PCI DSS V3.0 Solution for a High Network Security Standard

Solution Brief

Protecting Against Credit Cardholder Data Threats Highlights and Benefits: Credit card fraud is a growing threat to both financial institutions and retail organizations. Different methods and technologies were developed throughout the years to mitigate this risk. In 2004, the 5 major US credit card companies cooperated to implement a standard to counter the threat The Tufin PCI DSS V3.0 Solution together. The united standard is called “Payment Card Industry Data Security Standard” (PCI DSS). facilitates the planning, integration and Complying to PCI DSS audits is a big challenge for IT managers and PCI DSS internal auditors. Especially pressing as PCI DSS V2.0 ended its life in December 2014 and the next periodic 6-month implementation for PCI DSS compliance audit approaches using V3.0. with best practices for operational network and security teams. IT managers and PCI The Tufin PCI DSS V3.0 Solution helps organizations to meet the PCI DSS V3.0 requirements related DSS internal auditors can now: to network security in an efficient, quick and manageable way for ongoing success. Tufin’s solution addresses the common issues that IT organizations face when implementing changes for PCI DSS • Gain the right tools for PCI DSS audits. It ensures that the enterprise is V3.0 audit-ready for network security with minimum audit compliance and ongoing success preparation time and cost, increased IT agility, and a high, sustainable network security standard. including: Out-of-the-box PCI DSS audit report With Tufin’s solution, PCI DSS internal auditors and IT managers have less compliance concerns. for quick and thorough preparation They maintain business-as-usual activities, while keeping the organization PCI DSS V3.0 compliant. They have the right tools for an accurate picture of compliance posture with the out-of-the-box ability Complete audit trail of who made to demonstrate compliance through internal and external audits. Tufin’s PCI DSS V3.0 Solution each change to network devices meets the business’ complex network security challenges with best practices for ongoing success. Up-to-date picture of the compliance status of firewalls and routers Enabling an Automated PCI DSS Compliance Process Simple and flexible method to define for Ongoing Success zones for network segmentation

About 40% of PCI DSS is related to network security, the crux of the headache, pitfalls and Security rule documentation for disturbance for PCI DSS internal auditors, IT managers and their teams. To integrate a repeatable policy rules, mismatch, and business compliance procedure that doesn’t disrupt the operational network and security teams, it’s simply not justification feasible to manually manage this effort. • Automate change tracking and alerting to continuously monitor policy changes The Tufin PCI DSS V3.0 Solution provides automated solutions to navigate the many network paths and violations and segments. It enables centralized network security configuration based on the desired network security policy. IT managers benefit from Tufin’s orchestration of an automated compliance process • Integrate into existing processes with continuous change tracking and alerting. The Tufin PCI DSS Solution monitors all policy seamlessly with ITSM-like change and changes, checks for PCI DSS compliance automatically, and alerts to potential violations. Automated approval change and approval processes enforce compliance policies and separation of duties. IT managers • Reduce audit preparation time and cost and their teams are freer to focus on important network security challenges. by over 50%

www.tufin.com Using the Right Network Security Tools for Quick Visibility and Remediation Tufin at a Glance The Tufin PCI DSS V3.0 Solution manages change and approval processes that seamlessly integrate into your current ITSM process. The Tufin PCI DSS browser provides a network status overview. The Tufin PCI DSS audit report and other documentation makes it easy to prepare quickly and thoroughly Offices: North America, Europe for an internal or external audit with an accurate record of who made changes, for full accountability. and Asia-Pacific

Proper network segmentation must be addressed from the start, and is strongly recommended by More than 1,600 in over the PCI DSS council. Tufin’s solution provides a robust, yet simple method of enforcing network Customers: segmentation and zones, which can reduce the scope and cost of compliance. 50 countries

Reducing PCI DSS Audit Preparation Time by Over 50% Leading Verticals: Finance, telecom, energy and utilities, healthcare, retail, Establishing PCI DSS compliance can be extremely resource-intensive. For medium to large education, government, manufacturing, organizations, the many tasks involved in documenting, tracking and auditing network security transportation and auditors procedures manually can take weeks. With the Tufin PCI DSS V3.0 Solution, companies can substantially reduce the time and cost of PCI DSS compliance. Tufin’s solution typically reduces Channel Partners: More than 240 audit preparation time by more than 50%, while enabling continuous compliance with the PCI DSS worldwide standard. PCI DSS internal auditors and IT managers use Tufin’s solution to make their job simpler. Technology Partners & Supported Platforms: , BMC, Blue Coat, , Cisco, F5 Networks, , Intel Security, , Microsoft Azure, OpenStack, , VMware and more

Tufin’s PCI DSS report

Copyright © 2015 Tufin Tufin, Unified Security Policy, Tufin Orchestration Suite and the Tufin logo are trademarks of Tufin. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. www.tufin.com SB-10-15