The Who, How and Why of Intrusion Detection

December 1, 2015 • Published Categories PCI 101 Tags , ,

Understanding the need for intrusion detection.

At 115-pages, PCI DSS v3.1 makes it clear there’s much to consider when evaluating the security of your payment card environment. In fact, you may be questioning how much effort to put into the task. Is it all futile given the prevalence of data breaches these days?

Over the last couple of years bad actors have executed an escalating series of high-profile, damaging data breaches. It seems like there’s someone new on the cover of the WSJ every week, and while breaches used to be confined to the retail environment, they’re spreading to every organization with data to protect.

Yet to understand the “why, who and how” of the many breaches going on out there, you first have to understand the threat landscape.

Who are the bad guys and what do they want?

There are three primary groups of bad actors in the cybersecurity world: political, ideological and criminal. Of these, the criminal element is most concerning. This group continues to breach some of the largest commercial, healthcare and financial firms in order to get their hands on not only payment card data, but also other personally identifiable and sensitive information. They are well organized, patient, and increasingly sophisticated.

Once the cyber criminal has breached an organization, they take a slow, methodical approach to moving laterally in the network with comprised accounts or dumped hashes and then look at different methods to exfiltrate the data. And they are very well funded—in the case of the Target breach they were able to trade credit card numbers, names and CIDs for over $10 million in bitcoins over a 24 hour period. This group of actors should be the most concerning group for the any industry.

How can your business stand up against these cybercriminals?

While it’s true that data breaches vary in how they’re carried out and what data is stolen, all breach situations begin with an initial compromise that goes undetected. As you can imagine, the damage snowballs from there. In the vast majority of cases we see in the news, an initial compromise ultimately led to data exfiltration—and that exfiltration lasted for months, even years.

To avoid this same fate, you must be able to get a handle on the day-to-day activities of your IT network. Doing so enables you to respond in a timely and appropriate fashion.

Why is log monitoring an essential tool for compliance and security?

Many organizations struggle with maintaining compliance on a continuous basis. They rush to meet the requirements of annual validation, but inevitably allow at least some of the required security controls to subsequently lapse.

Effective log monitoring satisfies multiple PCI requirements.

Log monitoring and management keeps your environment secure by alerting you to the early-stage threats that hit your network. Just like software-as-a-service or any other service-based delivery model, externally managed log monitoring services present a cost-effective, full-coverage solution for catching the bad guys as they break through your door.

Be sure to subscribe to this blog for additional PCI compliance tips.

Leave a Comment