|
|
|
Qualys Extension to Its PCI Compliance Set to Help SMBs
By: Andrew Garcia
2009-04-27
Article Rating: / 0
There are 1 user comments on this Network Security & Hardware story.
With Qualys' new PCI Connect extension to its PCI Compliance solution, smaller retailers may have a newfound ability to build complete documents proving their compliance with the most recent PCI specification--provided they enlist the right products and services to cull the data.This month at the RSA show in San Francisco, intrusion prevention
vendor Qualys announced an extension to its PCI Compliance solution
called PCI Connect. The announcement of the extension--which should be
available in the July timeframe--essentially boiled down to an
inter-vendor effort to integrate communications among vulnerability
assessment and remediation products. However, smaller retailers may
soon reap the benefits of the initiative with the newfound ability to
build complete documents proving their compliance with the most recent
PCI specification--provided the retailers enlist the right products and
services to cull the data.
There are numerous products available today that provide data to
help retailers track their PCI compliance, but, typically, these
products look at only part of the PCI puzzle. The latest draft of the
PCI specification (version 1.2), released in October 2008, mandates
that merchants verify their security across multiple platforms and
networks. This means merchants must demonstrate their security wherever
privileged card data may traverse--be it across routers, wireless LANs,
servers or desktops. For those merchants trying to
prove compliance without the aid of an auditor or consultant, it is up
to IT staff or business personnel to compile the requisite data from
each utilized security tool to document the security measures taken as
well as the resultant findings.
For instance, when I reviewed AirTights SpectraGuard Online wireless
intrusion prevention service, I found that the service could generate
reports tailored for the particulars of various regulations, including
PCI. These reports identified findings in possible conflict with
the letter of the regulation (such as unauthorized client connections
or weak encryption implementations), and administrators could schedule
the reports to be generated periodically and delivered in HTML or XML.
Qualys QualysGuard PCI Compliance solutions, which were launched a
couple years ago, aimed to let merchants perform external scans of
their own networks, supplementing that data with access to online
self-assessment questionnaires that the specification requires
merchants to complete every 12 months. Qualys determined that
many Tier 2 through Tier 4 merchants used these assessments to answer
questions about parts of the network QualysGuard could not scan.
According to Qualys officials, this scenario doesnt apply to larger,
Tier 1 merchants, which would likely enlist outside auditors to conduct
their compliance assessments.
As a result of these findings, Qualys
created PCI Connect--an API and open XML-based report format to which
other vendors like AirTight can output data. So, for instance, a
merchant could utilize AirTights SpectraGuard Online to perform the
requisite quarterly wireless scans and the data would be consolidated
with Qualyss own data directly into the yearly self-assessment
questionnaire.
In addition to AirTight, Qualys has partnered with several
other security vendor. PCI Connect partners include penetration testing
vendor Core Security Technologies, Web application firewall vendor
Imperva, log management and IT troubleshooting vendor Splunk, security
risk management company Red Seal, and physical and virtual machine
intrusion prevention vendor Third Brigade.
|
|
�������x}kw6�Dى皢HY�--iXtΞHHbL�dO/߸U�҃H�7}w
s=NN��%�j'AM0c{zm_6ژ2z9گ3�f��E63&��I��=Ek9�J�Ǥ>֥qɏB#�4NHXޢȱ�7{Xd�3��76m( C��RX^P~�FD;ǎ{A�0/Pcw��0}dh9�r4(=yɰ
{�� /�\1r.bLѼ;�@_
*YsD�ƞIC�d"�LJA`:t,#��G^C]ݱ���\./RF͌iAw4Ԭ�kS��zcG
3�G(&�$gtj�v?ĭ(��K��8QJ ̋Gk0�~b>4I܅N؎M�En�O�U[۾�t�jsfqLfn��r�d��9ac�m �
��@2xZ`:v�xtTa_eY33�ML.o@֭�U)jpR�
G'GQ!`چ[={4q*sܼL?{QwվΑ��CK5-%4�Ptg7^O_[�a\b'H�H~L;0QT�&*)rx2M2�A�>j�j�`i��%?pQQ-'jR=ѓ,f3}�3�+i3�YNۭ~S~6vEӛv�OfٚY�J�ed��vb�!?ޛ:W5mٽ
iZ=do#t:�+?fV'ZV?�c�o!qj{ d�P[w8Lwjt$)�?4go-2 �I|[�@|Ӡd8��r*� ?n^S;G�5ۯhV9::⭱BQ�liB5��f�!`J� 0sfrg@k��FPY��D`6�R\� 9lb�s��v!fBy;px ~'�,)|YB* b�Ԥr�ݢPP3nSߥB!ތ��E bO|ಆyp)jYY6'*taeIUi�[���.�ϱV$U:^�S�/�3�G#��вnZ�KZ)�Ŧcqc�<�BR8%b�(7Z`Lm�,��5,L�tͬ Y0�`�贆�;mJ{ϧ0gPP�?���M��/6}@˥~a�>1 @�
L�na�
8�V83
�4Cuә
�{>�0���sJ}SD�5�7
�l"�v|3c)м`y��`27C?�F{t(
5�,/��{@`\@Z�8`�$8ʼ��E�8�ѵO�7}��hNjkiiC���1).�%�2J���] #RR,H6'��hI#r�����
Bг),`@o!`9`P,'ɏ;�.VJI+TbD8�JnO�u$]:cgJCs㙰tGe�-n^
$�d6g2{&vϏZL
ȉ#�m"0�%X����
Z
ϴ��je[-�R,4�Tx�c�0 =]cGV*GRP!=�rAg�6ŝ|ӆ)푧�3=�̠
Gx�}lj?DŽ��B�[�L�ddG�ٚMs[:L^͘3e�
�� ¯̌u]�K'hL©(9
^ҋsM�ӿ�d5�0�K%gYA�3�'|(@]4>+WUPÃ"`"+42[!!
= \Pȭ,�T)w^;=��Prʳ"�#��@3�>ť`L)m�t�й+>q^v.i#@di֕[I%�ͺ�{ց$l�J�~iX�Z @)��24�@Ȱ\k+,(+AJK�_ji���t�sqŰ,Bl6<:iМ^fdTRs4&�v7pl=5G&5|n�&=�/E\8?>2eiF6oՒZP+'zT���y|�,D0(2n�@5MVRQy=�:zg�As,0H�NMπ|f:���3?&نdp܉DhR�+mne�@ͤP�)X[��*^�|��(���{-'`#zs�ұSŅeriQ;o-)UC_J?Q6oZ- �V!0�8|pT30`Lji�WJH�ZS^ClX.��~��j"�yd\s˰2X�rFe9�ٔA�5n\I�p]t)%1Y�4���h_GssHb4"T2paLH�a0SM�#�ؚyUwP86j��r]ilu�0q`(1Z3se:Cb+;ꭧ'�[T+[pfۻX(�Lb
֚p성 �.}"}-v'�0"4�n�_8R"X @54�ÀԆ>�B�Ojq�1�-b�P*��B$ᦼ�t�݁Ēb�4XQ =<{e|h322�Y�ӅZ�JL�o39Բ*'JR9
D+ϏxW�G�"MT�$�h�/Op��xOi�o�no?�{]w+\ks~g^/l^�L�cv"O`��V$L_w2H}2t%¬_*�09Ng~kӥ��
Gݮ�#f5>L�k}��\S
jQa߯YY�X^
:څH�����i�3
9�&�~qqߎ3XA�m�k+sD
�ü
�z30Jјljh]-Qix,2< *�דoጻ,q{S+)��,tl+��atx/ N$87ѣ4�Hjs� "q�� /h{
~:ꊪ�`|�L4̩,F�lؤμV:>�Se6e'ß~T�Sc\O u�lGOqOTf "[۶A�9db:1Ki[2|'@�d��k�Ѫ�93
�NQƫgN|0��G嬙fwrƣ:u�߀&��@q}c��A>��HNo\KHg�_~F85G fP*E:@"�WA�Ұg.3_�5u_f&ԧnq&
*Ja@�G�2ca/(SY-q'&F.Ҁ^�S�f�6}b;_&*|)2S�G�6Z|aR/\fN ?�3paW,T�f�D)�(j'_ܱ��?>�n�VɍGZV?f�IG{EY<�]|T�#UR(BBgQ�!WfQ]A�ӀM\r�khs%p}�/O&O0u%hzGSqza\/;Cn/�$h ^�1M�e0@M\6{%]M茻l\!�Lc̚úe$Y`�\&LX4 �Z�LT!wOLJjZ$|p`����F�"{qT2N,� EO7/WMi|jS(/�[Ue�NB�c'$bwm\ɾ3zqn4O
ð
]a��孀�UN~#t�7WKg
?wB.W-)�^{-< rBp�Bj\?]�(d�0
svj܄g#6b��`
xѤȂ<"̔cxH/�^�!u
Be\7
g��^|&�V}UYr!sdQh4'l귽�GI��̚_�f|CAJNOx�P(��� k@JA=�Voh{חoa�{mE�-����b�cA�HF�rI'zRG�>gY�O/PAN�Rt4zUr?Hעa�}C!� �sgkS
{:`A��O[[ıp߆�
?O*yr�j�G�Vɭii2*
5fX%�gCÙj(&f\uqoݐշ�arڂ�cA�I�5�s�5�ׅO>���4dkX��/Wy�Vw^^+,d�k.}?H/K턟��y�cP!Oh�SϏ%٘NB�EW�5v+lko(r�YpJUO.CȔ�X�N�GX�d17��P2QY;pGҠc�oG3[g̞�x~Gw�bR�c�O�}U>�]bw�P(�{�_bOkmI�r_�ZDp5Q {re(j
ȓG��DK`!i�>R_{+�!bi4V3�[TdO#@/,vt64Y��A�AXy� !VrlK9w@rs&�8l��Pf�pvn
֔I���i#ĠHߛɳrEs ��_5D��N��
X��W+Oi�ƿ'!ʫIVܱ�S,*oO_�O�o+N{kE v)[ꈧ &5�S�&5!/1�%]Kдg=.0�Sa_}�z2.mE�>zQc%Fm?^��ϗIO
4˼ǷtY36uf#�VZDO/�PGЍrX!�ǤPT]oa�<�У,gox(p�;_i"H5(K铏jDQ
I�lGDIx[�"iY�2{A�~i^�ߘ#�Ҝ�r�ʎxKr;1�+Lȅ@�u;~�]s
xѲLl�Ov0�݇�ݯ4W$O+:6&%z˽iWQR Qk$O�9�Pt`x]9*w�5?�6y�SKb*Z=�k�nd/`ɦQ-x1.q;��zo6�S=G�%�dx� wXY�$�'O%0�b1/t7R87i� 7�&[&,:,sʰy�d`S,�YM�`�\�*n7g�C89yAXi²>\B|,&�ؐ`úrLX��-܂喽^�JX4,r~i!5)ʢK�*+$�%T3T�RP>*"Ap+��
O"$OQJ
<�>/d�3uT�{qHU�+=btz&mϫG|U~�Z*HJ}�\bT*6L�)xtqËӎt|@O9o7}
/L�3F*RY`3��F ��$�&#�_>A�G�JHQo] Uܖ/�#�-ņ�*d��tkg8´Ǝr�oBvXַ,�T�pIi[.9|%2`Q ݆Yp�7�`� fN}az}�6Zcx�ǂJ`��H�pX�a�E�1#�U"3�;WىRATu[n+NHwV_t�%��?D�F)pU�EH�' �� s:Qq(��i�?NV�-_NY^$)z�SC97(^
Q>E4T#Xj��dc�"P=ÈW^ܒ�=�ܡ1|7q<*}qA�02nFZl�"�� nMĴ�$���%2vü[�Bu[檾:fZ29�_:LùԶqM�4˰UFBhj~�=O"GH`_B�'BIR�q�;JX)�sv�0Y\*��k�ۉR뱕PS"i10;>���5Xt, �;&>w���f3�z-^|�CķĶ]Md9/�x|�!1]^&�oVj�QGFQ>f�D۔z}*^�gzSbǡ}ӗq|g#0�?@Jh0qh3a.g��Dx܅�LIK0ph&2oL/,-'ҦĊ�Y����AS
&]jX`�,O_"ҁ�#zӌI�!!$�0V� ��CoOUe5PCM-v{�ۿWN͆xߔ~SYǃ#D�<kE_A--jgϡ?>`��q��z4
I3!i�:-FR���?;�);k9�PAgt~'D)^2{2W~fSxS�v�f0 oCp? [ykD9 ?
KD)PG!}�&?S��N��|¤�t'OΓ�D2E
�&�x8�n
EP�=P�+�<��a9œ�!~O\ã���z]XArc[qt�擯(2n?mtT�^~壸k {@R(X5X��sLT�#|�y �
˶^^я T�I.~/OYDW��i..<`�$�0E&ؕĠ��=B�0��CX�^?Ds���5n938�QuEIu$ױ� �R0|�[-W#r�d! `B�o|EPa���c8(ĒAuc{,h#8XҲ�z'ls�h�h�,vx�Cȥk�c.Xjp\.he,zVdqKwL<^^AF�\!1c=pTA9=�Qj�5)E)TBhR��fxކ�ku��llN��!Vy
<7L8�Vy
�6vn&"m'h�zBRKo^;c�#B(͊NDe�v�:�P}2L:bp'찔71tY&8��)Э%*1Xqt1(KrZ�#ZNHh�5J;�aᅧ1�L(Z�>6�ǘ�x�a*1aV
0˪M;InP~z�*ڟO�dh^ns�BGZ�ȚX7
t J �mka> $}^�8i��]pP�(j}�H9�6/�|�T�3/b-#-Ѩ#�ff�< zЈ�O�:�z/�#�XT�R]7�˽�}�D['鍀�C[hb#3���F��0Sx(��zh_mnza�Ȑe̙;3&2�LCߑ7Ut6'죋B .~� 'l�I<�ʊ0W)&�sfA��-='�к�lɧtC�!嘭#!+A�1HS�TxZoz�R�Iݾ`?Ð�3�{=�Z";VR1��@Q>ɹ�cM[fBE<
,i
�m�a��ng�0u�3�,2us�x\jH�O"�V�7IB�u�XRFB(6s�
��ҎN3==3P�]!FWX�Se/(��^�b��C�UR(OBZB�$cE)]V
wxs ͲG2Vq&JZ!�`x�ZNRsd�ehz?J=
L]; �&O=lFL#n�cFλ7AoZ-r;i_+~:�9¶V-�r5�evκWU?W?7=18kyl2/*�vg(P_5:-f(�T{=\h�^Dpɂw�]%;飱8�/ۄa$
�Ej��zu7��&6iwBFyljť�v��N|vuI3:�|jQ=��}uR�\Js���@1@C|k]{CJ�e��?�?g7ߟ5S���9}�hle?gߟ�}3 )/_sfnf3U{;{^o�2�>vNt�N��ɂ�dз�dЧ�w2�v2�Oѫ��/EeN{�߫�ʐ+�B�f.n~�kQ�&z/���??ֿ�%Y��}�}͠-z�{mF�$)c��9k\��iR~/2苬�:x�3Y�3�Vn�a�{Ar1W{�e_/C@oq>�}}m&�R+��]Q%5Lk�[I�2n@Kȣ�_��^敽�
Y�]D ^-}�#}~�L(��$��.�v�8)nד75pK|�*SG0vxTxZ{��\ڎvڝGf0"T_�;Yo�[췡^2AL^�fVI�W3hېMX�clɢ]k*b�B�5�t81tfj;Ì,�a܃z�~)B�
m`Z(>/A4#Kxu=v�`z08E8O=Y�}l.q�5sE�Eא�E,&JhӄZ�{JfBM�'K�YNǾcӄ2�|a��/"s
K!j;MA5c>;qlȾ:ksp�o�nm(}~tl'PU�Eg0P=Cf�BG�X�t(,��u�����Y{N6� )4�Mϫ�R�4=��zn%()%�y+:x�?�`n4z4OH-{�X�|@ăHz!$��5_x�|XT��,sD��?�>;[S1U)ւ�_6Ϡ&b/�MzKVo;j[@�xM1)¶�)Hqs3W_W�Tr$vD݅{ ߠ�v+yJ?��T|�
5'\6dDR��}N�0~N]�jV0@9DEPiy?�;1)�
m'#8�C��@ڸlQ%�76x��}�Ҁ��O1S�x .ѫ�v�l>cx gLw}�oxu�#A]�=_�v{[>/'`{n�ΆOV�H�I
_�[0~OY� �ʕbA,\�n2?>Ş�i#$W @ =x����,/�{ �QIb�F
q좢U��.nDl`a"A0n,��3N5'
lr=Vc�u��6��v�QmQ-(N�_+�h��v�{@7�*�<9-A� �
�=[=�܋;ɾ���~-W^=-�ɤ{%̅Ada��'Z-*?҂o/R\�F$0(�y��lHbK9��m5�0X&1'(���R9K*t>0 '�Ɣ
ϰ/"�� sk29)��,�3ǝTS'�>(GGe 3�.^�2u+[TcdX$֬=LE"�)s1#G���=��a5>gvC�%�z1��aX0�~v1?�溲Y)>�ٔe7,s�3a=�U`0M�Z�.<'�ȳ�xR
Y*-f�1%D88)ҡCC̚Uf�Ʋ0� 7cP.�Xd��-%oB@��S 1�.x�CbYT~>�1�\9�9�/@OI"cXI1}aA�|1GǩW+.r�+�S�Sq�k~]˛7�ByKN1�$_ghv�V�;v�@;k?�/譸'~}j�x}ֽ`;qMUS
�Z(Ks(ӽi �D>Vl>%�}={`ݯ��3g�
|
Network Security & Hardware 
