Ensuring that their network infrastructure is fully compliant with the latest data protection legislation and
industry security regulations is a major and growing concern for any organisation, particularly for those with
operations that involves storing large volumes of personal information on individuals.
Businesses that conduct large numbers of online payment transactions in particular, are tightly regulated under
the Payment Card Industry Data Security Standard, PCI DSS, and risk serious penalties if their systems are
breached due to non-compliant policies and procedures.
Syphan’s high performance, integrated threat control technology can provide a structured security compliance
platform capability for any organisation not only helping to prevent data leakage but also providing a
comprehensive, future-proof security shield that fulfils many of the PCI DSS requirements.
PCI DSS Check List
The PCI data security standard was developed by the world’s major payment card issuers including American
Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa International, to
help facilitate the broad adoption of consistent data security measures on a global basis.
All online businesses that accept card payment transactions are required to regularly demonstrate that
their networks are designed and maintained to exacting standards covering six broad categories and twelve
key requirements to protect customer’s personal financial data held on the network.
Check out how the ITC220 can help maintain PCI compliance
Category: Build and Maintain a Secure Network
(show details)
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
The Syphan ITC220 is capable of supporting up to 50,000 rule sets including multi-layered firewall,
IPS, AV and DDoS mitigation with total packet inspection and true 10G performance at the network edge
as well as inside the network for maximum protection of all servers, routers and switches.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Maintaining and enforcing password security policy is a major problem in a large scale network environment.
The ITC220 includes industry standard and proprietary ACL rules to enable complex access policies to be
implemented across the entire network topology.
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Cardholder data is vulnerable to a wide range of threats particularly during the individual online
transaction process and from direct attack focused on the data servers. The ITC220 monitors all in
and outbound traffic to detect and block packets demonstrating protocol and traffic anomalies traversing
the network. Employing user definable rules the ITC220 also monitors all data leaving the network to
prevent non-authorised transmission of specific data files.
Uniquely the ITC220 includes the capability to block the latest multi-staged malware stealth attacks
that other technologies typically miss. Delivered in several stages over an extended period of time
these low and slow attacks are increasingly being used against the critical application and data servers.
The ITC220 is able to maintain state records of IP traffic up to layer 7 over extended time periods
enabling identification of partial malware payloads and blocking these attacks from reaching their target.
Category: Maintain a Vulnerability Management Program
(show details)
Requirement 5: Use and regularly update anti-virus software
The ITC220 uses the latest FPGA chip technology capable of supporting up to 50,000 rules and facilitating
regular updates of the latest IPS and AV software in real-time. Up-to-date signatures provide a comprehensive
set of dynamic capabilities to detect and prevent the variants of existing and the future malware families.
Requirement 6: Develop and maintain secure systems and applications
The ITC220 provides protection for infrastructure points including
- DNS Servers
- Application Servers
- Database clusters
- Routers
- Switches
- Gateways
The ITC220 also deals with some Application specific threats including
- SQL injections
- XPath injections
- Cross site scripting attacks
- Application tampering
- Session hijacking
- Brute force and dictionary attempts
- Data theft attacks
- Application Denial of service attempts
- Unicode encoding attacks
Category: Implement Strong Access Control Measures
(show details)
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Access control is a standard feature of the ITC220 enabling complex access rules to apply to specific
groups or individuals within the organisation. Attempts to access un-authorised servers can be configured
to trigger alerts and would be recorded in the log files for forensic analysis.
Restriction of physical access to critical servers is the responsibility of the network owner and is not
something that any network appliance can control.
Category: Regularly Monitor and Test Networks
(show details)
Requirement 10: Track and monitor all access to network resources and cardholder data
The ITC220 includes a wide range of customisable management and technical reporting options providing
detailed time-stamped records of all network activity including access to individual servers and movement
of sensitive data. A simplified management dashboard also provides network managers with real time information
on the security status of the network for day to day monitoring purposes.
Requirement 11: Regularly test security systems and processes
Regular testing of the network must be carried out by independent certified PCI specialists. Depending on
the volume of transactions organisations are required to have their networks scanned for vulnerabilities
by an Approved Scanning Vendor, ASV, at least once per year. Deploying the ITC220 integrated threat appliance
reduces the number of devices to be scanned and the potential points of weakness in the system.
Category: Maintain an Information Security Policy
(show details)
Requirement 12: Maintain a policy that addresses information security
Security best practice procedures include detailed corporate policy for accessing, monitoring and managing
the entire network topology. Deploying an ITC220 integrated threat appliance helps to reduce the number of
devices on the network resulting in simplified policy enforcement.
A service provider looking to offer value added security services in the Cloud?
The Syphan ITC220’s unique virtualisation architecture enables in excess of 500 customers to be supported via a
single appliance with each client instance individually or collectively configured from up to 50,000 rule sets
including IPS, Firewall, DDoS, URL filtering, Data Leakage Prevention and ACL.
With un-compromised, true 10G capability through the appliance, compliant Cloud-based security services are now
a realistic option for even the most demanding of client network environments and high band-width applications.
Contact us now
An enterprise looking to ensure better control of the PCI compliance process?
The ITC220 is a carrier grade network security appliance has been purpose designed for today’s ultra high speed,
10G network environment. With active shared state and fail-over capability the ITC 220 can be configured in
campus-wide clusters of up to 4 individual appliances to provide an effective and reliable security shield for
large scale, multi-national enterprises.
Offering a full range of security functionality each appliance is capable of supporting the specific requirements
of individual groups and departments within an organisation in line with regulatory compliance responsibilities
helping to maintain the integrity of corporate and personal data stored in the system.
Contact us now
