Transcript Trust Guard PCI Certification Solution Features

Trust Guard PCI Certification Service
Technical White Paper
Trust Guard provides PCI DSS Compliant Scans that
exceed PCI requirements.
T
he fact is that all businesses that store, process, or transmit payment cardholder data
must be PCI-compliant. There are certainly many avenues available today through
which to achieve compliance, but it is well to note that the security requirements are
rigorous, the compliance mandate specific and absolute, and the road to compliance
an often-changing endeavor.
What’s more, your IT administration team is surely more concerned about maintaining your
enterprise day-to-day than it is in implementing strategic processing benchmarks, particularly when
they are subject to change at a moment’s notice.
If you process transactions from American Express, Discover, JCB, MasterCard, and Visa
International, you need a secure environment that puts as few demands on your existing resources
as possible, securely implement all PCI DSS controls, and have the confidence your transaction
environment will retain its compliance in the event of modifications to the standard.
Trust Guard offers you all of this and more, It requires no changes to your infrastructure, no
purchase of additional hardware or network security mechanisms, or any maintenance whatsoever
by your otherwise-engaged IT team. We provide seamless compliance through managed private
clouds.
Trust Guard Technical White Paper
1
PCI DSS Compliance Summary
Trust Guard is positioned in the forefront of providing vendor compliance services with the
Payment Card Industry Data Security Standard. PCI DSS is a self-imposed mandate by
the payment card industry for safeguarding all data associated with credit and debit card
transactions. It applies to all companies that process and maintain cardholder data, and is
endorsed by Visa Inc., MasterCard Worldwide, Discover Network, American Express and
JCB.
The critical importance of safeguarding personal transaction data cannot be overestimated.
It speaks to the credibility of an organization, the integrity of its business practices, and
ultimately its veracity as a business itself.
Our PCI Compliant Service Provider status assures you that our strategy meets or exceeds
all existing PCI standards.
We employ a multi-tiered, comprehensive suite of services to assure PCI DSS-compliance
and perform frequent assessments of our solutions in the face of changing and emerging
technologies. PCI DSS is a road map of a changing road, and we will not use obsolete
strategies in an arena of such high stakes.
How our Security Scanning works
Trust Guard Technical White Paper
2
Web Application Scanning Service
Trust Guard scans all applications residing on your enterprise’s web servers, proxy
servers, web application servers, as well as all active web services. The scanner crawls
your entire website, analyzing each file it finds and displays the entire website structure. It
then performs an automatic audit for common web security vulnerabilities by launching a
series of Web attacks. Web applications are deconstructed on the code level to reveal
potentially malicious code sequences and embedded scripts that could launch an attack.
A total vulnerability solution for your enterprise includes Trust Guard’ network vulnerability
scanning. It scans all open network ports, IP addresses, and network-resident operating
systems to safeguard all processing and data-handling across your entire network.
We are confident that Trust Guard is among the most refined and accurate web application
vulnerability scanning solutions ever devised. We run literally thousands of scans per day,
and are experts in both their deployment and their subsequent interpretation.
The net results of performing a web application audit using Trust Guard are:
• Enhanced web application security
• Improved risk visibility
• Diminished web application maintenance costs
• Compliance with regulatory agency mandates
Trust Guard recommends a complete vulnerability scan of a network at least on a quarterly
basis.
Trust Guard PCI Certification Solution Features
•
•
Detects vulnerabilities from a current database of known existing flaws
Deep scanning capabilities detect and report alerts for the following types of
vulnerabilities:
• Cross Site Scripting (XSS)
• SQL Injection Flaws
• Information Leakage and Improper Error Handling
• Broken Authentication and Session Management
• Failure to Restrict URL Access
• Improper Data Validation
• Cross Site Request Forgery (CSRF)
• Insecure Direct Object Reference
• Insecure Cryptographic Storage
• Insecure Communications
• Malicious File Execution
Trust Guard Technical White Paper
3
•
•
•
•
•
•
•
Analyzes an application’s code content, including PHP, ASP, .NET components, and
JavaScript
Detects sensitive content in HTML (transaction card data, SSNs)
Crawls and analyzes all website components, including Flash objects, SOAP app-toapp communication links, and AJAX routines
Finds SQL injection flaws, cross-site scripting
Uses browser emulation to find and test all links
Deep level scans and through coverage
Low false positives/negatives ratio
Many out of the box web application vulnerability scanners are available, but none come
with the networking security credentials of Trust Guard. Our customized solution is
constantly updated to reflect newly discovered problems and security flaws, and our results
are guaranteed. Our many years of network security service stand behind every scan we
perform.
Trust Guard PCI Certification solutions offer Merchants, Service Providers and Authorized
users access to a web based Security portal. The easy-to-use interface enables users to
enter their IP address information and instantly initiate PCI Compliance Scans. Users may
also repeat or reschedule their Security Scan at no additional cost. Following the
completion of a Security Scan, the user will receive a Detailed Vulnerability Report and an
Attestation of Compliance Report. The Attestation of Compliance Report is the document
required by your merchant bank to confirm compliance.
Trust Guard® LLC, All Rights Reserved, the reproduction, distribution, display or
transmission of the content of this site is strictly prohibited. All other company & product
names may be trademarks of the respective companies with which they are associated.
Our Certified ASV scanning partner is Clone Systems, Inc. Clone Systems.
Trust Guard Technical White Paper
4