RandomStorm PCI ASV & QSA Services
All companies that process and store customer payment card transactions are required to maintain their network security in accordance with the detailed specifications mandated under the Payment Card Industry data security standard (PCI DSS). Failure to demonstrate compliance can result in severe restrictions being placed on merchants by the card issuers, including the ultimate sanction of withdrawal of card authorisation facilities.
RandomStorm is one of a select group of approved scanning vendors (ASV) certified by the PCI to carry out the periodic scans of the merchant network to identify any critical vulnerabilities and to perform the necessary penetration tests needed to prove the integrity of the corporate IT infrastructure.
Integrated PCI platform
The PCI DSS identifies six key areas and 12 requirements of security best practice needed to ensure compliance with the standard including the need to Regularly Monitor and Test Networks (Requirements 10 and 11)
RandomStorm’s range of advanced scanning solutions provides network managers with all the necessary functionality to meet PCI requirements 10 and 11 through one point of contact including:
- File Integrity and Log Management (PCIDSS Requirement 10 and 11.5)
- Wireless IDS and Access Point Alerting (PCIDSS REQUIREMENT 11.1)
- PCI ASV Assessments (PCIDSS REQUIREMENT 11.2)
- Internal Vulnerability Assessments (PCIDSS REQUIREMENT 11.2)
- Penetration Testing (PCI REQUIREMENT 11.3)
- Intrusion Detection (PCIDSS REQUIREMENT 11.4)
As a minimum requirement merchants are required to provide the PCI with a quarterly scanning report which shows that there are no vulnerabilities present in the network.
Based on its own vulnerability management platform (VMP) RandomStorm's ASV services enable the network scanning process to be fully automated and any vulnerability to be remediated in line with the PCI requirement schedule; providing additional reassurance that no major vulnerability issues have developed between the quarterly PCI scanning intervals.
External IP Scanning
RandomStorm's online xStorm service enables merchants to include regular scheduled scans of critical externally facing network appliances as part of its best practice security policy,
Internal Network Scanning
The iStorm appliance can be a permanent feature of the network security topology providing in-depth critical information of all potential internal system vulnerabilities as and when required.
Rather than merely focusing on a quarterly scan frequency, RandomStorm allows the IT Manager to continually monitor hosts for compliance. For complete peace of mind, the service is backed up by RandomStorm’s PCIDSS help desk, where consultants are on hand to provide assistance and support.
Wireless Security Monitoring
AirStorm is part of RandomStorm’s range of advance scanning tools designed to provide always-on monitoring and reporting on all 802.11 activity within range of the network including identifying rogue access points and unauthorised connections.
Network Intrusion Detection
RandomStorm IDS (StormProbe) can be deployed to monitor the card holder environment, helping merchants meet requirement 11.4, quickly and efficiently.
StormProbe, validates each Intrusion Detection alert against the target hosts actual vulnerabilities. This unique approach helps to qualify whether the threat is genuine or not, thus reducing IDS alerts and the general management overhead associated with traditional IDS deployments.
PCI Penetration Testing
RandomStorm's scanning and penetration testing services can be tailored to meet the exact requirements of the organisation. For companies with limited internal IT management resource we can offer a complete consultancy service to remove the headache of managing the whole PCI compliance process. For larger organisations our services are available to provide additional support and independent validations as and when required.
On Demand PCI Reporting
All systems include comprehensive reporting options formatted to PCI requirements and highlighting critical issues that need urgent attention. Set up and accessed via a unique graphical dashboard, network administrators are provided with an at-a-glance overview of the current security status of the network together with professional remediation and work flow tools to ensure compliance is maintained on a continuous basis.
PCIDSS Gap Analysis and Project Management
Building on a wealth of industry expertise, RandomStorm is able to offer practical advice and guide organisations through the PCI DSS compliance process. This can either take the form of a 2 day initial gap analysis exercise or end to end PCI DSS project management. The goal of both consultancy offerings is to provide clarity and guidance, to ensure that PCI DSS compliance is delivered on time with minimal disruption to the business.