How Your Network Security Provider Maintains PCI Compliance

How Your Network Security Provider Maintains PCI Compliance

PCI Compliance affects millions of businesses around the world - e-commerce businesses, retail merchants and more. This article will provide you with information about PCI compliance and how your network security provider should help you maintain it. Whether you're a business owner, an executive, or an IT manager, the following information will be beneficial to you.


Payment Card Industry (PCI) is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standard, which is currently comprised of 12 guidelines, was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise.


The standard applies to all organizations which hold, process, or pass cardholder information from any card branded with the logo of one of the card brands, including shopping cart sites, e-commerce and retail merchants and other merchant services providers.


PCI compliance is critical for millions of businesses around the world.

What about yours? And how does your network security provider help you to maintain PCI compliance?

Your network security provider should be able to address at least 5 of the critical PCI compliance requirements. They should also support periodic audits by generating reports and information to validate compliance to corporate policies and identify noncompliance issues prior to an audit.


Building and Maintaining a Secure Network


PCI Compliance Requirement 1: Install and maintain a firewall configuration to protect cardholder data
PCI Compliance Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters


Network security providers maintain the integrity of the firewall by scanning for open ports that create outside access to the network.

As part of an applied security policy, blank passwords must be identified and checked against 25 other security best practices.

Maintaining a Vulnerability Management Program


PCI Compliance Requirement 5: Use and regularly update anti-virus software
PCI Compliance Requirement 6: Develop and maintain secure systems and applications


Your network security provider should provide some of the most comprehensive vulnerability monitoring available on the market, covering 6 distinct security domains:


Unapproved Software: Ensure that all software applications installed on your computer networks are approved by your company's security policy.


Suspicious Traffic: Detect abnormal traffic on your network that could indicate an attempt to access or manipulate your computers.


Intrusion Vulnerability: Identify open ports or other undesired access points that could put your network at risk of intrusion.


Malware Protection: Protect your network by ensuring antivirus and other network security software are installed, updated and functioning properly on all computers.


Updates & Patches: Assure all critical security updates and patches are installed, with Microsoft's minimum protection.


Security Practices: Ensure all your computers are configured and used in accordance with best practices for network security.


Agents: Monitor your network security status and lets you know how to solve any problems it detects.


Virtual Security Assistant: Provide 24/7 security for your entire network at a fraction of the cost of human domain experts.


Regularly Monitoring and Testing Networks


PCI Compliance Requirement 11: Regularly test security systems and processes


This includes monitoring your entire network, including laptops, 24 hours a day, 7 days a week. As a SaaS enabled product, network security constantly provides updated security best practices and policies to your network.