PCI DSS

PCI Compliance

Protect your brand and bottom line—close PCI DSS security gaps

As an organization involved in payment card processing, you face ongoing pressure to not only comply with the Payment Card Industry Data Security Standard (PCI DSS), but to ensure you’re keeping pace with rapidly shifting security threats. As recent headlines show, the risks associated with noncompliance or a security breach are far too great to ignore.

eBook: 5 Steps to Reduce the Complexity of PCI Assessments
Learn how to make the assessment process smoother and more efficient

With Carbon Black you can ensure compliance with PCI DSS 3.1 while also protecting your servers and endpoints from evolving threats.

Stop ALL types and forms of malicious software.

Protect and secure in-scope, integrated and out-of-scope systems.

Ensure that security policies and operational procedures are documented, in use, and known to all affected parties.

Establish a process to immediately identify security vulnerabilities and assign a risk ranking.

Control change, which results in less data to analyze and reduced administrative effort.

Download the full PCI DSS mapping matrix

Requirement Coverage

Requirement 2: Systems configuration and default tracking

Carbon Black helps retailers control the execution of software, ensure that systems are prevented from drifting from their desired state, track changes to system configurations and allow only approved services and software to run according to the policy established for each endpoint. This enables your organization to detect in real time what is arriving, executing and propagating in your environment so you can better protect company assets and measure compliance risk at any time.Carbon Black’s threat intelligence capabilities can assist in keeping endpoint configurations in check by finding vulnerable applications in the enterprise. Carbon Black is “always on,” and can tell you if the vulnerable application has ever been seen, when it was last seen, and on which computers.

Requirement 5: Malware protection

Carbon Black’s real-time sensor and recorder and real-time enforcement engine stop advanced threats that evade traditional defenses including zero-day and targeted attacks.

Requirement 6: Secure systems and applications

Carbon Black enables organizations to apply real-time, proactive threat and trust measurements to the asset inventory, discover potential risky files, enforce control on the endpoints and provide immediate low-friction analysis and risk ranking of any potential file vulnerabilities discovered. Carbon Black can secure the system configuration and be a compensating control to extend the life of systems that are required to run unsupported versions of operating systems.Carbon Black makes it easy to identify the existence of any vulnerable application, without scanning, which means a higher detection rate in a shorter amount of time.

Requirement 7 and 9: Restrict data access

When users log into a system protected by Carbon Black, they are restricted to run only preapproved applications. Carbon Black also can restrict access to portable storage devices containing cardholder data and ensure only authorized staff are allowed to copy cardholder data to portable storage devices.

Requirement 10: Regularly monitor and track access

Carbon Black’s file-integrity control capability tracks all changes and events by users, blocks unauthorized activities and ensures that only authorized processes can write to log data files. Plus, Carbon Black easily integrates with SIEM consoles to provide immediate intelligence about monitored assets and compelling security events-all from a single pane of glass.Carbon Black’s visibility, detection and incident response solution is “always on,” allowing the ability to actively monitor system and file components proactively and maintain audit trails of associated events. Carbon Black enables end users to collect and retain the precise data points that are needed during an investigation, including records of execution, file system modifications, registry modifications, network connections, and a copy of every unique binary executed.

Requirement 11: Protect critical system files

Carbon Black file-integrity control prevents unauthorized modification of critical system and content files while ensuring only authorized processes can write to these files. With Carbon Black, organizations receive analyzed data in real time so they can act immediately to guard and protect all critical systems and data.Carbon Black’s unique ability to select and specify custom watchlists of files, track, monitor, and recording all event data associated, will enable the protection of critical and sensitive log data and configuration files.

Requirement 12: Policies and procedures

Carbon Black’s automated reporting features provide the real-time, actionable intelligence organizations need to monitor compliance, identify any unexpected activity or event, notify end users and company personnel of updated and recent security policy changes, and proactively improve their security postures. In addition, Carbon Black’s compliance services provide the security awareness training needed to ensure that policies are up to date, disseminated and understood by the parties that are most affected by PCI compliance.