Showcase the implementation of enhanced security controls to regulators and customers, especially in the wake of recent high profile data breaches at service providers and merchants.
Enable your organization to comfortably extend services from major payment brands including VISA, Master Card, American Express and acquiring banks in the region.
Satisfying the PCI DSS international standard will give your organization’s security compliance automatic global recognition
Enter into the market as a PCI DSS certified entity from day zero putting you first among similar organizations in your region.
• Maintain a vulnerability management program that regularly monitors and tests networks
• Develop and maintain secure systems and applications
• Regularly test security systems and processes
PCI Standard 11.2 requires that an organization “Run internal and external network vulnerability scans at least quarterly and after any significant change to the network.” As an Approved Scanning Vendor (ASV) and certified by the PCI council, Paladion uses the industry’s leading internal and external scanners to run vulnerability scans to help you comply with all standards.
PCI requirement 11.3 states that you must “Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification.” Paladion offers continuous testing of over 200 networks each year to maintain ongoing compliance and ongoing security.
PCI Section 6.3.7 requires a “Review of custom code prior to release to production or customers in order to identify any potential coding vulnerability.” Paladion has vast experience in code reviewing applications that include online banking, embedded systems, online trading and document management systems.
PCI Section 11.3.2 asks organizations to “Verify that the penetration test includes application-layer penetration tests at least once a year.” Paladion has one of the largest application penetration testing practices in the world with experience testing more than 1000 applications.
PCI requirement 6.5a requires that a company “Verify that processes require training in secure coding techniques for developers, and are based on guidance such as the OWASP guide.” Paladion provides an Application Security Training Service specifically designed to satisfy this requirement with online training to prepare all of your developers in the most cost-effective way.
PCI requirement 1.1.7 requires that a company “Review firewall and router rule sets at least every six months.” Paladion provides comprehensive assessment of Access Control List reviews for firewalls, routers and switches to assist organizations in remediating and meeting PCI DSS compliance requirements.
PCI requirement 2.2.3.a requires that a company “Inspect configuration settings to verify that security features are documented and implemented for all insecure services, daemons, or protocols.” In addition to Paladion’s non-intrusive configuration review methodology, we use scripts developed in-house to collect configuration settings. The results from these scripts are then analyzed against the secure configuration checklist from which reports are prepared. Our secure configuration checklist is based on well known standards such as CISecurity, SANS Top 20, Vendor guidelines, NIST guidelines and our industry experience that complies with PCI DSS requirements.
PCI requirement 11.1 demands that a PCI compliant organization “Test for the presence of wireless access points by using a wireless analyzer at least quarterly or deploying a wireless IDS/IPS to identify all wireless devices in use.” Paladion offers cost effective services to detect authorized and unauthorized (rogue) Wireless access points in your network, assist in remediating them and meet the wireless scanning requirements.
As part of PCI requirement 11.3 on penetration tests, the intent of the standard requires penetration tests to be performed on the authorized wireless access points as part of the CDE. Paladion offers cost effective services to conduct comprehensive wireless penetration tests and recommendations to fix the gaps (if any) and meet PCI DSS requirements.
• Regularly monitor and test networks
The PCI DSS Requirement
• Track and monitor all access to network resources and cardholder data
• Remote monitoring and log management
• Paladion’s PCI Compliant Log Monitoring Solution is designed specifically to comply with PCI requirements for businesses of all sizes.
Paladion has leveraged its extensive experience in the design, implementation and maintenance of security processes and infrastructure to devise a proven methodology for clients to achieve PCI compliance in a quick and cost effective manner.
Paladion are the experts and leaders in the field with over 400 customers in North America, Asia, and Europe that rely on Paladion for all of their compliance needs. If you are preparing for PCI compliance, Paladion provides what you need to ensure you exceed all standards and more importantly, keep your sensitive data secure in the long term. You can select the entire Paladion PCI Compliance suite for comprehensive protection or choose specific modules for an immediate customized compliance program.