BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Vulnerability Scanning for PCI DSS Compliance with BeyondTrust Retina

Posted May 19, 2014    Morey Haber

PCI-Approved-Scanning VendorI’m pleased to announce that BeyondTrust’s Retina Enterprise Vulnerability Management has successfully completed PCI Scanning Vendor Compliance Testing. This means that Retina meets all PCI Security Standards Council requirements to perform PCI data security scanning. This also marks the fifth year that BeyondTrust is an Approved Scanning Vendor (ASV).

Where Vulnerability Scanning Comes into Play for PCI DSS Compliance

The PCI Data Security Standard (PCI DSS) has been a hot topic in the IT security industry since it was first released in 2004. If you work with a merchant or service provider subject to the PCI DSS, you probably already know that the Standard requires you to conduct quarterly vulnerability scans of systems that store or process card holder data. Here’s the excerpted summary of PCI DSS Requirement 11.2, which mandates vulnerability scanning:

11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).

If you need a refresher, you can find the full details in PCI DSS v3.

Why Retina is Different from Other PCI Scanning Solutions

BeyondTrust isn’t the only PCI ASV to be authorized by PCI, but I’ll put a stake in the ground as to why BeyondTrust and the Retina vulnerability management solutions are better than the rest. It really comes down to three things:

1. Zero-Gap Coverage for Diverse Payment Card Data Environments

Retina provides vulnerability scanning coverage across network, web, mobile, cloud and virtual infrastructure. Retina can scan any IT asset for vulnerabilities that pose PCI DSS compliance risks. While traditional network scanning is nothing new, many merchants and service providers are looking to virtualization to save costs and increase efficiency. If you happen to be using a VMware environment to house cardholder data, check out the BeyondTrust VMware Solution Guide for the PCI DSS. For information on closing other PCI scanning gaps, read our white paper: Reduce the Cost of PCI DSS Compliance with Unified Vulnerability Management.

2. Integrated Patch Management for Mitigating Vulnerabilities that Jeopardize PCI Compliance

Vulnerability scanning is critical to addressing security exposures in card data systems, but it represents only half the battle; you need to fix the problems that you find. Fortunately, Retina closes the loop on vulnerabilities with integrated patch management capabilities. Via an optional module, Retina connects with Microsoft WSUS and SCCM for patching Microsoft operating systems and applications, as well as applications from other vendors. Patching information can then be shared with Retina’s Regulatory Reporting and Configuration Compliance Modules to prioritize patch management based on risk profile.

3. Unmatched Reporting for Measuring and Proving PCI Compliance

When you use Retina CS Enterprise Vulnerability Management, you automatically have access to the centralized BeyondInsight reporting and analytics console. This gives you access to over 260 standard reports, including several designed for PCI reporting that go above and beyond the specification in the DSS 3.0 standard to truly make assessment “business as usual.”

Here are a few examples of Retina PCI reports, many of which offer interactive drill-down and filtering capabilities:

  • PCI Compliance Overviews:  display pass/fail compliance status for individual assets and asset Smart Groups

PCI-Compliance-Report

  • PCI Scorecards:  map vulnerabilities to PCI severity level and indicates how long vulnerabilities have been outstanding in the target environment

PCI-Open-Vulnerabilities-Scorecard

  • PCI Severity Trends:  track PCI vulnerability counts by severity over a selectable time period

PCI-Severity-by-Day-of-Month

  • PCI Severity Deltas:  detail monthly PCI severity deltas (added, removed and existing vulnerabilities)

PCI-Severity-Deltas

See How Easy PCI Vulnerability Scanning Can Be

As someone famous once said, don’t take my word for it; try it for yourself:

> Request a free trial of Retina CS Enterprise Vulnerability Management
> Learn more about Retina CS

Tags:
, , , , , , ,

Leave a Reply

Additional articles

PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,
PowerBroker for Windows tamper protection

PowerBroker for Windows 6.6 Tamper Protection

Posted July 18, 2014    Morey Haber

I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy…

Tags:
, ,
PowerBroker for Windows can be configured to automatically identify the end user’s language preference

Implementing Least Privilege Around the World with PowerBroker for Windows

Posted July 17, 2014    Morey Haber

BeyondTrust recognizes that international, multilingual businesses have unique operating challenges, especially when it comes to implementing enterprise software. PowerBroker for Windows is a least-privilege solution often deployed across thousands of systems spanning multiple geographies and protecting users of diverse backgrounds. Earlier this year, PowerBroker for Windows introduces new data privacy features for EMEA and APAC,…

Tags:
, ,