Payment Card Data Scanning Service

Transcription

Payment Card Data Scanning Service
Payment Card Data Scanning Service
If you handle payment card information, can you be certain
that you aren’t storing any payment card numbers in
plaintext anywhere on your internal systems?
NCC Group’s Payment Card Scanning Service is an important
tool in ensuring your handling of payment card data is in
line with best practice and industry standards. We scan
your internal infrastructure, files systems, mail servers and
databases to identify any unencrypted payment card data
currently being stored.
Scan
Validate
Report
Comprehensive informaVerify and classify the
Perform scans against all
tion about identified
infrastructure considered results of the scan based
payment card data
in-scope of the exercise on the pre-agreed criteria
Security
Consulting
Delivered via our secure Firebase Appliance, our Payment Card Scanning
Service can be performed as a one-off scan, or on a more regular basis to
provide continued assurance that your internal infrastructure is free from
plaintext payment card data.
We can perform both agent and network based scanning so that resource
overheads for performing the scans can be easily managed based on your
requirements:
Agent-based scanning
• We install a scanning agent on the target device that has been identified to run the scanning and classification
• Minimal CPU power is required on target device to run the scans
• Scanning can run quicker
Network-based scanning
• Nothing is installed on the target device as all scanning and classification is performed by the Firebase Appliance
• Minimal network overhead as data is downloaded to the Appliance
• Easily scalable
How it works
We configure and ship a custom built Firebase Appliance to you, which
once installed within your infrastructure, can be used to carry out the scan
against a pre-agreed scope of testing.
The scanner is designed to interrogate over 150 of the most commonly
found file types, looking for payment card data that is being stored
unencrypted. Files being scanned include various Microsoft Office files
(.doc, .xls, .ppt, .msg etc), text-based documents (.txt, .pdf, .rtf, .xml etc) as
well as the contents of compressed files (.zip, .gz etc).
As part of the service we offer flexible reporting, enabling you to determine
how you would like the information classifying in the reports. All identified
payment card data can be tagged using two categories, and the contents
of these two categories are completely customisable.
During the setup of your service, your Technical Account Manager will
discuss your requirements with you to ensure that they fully understand
how you want your results presented upon completion.
Key features
• Speed: Our scanner has a high data throughput and is capable of scanning multiple hosts concurrently
• Flexible: We can perform both Agent and Network based scanning based on your requirements
Why run a payment card data scan?
• Assurance that you are in line with best practice and industry standards, such as PCI Compliance
• Protection of your reputation in the event of data exposure or critical data leakage
• Remediation of any weaknesses or instances within your business processes which are responsible for leaked card data
• Education to ensure that employees know how to follow best practice by not storing unencrypted payment card data on their workstations and within corporate emails.
Why use a managed service?
• No training required: All of our scans are run by our expert Technical Account Managers who have been using our scanning software for years so there is no need for you to train your staff.
• No internal resources required: Our Appliance can be operated remotely by our trained staff from our Network Operations Centre in Manchester via a secure VPN connection
•
Increased time for higher value activities: As part of the Validation phase, your Technical Account Manager will attempt to identify all false positive results and classify them accordingly, allowing you to focus your time and effort on higher value activities
About NCC Group
NCC Group is a global information assurance specialist, passionate about
changing the shape of the Internet and making it a safer place. Through an
unrivalled range of services, we provide organisations with freedom from
doubt that their most important assets are protected and operating as they
should be at all times.
Information assurance is delivered through expert escrow, verification,
security consulting, website performance, software testing and domain
services.
About Security Consulting
NCC Group’s security consulting services strengthen your position in the
cyber arms race by helping you to identify risk and formulate a robust
security strategy.
With our unique set of skills, expertise and services we are on hand to help
you to quickly understand, contain and mitigate any breach.
With the world’s largest security assurance team and top level
accreditations, we are the trusted advisor to over 1,750 organisations
worldwide.
• Comprehensive: Our scanner is capable of analysing over 150 of the most commonly seen file types
• Minimal-Disruption: Both scanning mechanisms use minimal resources so should not affect day to day operations
• Scalable: Agentless scanning means target scope can be increased quickly and easily
For more information on Payment Card Data
Scanning Services from NCC Group, please
contact:
NCC Group
Manchester Technology Centre
Oxford Road Manchester M1 7EF
+44 (0) 161 209 5111
response @ nccgroup.com
www.nccgroup.com
V2/10.14