Tick box PCI Compliance. Or Security-first, real risk management, with PCI Compliance as a result?
ThreatView: Security & PCI Compliance |
|
|
Hi, Bit of a controversial one today (or not, depending on your perspective). The recent focus on new PCI requirements 6.4.3 and 11.6.1 makes complete sense in the ongoing battle against digital skimmers and loaders. BUT, the reality of managing the digital assets (scripts, headers etc) on an active website is that it is very challenging to manage, with the potential for a lot of "noise", making the detection of "the threat signal in amongst the noise" a near impossible task for a small to medium sized eCommerce merchant. Why? For 2 very good reasons: Time and money. Most small to medium sized eCommerce businesses do NOT have a dedicated security team. They usually outsource as much as possible to trusted 3rd parties (agencies, hosting providers etc), who are also rarely security specialists. Time is short and it costs money. Solutions monitoring scripts and HTTP Headers are one/two of many that need to be monitored. In a day that is full of many other tasks. Alert Fatigue. The majority of the solutions out there are focused on "ticking the PCI box", with rudimentary Threat Detection capability. This means that they can be noisy - lots of (generally inaccurate) alerts. At first this costs a lot of time and money. But soon leads to "Alert Fatigue" and the result is the alerts get ignored while the person managing them focuses on other items that are seen as more beneficial to the business.
The reality is that while these requirements make sense, implementing them in a way that effectively reduces risk is a major challenge. |
|
|
Our Approach We believe in a security-first approach. Top notch and ever-evolving threat intelligence enables us to detect the threats, pinpointing the malware so our clients don't have to spend hours trying to figure out what is going on. Less noise, more accuracy. PCI Compliance is one of the positive "by-products" of taking the security-first approach. This is what we provide for our clients: The latest threat detection capability (even for our free tier clients) PCI Support for 6.4.3 and 11.6.1 (even for our free tier clients) PCI 11.5.2 - forensic level file change monitoring. To the best of our knowledge, ThreatView is the only solution providing this to our clients, globally, fully integrated with threat detection and management. Why? It's down to our forensic background and security-first approach. Available in our ThreatView Advanced Edition.
While the new PCI requirements make sense, they should not cost an "arm and a leg" - in fact you can get support for them for free. We recommend focusing on security first - even using a free solution that scans your website once a month will help you understand your security posture and to detect threats accurately. Whatever you decide, please take steps to protect your site and try to ensure that it simplifies your PCI compliance journey. And, if you have a few minutes - we are an innovative business, small and punchy and making a huge effort to bring enterprise security to small and medium sized businesses worldwide. Please follow us on LinkedIn to help us get the message out there! Have a great day. Stay safe and secure, Benjamin Hosack Founder P.S. Why do we provide ThreatView for free? Our mission is to protect eCommerce website from cyber threats. Most businesses struggle with security, and our free service helps to address this gap. We're a commercial business - like yours - that believes in providing value first. Our free foundational service supports the industry, with affordable premium tiers available for organisations wanting enhanced protection. We appreciate our clients' trust and support. As a growing, highly competitive company, we are trailblazing with ThreatView, delivering an advanced, highly capable solution to the eCommerce industry. |
|
|
|
|
| If you no longer wish to receive this email, change your email preferences here. |
|
|
CMP: 25112. 40Moving AVG (EMA) 20 Hour & 40 Hour: 24922 & 24900Moving AVG (EMA) 20 Day & 40 Day: 24838 & 24598Support ...
Hello, my name is Ankit Sahu. I'm a 25 year old self-employed Pirate from the Chhindwara.