The widespread use of credit cards for virtually all of our financial transactions has increased exponentially with the rapid adoption of e-commerce throughout the worldwide economy. With the increased use of credit cards comes the increased risk of fraud through credit card information theft and misuse. Stolen credit card data now has a monetary value on the street, and determined thieves have capitalized on failures to protect the data networks of businesses that process credit card transactions. The need to secure credit card transaction data at every level of business has never been greater, and a new set of security and privacy requirements, known as the Payment Card Industry (PCI) Data Security Standard, has created a compliance challenge for all companies that accept credit cards.
The PCI standard holds all businesses that process credit card transactions to a minimum security standard for protecting cardholder data. PCI requires companies to comply with 12 guidelines for protecting and storing data, encrypting data, maintaining security protocols for data access, and establishing strict information security policies. PCI compliant organizations need to assign a unique ID number to every employee who has access to credit card data, and each company must track data access patterns for every employee. It is evident that the PCI standard recognizes that most of the breaches of information security come from the inside, and its requirements address this issue directly, posing a significant challenge for most IT organizations.
The ubiquity of data networks driven by the vast efficiencies in communication and information sharing has given rise to established best practices for external network security. Most network security technologies have been designed for the perimeter, which is an organization’s first line of defense against malicious intrusion while ensuring the safe exchange of data with customers and partners. For the most part, the internal network has been underestimated as an entry point for theft or attack. New approaches to network security must be adopted to eliminate the vulnerability of the internal network.
A new category of holistic network security technology has emerged that blends traditional network security tools that protect the perimeter of the network with network performance technology. The confluence of network security and network performance creates a secure sphere of vigilance from the core of the network to its edge, enabling IT managers to watch for internal breaches of established security protocols at the same time they are monitoring for external infiltration.
PCI compliance requires a shift of attention to the interior of the network. It requires that network security managers know the established network conversation patterns of every employee, who has access to which servers, what data must be encrypted, and how to restrict access to the most sensitive data stores. PCI requires a new breed of security technology that can ensure the same level of security for internal operations as for the perimeter.
The ideal solution would be able to track routine network usage by every employee, identify when and how critical servers are being accessed, harden and segment networks to proactively prevent unauthorized access to confidential information, and prevent attacks from compromising legitimate access to critical information. This new network security solution should perform the following functions to address PCI compliance:
– Assess: The solution should be able to learn the behaviors of networked applications and users and use this model to identify the presence of latent vulnerabilities.
– Monitor: The solution should collect real-time flow information from switches, routers, and packet capture devices on internal networks; it then would be able to evaluate each individual flow and detect deviations from normal network behavior.
– Enforce: The solution must be able to apply network access control and allow network security managers to deploy “virtual perimeters,” a new security technology that allows enterprises to generate and simulate the impact of internal switch or firewall rules.
– Report: The solution should provide details on security events, create policies, and implement procedures for protecting critical assets.
A solution that takes sophisticated network performance technology and applies it to the complex problem of internal network security finally will allow IT managers to control the entire networked landscape – maintaining control on the interior of the network while patrolling the perimeter. By providing visibility into the vulnerable areas of the interior and the normal behavior of its users, this new solution eliminates exposure to internal attack, facilitates the immediate detection of unauthorized data access, and ensures business continuity.