Most any organization that stores, processes, or transmits payment card data is likely well aware of the Payment Card Industry Data Security Standard (PCI DSS). For these organizations, maintaining and documenting PCI compliance is an ongoing and often laborious process. ThreatX brings a new approach to application security that not only helps address PCI requirements but does it far more consistently across many types of applications and with far less effort than traditional WAFs.
A WAF is one of the most valuable tools for PCI compliance and is referenced in PCI Requirement 6.6. Specifically, the requirement states:
For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the following methods:
- Installing an automated technical solution that detects and prevents web-based attacks (for example, a web-application firewall) in front of public-facing web applications, to continually check all traffic.
The requirement further calls out additional details in terms of what the technical solution needs to do. This includes:
- Is situated in front of public-facing web applications to detect and prevent web-based attacks.
- Is actively running and up to date as applicable.
- Is generating audit logs.
- Is configured to either block web-based attacks, or generate an alert that is immediately investigated.
ThreatX not only meets these requirements but also provides advantages over traditional WAFs that can both improve the overall security of the application and cardholder data while reducing the burden of maintaining compliance. Let’s look at each of the requirements in more detail.
|Requirement||How ThreatX Can Help|
Situated in front of public-facing web applications to detect and prevent web-based attacks
The seemingly simple requirement to sit in front of applications has gotten considerably more complicated in recent years. Applications may be hosted in public, private, or hybrid cloud environments. Application functionality may be accessed via APIs and/or deployed as microservices within pods. This has made it increasingly difficult for organizations to protect all of their applications and the many paths to them.
ThreatX provides a cloud and API native approach to application security that easily covers all of an organization’s applications. Protection can be extended to both traditional and cloud applications and sensors can be built into Kubernetes pods to ensure that protection can be extended anywhere that contains cardholder data. Unlike traditional WAFs, native API support means that ThreatX decodes JSON and WebSockets to provide the same level of protection for APIs that are delivered to the web front end. This ensures that PCI compliance is extended uniformly across all applications and their many components.
Actively running and up to date as applicable
The need to constantly update and tune signatures and rules has long been one of the most time-consuming challenges of maintaining a WAF.
ThreatX provides a behavioral approach to threat detection that learns both application and attacker behaviors automatically, vastly reducing the need to customize and tune rules. Additionally, ThreatX includes access to ThreatX SOC services as part of the solution, allowing organizations to offload any additional technical work to highly trained experts. This combination of functionality and services means that organizations can easily ensure that their protections are up to date as required by PCI.
|Generating audit logs|
Generating audit logs is a relatively straightforward requirement, and ThreatX naturally generates logs of all important events. This information can be integrated into SIEM tools or used to generate reports to assist with the documentation of compliance efforts.
ThreatX’s risk-based approach to security automatically aggregates many individual events and logs into an up-to-the-minute view of risk to the organization. This allows the system to generate events and logs that are pre-correlated and include important security context of an event.
ThreatX offers PCI compliance reporting out-of-the-box. Customers get a reporting solution that clearly highlights the key requirements for PCI, eliminating the need to augment the data from a log emitter or integration point.
Configured to either block web-based attacks or generate an alert that is immediately investigated
Traditional WAFs have often struggled with the problem of false positives, which has made organizations less likely to use automated blocking rules. As a result, many alerts often required manual investigation, which in turn could overwhelm SOC and IR staff.
ThreatX makes blocking decisions significantly more accurate and reliable by bringing together multiple detection strategies into a single risk-based context. This includes application and attacker behavior profiling, active interrogation and deception techniques, and shared intelligence gained across all ThreatX customers. All of these aspects are integrated into an overall risk score that can be used to make highly reliable automated blocking (and unblocking) decisions. Likewise, alerts include all the relevant context for an event, and integration with SOAR tools can automate a wide variety of responses based on policy. This ensures that organizations can ensure the CDE remains protected instead of simply documenting attacks.
These are just some of the ways that ThreatX can help organizations meet and exceed their PCI requirements. While PCI is nothing new, the threat and application landscapes are undergoing considerable change. These changes will have a substantial impact on how organizations will need to approach PCI compliance. ThreatX continues to make compliance and the reporting behind it an engineering priority to ensure that our customers can face these challenges consistently and efficiently. To learn more about ThreatX and PCI compliance, contact us at firstname.lastname@example.org.