|
RedSeal SRM for PCI
Automates the Response to the Payment Card Industry Data Security Standard Requirement 1
RedSeal Systems is the first to market with a PCI audit tool that automates the response to Requirement 1 of PCI-DSS. Prior to the release of RedSeal SRM for PCI, security professionals have been manually reviewing thousands upon thousands of firewall rules and polices in an attempt to accurately document their stance against Requirement 1.The scale and complexity of today's networks makes it essentially impossible for a manual approach to be accurate. RedSeal SRM for PCI automatically conducts a network-wide analysis of your router and firewall configurations and polices, then produces a gap analysis and a work flow report for documenting the approved applications. The product also produces a standardized report showing the results of the assessment with regards to DSS Requirement 1.
Complete Network Topology Diagram
By collecting and analyzing network configuration data, RedSeal SRM for PCI produces an as-operated network diagram of the entire network infrastructure, including wireless networks, as defined in Requirement 1.1.2. The network diagram can also be exported as a Microsoft Visio document, GIF, JPEG or PNG.
Defined Network Zones
The Data Security Standard (DSS) Requirement 1 organizes the network into three primary zones, Untrusted or Internet, DMZ and the Cardholder Data Network. These zones provide the basis for understanding the scope of a PCI assessment. RedSeal SRM for PCI provides users with information and suggestions that make it easy to classify network assets into zones.
Automated Analysis of Network Architecture
DSS Requirement 1 focuses on the types of application traffic allowed between each zone. Given the complexity and size of most networks, it is extremely time consuming, and often inaccurate, to attempt this manually by reading firewall policies and router ACLs. RedSeal SRM for PCI automates the process of analyzing the entire network architecture to determine the allowed application traffic between any two points in the network. Automating this process not only saves an enormous amount of time, but also provides an unprecedented level of visibility into the network. Additionally, RedSeal SRM for PCI assesses the segmentation of your network based on DSS Requirement 1; firewalls must separate the untrusted networks from the DMZ, and the Cardholder Data Network from the DMZ and wireless networks.
Whitelist Approvals for Network Services
Utilizing the results of the RedSeal SRM for PCI network analysis, users can quickly understand the applications currently allowed on their network, identify applications that are not necessary for business, and create a whitelist of justifications for the applications that are necessary for business; as required by DSS Requirement 1.
Configuration Standards for Router and Firewalls
RedSeal SRM for PCI automatically assesses routers and firewalls for violations of industry best practice configuration standards. Additionally users can customize the configuration standards and create their own based on their business and compliance requirements.
PCI DSS Requirement 1 Compliance Report
RedSeal SRM provides an automated and comprehensive report of your current standing with regards to DSS Requirement 1. The report can be scheduled to be generated and delivered via email.
|
