCI audits
  • Ensures admins have the proper PCI-compliant controls and policies in place

 

 

 

Before Tempered Networks: Possible attacks when using traditional technologies

 

Click to expand

 

 

After Tempered Networks: Micro-segmentation and cloaking stops most attacks

 

Click to expand

 

Unify PCI compliance and security initiatives

Achieve PCI compliance, while significantly hardening the interior of your network through wide-area micro-segmentation. Our IDN platform keeps your critical PCI assets out of scope, completely cloaked and hidden from hackers.

Our differentiation? We start with provable cryptographic identities and machine-to-machine authentication. Add to that, our powerful cloaking and unbreakable micro-segmentation creates hardened, flexible secure micro-perimeters--without modifying existing infrastructure across the LAN and WAN.

Here’s how identity-based PCI micro-segmentation facilitates adherence to the latest stringent PCI DSS requirements, while hardening your network:

  • Removes critical PCI systems and assets from scope. Provides a level of isolation and containment previously unattainable, yet easy to use and manage.
  • Simplifies PCI orchestration. Automatically add PCI resources to pre-defined device groups, making updates and changes simple, consistent, and predictable.
  • Reduces cost of PCI audits. Our manageability-first design principle makes it simple for IT staff to reduce PCI scope, reducing man hours by 60 percent on average.

 

Coming soon: A comprehensive validation report by Coalfire Systems will be posted on our website.

The Conductor: simple policy configuration

Creating communication policy is point-and-click simple. Simply add the trusted devices you want to include and build explicit trust relationships by clicking the radio buttons. The Conductor authenticates and authorizes the HIP services via their provable host identities, and then whitelists both HIP switches to communicate with each other. This simple process replaces the multiple steps typically required for security and network configuration by IT staff.

 

BUILDING AN OVERLAY SEGMENT

 


 

Click to expand


 

The Conductor's Visual Trust Map shows an encrypted network overlay based on the instant policy creation shown above, allowing you to immediately validate PCI policy.

 

 

VISUALIZATION TAB: PCI NETWORK

 


 

Click to expand

 

Stopping East-West and North-South hacker reconnaissance

This is the result of running nMap against a Tempered Networks deployment, where identity-based local and wide area micro-segmentation stops lateral movement of an attack.

 

Before Tempered: It took less than 5 seconds to have all ports scanned and identified. A hacker in this case would easily recognize they hit the jackpot.

 

 

NMAP SCAN AGAINST NETWORK

 


 

Click to expand


 

After Tempered: NMAP was unable to discover any listening ports - the systems are effectively cloaked and invisible. It still inadvertently reports a system as up even though nothing was discovered because it assumes that the system isn't responding to ICMP.

 

 

NMAP SCAN AGAINST IDENTITY-DEFINED NETWORK

 


 

Click to expand

Business Value: Simple, Cost-Effective, Secure

 

Simple

Reduce PCI Compliance Time
by 30%

Cost-Effective

Decrease IT CapEx and OpEx costs
by 25%

Secure

Reduce attack surface
by 90%

 

The key to Tempered Networks’ winning playbook for micro-segmentation are crypto-IDs, zero trust, and simple orchestration. In the end, it all adds up to what we care about: meeting PCI compliance requirements and reducing cost to prepare and comply.