NetFort Advertising

PCI Compliance

The Payment Card Industry Data Security Standard (PCI-DSS) requires organizations that process credit card transactions to prevent fraud by monitoring all access to cardholder data. LANGuardian helps you to implement the internal controls and reporting systems that enable you to protect sensitive data and demonstrate PCI-DSS compliance.

LANGuardian implements an independent and secure audit trail that cannot be modified. Together with its detailed reporting and drilldown capabilities, this allows you to prove PCI-DSS compliance to auditors.

Support for PCI-DSS requirements

The table below shows how LANGuardian helps you achieve compliance with each of the 12 requirements of the PCI-DSS standard.

PCI-DSS Requirement LANGuardian capability
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
  • LANGuardian includes a network intrusion detection system (NIDS) that analyzes network traffic against a continuously updated set of rules that identifies thousands of worms, vulnerability exploits, port scans, and other suspicious behavior.
  • A properly configured firewall will block known attacks and prevent
    unauthorized access to cardholder data. If a breach occurs because of unknown attacks or misonfigured rules, the detailed historical record of database traffic maintained by LANGuardian will enable you to reconstruct the series of events leading up to the breach so that you can identify the cause and prevent it recurring.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
  • Avoiding the use of vendor-supplied defaults is a fundamental principle of system hardening.
    Once your SQL Server databases have been hardened, you can configure LANGuardian to report on and alert you to
    any anomalies that occur, for example:
  • Database transactions involving the sa or Administrator account.
  • Inbound and outbound traffic involving ports that should have been closed during hardening.
  • Traffic packets containing unencrypted data.

Requirement 3: Protect stored cardholder data.

  • LANGuardian helps you to protect cardholder data by recording details of all accesses to tables containing cardholder data. You can view real-time up-to-date reports or be alerted to specific events such as access to a table by an unprivileged user. LANGuardian stores detailed information about each transaction, including the user name, encryption status, IP address, table, date, time, traffic volume, and SQL command issued.

Requirement 4: Encrypt transmission of cardholder data across open, public networks.

  • LANGuardian can detect whether the traffic it monitors is encrypted or not. You can configure it to generate reports or alerts when it detects unencrypted traffic involving data from tables that store cardholder data.
  • Many legacy database systems have been designed without full encryption, and would require substantial
    redesign to enable them to fully comply with the PCI encryption requirement. The PCI standard allows for database monitoring to be relied upon as a compensating control that will satisfy audit requirements when a legitimate technological or documented business constraint prevents full compliance with the standard.

Requirement 5: Use and regularly update anti-virus software.

  • LANGuardian works in parallel with standard anti-virus software to ensure the strongest possible protection for sensitive data:
    • Its network intrusion detection system protects against many kinds of suspicious behavior including worms, vulnerability exploits, and port scans.
    • Its historical database of network events can report and alert on patterns of behavior that cannot be detected from real-time analysis alone and may be missed by anti-virus software.
    • It can ensure that your anti-virus software is up-to-date, active, and generating audit logs.

Requirement 6: Develop and maintain secure systems and applications.

  • LANGuardian helps you to maintain a secure system and application environment by alerting you to policy breaches and suspicious behavior on the network. In particular, it:
    • Records details of every access to specified SQL Server databases and tables.
    • Alerts you in real-time to security breaches such as unencrypted data transmission, incoming and outgoing traffic on ports that should be blocked, and denial of service (DoS) attacks.
    • Verifies that systems are kept up to date with Windows and SQL Server updates such as service packs and security patches.

Requirement 7: Restrict access to cardholder data by business need-to-know.

  • Database systems and applications that deal with cardholder data must be designed and configured with
    this requirement in mind. Once they are deployed, LANGuardian ensures that your systems and applications conform to the requirement. You can configure real-time, policy-based alerts to notify you of any attempts by unauthorized users to access cardholder data. The alerts generated by LANGuardian contain detailed information about each transaction, including the user name, encryption status, IP address, table, date, time, and SQL command issued.
  • LANGuardian integrates with Active Directory, enabling you to easily identify the users involved in accesses to cardholder data.

Requirement 8: Assign a unique ID to each person with computer access.

  • Practically every computer system enforces a policy of assigning unique credentials to every user. However, it is technically and physically possible for more than one person to know a particular username and password, thereby generating a non-compliance with Requirement 8. This seldom arises in well-managed enterprise networks, but
    LANGuardian can help you to ensure compliance and satisfy the audit requirement. You can drill down through the traffic information to view details of all traffic by user name and IP address – if you find that a user is accessing the database from several different IP addresses, it could indicate that the username is being shared by more than one user.

Requirement 9: Restrict physical access to cardholder data.

  • This requirement is outside the scope of a software product such as LANGuardian. Physical access to cardholder data must be implemented by applying the appropriate physical security measures to protect the hardware on which the data is stored.

Requirement 10: Track and monitor all access to network resources and cardholder data.

  • LANGuardian has unique tracking and monitoring capabilities. From the raw traffic flowing through your network, it can detect all accesses to your SQL Server databases and tables, including details of the user name, encryption status, IP address, table, date, time, traffic volume, and SQL command issued.
  • If you have specific tables containing cardholder data, you can configure LANGuardian to report specifically on those tables or generate alerts whenever the tables are accessed.

Requirement 11: Regularly test security systems and processes.

  • LANGuardian delivers ongoing testing of your security systems and processes by continuously monitoring your SQL Server infrastructure, keeping a detailed record of all transactions, and providing you with alerts in real time whenever an alert criterion (for example, access to cardholder data) is met. The scheduling and reporting features of LANGuardian combine to help you demonstrate compliance with this requirement – by running reports at regular intervals and saving the output you can demonstrate that you are regularly testing your systems and processes.

Requirement 12: Maintain a policy that addresses information security.

  • LANGuardian makes it easy for you to maintain a policy that addresses information security. You can create alerts and reports to monitor the aspects of your SQL Server environment that are covered by your policy, and create a customized dashboard that displays an at-a-glance view of security policy compliance status.

Find out more

If you have any questions about how LANGuardian can meet your requirements, please contact us. If you would like to see LANGuardian in action, please try our online demo system or download a free 30-day trial to try it on your own network with your own data.

Talk to us now

Talk to NetFort today. Contact us at sales@netfort.com or call us at +353 91 426 565.

How to buy

We offer perpetual and subscription LANGuardian licenses based on the number of users on your network and the number of sensors you want to deploy. Specialized features are provided as optional modules, so you do not pay for them if you do not need them.

Learn more