1. Install and maintain a firewall configuration to protect data ... Keep a current network diagram with all connections to cardholder data, including wireless networks.

NitroGuard IPS includes a firewall which supplements existing firewall protection with both anomaly and signature detection capability. NitroView monitors, reports, and alerts on activity from popular firewalls.

NitroView also provides multiple device discovery methods to build complete network topologies, including end-user and rogue device detection. All flow information to and from critical servers is reported.

2. Do not use vendor-supplied defaults for system passwords and other security parameters.

NitroGuard IPS monitors and alerts at the application source, providing automated risk assessment of system audit settings, user credentials (local and domain); reports on default accounts, deviation from password policy and security best practices; and, continuously monitors changes to account passwords and access to systems and databases.

In addition, NitroGuard IPS allows signature-based blocking of known default passwords and parameters.

3. Protect stored data.

NitroGuard IPS protects at stored data at the source by monitoring all database activity directly, protecting sensitive objects such as files and database tables that may contain encryption keys by monitoring access and providing real-time alerts when there are unauthorized changes.

NitroGuard IPS protects at network perimeter and critical areas within the network.

NitroView ESM provides unified DBM, IPS, flow and log analysis to protect the entire network, providing visibility across all areas.

4. Encrypt cardholder data and sensitive information across public networks.

All NitroSecurity products support this initiative through encryption of data "on the wire" between NitroView and NitroGuard systems. In addition, encryption of raw log files is provided by NitroView LogCaster.

5. Use and regularly update anti-virus software.

NitroGuard IPS assesses servers and workstations to ensure that anti-virus software has been installed and processes are running. Detects & alerts when a process is stopped, and even restart it automatically.

NitroView ESM integrates these activity alerts with attack events, flows, and information from leading Vulnerability Assessment (VA) and Antivirus (AV) solutions, providing easy analysis and reporting on system patches, security levels, and anti-virus software updates, and the relevant risk of threat activity.

6.4 Follow change control procedures for all system and software configuration changes.

Systems are secured through protection at the source using NitroGuard IPS database activity management, at the Edge with NitroGuard IPS intrusion prevention, and across the entire network using NitroView ESM. Reports are available on patch updates to windows servers and workstations, vulnerability of systems, threats, threat response activity, and other relevant events and functions.

NitroGuard IPS satisfies the difficult requirement of PCI 6.4, with the ability to track user & administrator sessions and reconcile with change control tickets. Out of process database changes, policy violations & anomalies are also identified.

7. Restrict access to cardholder data by business need-to-know

NitroView monitors, reports and alerts on events related to logon failures, access denied errors, data access policy violations including access from unauthorized users, applications or networks to cardholder data. Identity awareness across collected event, flow & log data provides difficult to acquire context to reports.

8. Assign a unique ID to each person with computer access ... ensure that actions taken on critical data and systems are performed by, and can be traced to, known and authorized users.

NitroGuard IPS identifies the use of logon accounts by more than one individual or client and expired accounts, and captures all events related to user account provisioning, privilege escalation (8.5).

NitroView correlates these events with other event, flow and log activity that are associated with the user/accounts in question, and provides comprehensive reporting on user and account activity.

9. Restrict physical access to cardholder data.

While physical access restrictions are typically beyond the scope of a security management system, NitroSecurity can support these efforts through the collection and reporting of events from physical security systems.

10. Audit all access to network resources and cardholder data.

NitroGuard IPS directly monitors all access to cardholder information at the source. Logs all administrator activity by default. (10.2) Provides individual user audit-trail of access to cardholder data, including failed access attempts, starting/stopping auditing processes, and changes to system objects. (10.3) Logs an audit-trail of all access to system objects. (10.5) Secures audit trails so they cannot be altered or even viewed by unauthorized personnel.

NitroView ESM performs data analytics for both user and system activity, providing additional context to DBM alerts (such as identity, location within the network, and other user behavior). NitroView LogCaster provides compliant storage of raw log data for auditing purposes, including (10.6) report acknowledgement to ensure daily review of log reports, (10.7) retention of original raw logs.

11.4 -- Use network intrusion detection systems, host based intrusion detection systems and intrusion prevention systems to monitor all network traffic and alert personnel to suspected compromises.

11.5 -- Deploy file integrity monitoring software to alert personnel to unauthorized modification of critical system or content files ...

The NitroGuard family provides network intrusion detection and prevention, database activity monitoring, and monitoring of all network traffic for security events and correlating events to network flows, device logs, and other data sources in real time. Provides "live" traffic monitoring as well as forensic event management to identify and isolate security breaches, attacks, and anomalies. Satisfies the difficult requirement of PCI 11.4, which requires real-time monitoring of both security events and network traffic data.

NitroGuard IPS provides continuous monitoring of critical system files and database tables to ensure their integrity. Additionally, a framework is provided for executing scripts on target servers for assessing, reporting and enforcing corporate policies.

12. Maintain a policy that addresses information security.... Include alerts from intrusion detection, intrusion prevention, and file integrity monitoring systems.

NitroSecurity's solution satisfies PCI item 12 in three ways: by providing the necessary IPS and database activity reports alerts that must be addressed; by providing compliant storage for that data; by providing the means to produce comprehensive reports.