“Compliance is king.”
This is a familiar saying for any company that processes credit card transactions, where being compliant with the Payment Card Industry Data Security Standard, or PCI DSS, reigns supreme. Any entity that stores, processes, or transmits cardholder data must abide by the requirements, which serve as best practices to securing your cardholder data environment (CDE).
Nexpose and Metasploit have been designed to directly help your team meet PCI DSS, as well as comply with many other compliance standards. Created by security responders, Rapid7 InsightIDR also ties in with PCI, including helping you meet Requirement 10: Tracking and monitoring all access to network resources and cardholder data. InsightIDR joins your security detail to detect the top attack vectors behind breaches, speed up incident investigations, and help you escape the drudgery of security data management.
Here are a few of the PCI requirements that InsightIDR can help your security team manage, ranging from monitoring access to your CDE and exposing risky user behavior, to fast and comprehensive incident investigations across the entire organization. To see it in action, see our 20-minute on-demand demo.
- Requirements 5.1 & 5.2: InsightIDR scans all endpoints for malware and identifies risky user behavior, including compromised user accounts, anomalous admin activity, and lateral movement. This endpoint visibility is accomplished for all systems through a blend of endpoint scans and the continuous Insight Agent.
- Requirements 6.4.1 & 6.4.2: You can monitor multiple separated environments, define network zones and alert you if access policies are violated. As an example, an organization could set a policy that no users in the “developers” group should access the network zone “PCI Production,” ensuring InsightIDR alerts them on any such violations.
- Requirements 7.1, 7.3: After flagging systems in your CDE as restricted assets, InsightIDR will alert you on any change in behavior. This includes suspicious authentications, users with unexpected privilege escalations, and even approved users remotely accessing the CDE from a new source asset. This detects unauthorized access, user risk, and enforces policies set by your security team.
- **Requirements 8.1, 8.2.4, 8.5: **InsightIDR alerts on brute forcing, pass-the-hash, and other password guessing attempts by running behavior analytics on event logs and through Intruder Traps, such as honey users and honey credentials.
- Requirement 10: InsightIDR is your complete solution to track and monitor all access to network resources and cardholder data. This starts with aggregation and search across any of your log files. In addition, all network activity is directly correlated to the users and assets behind them. During incident investigations, the security team can bring together log search, real time user activity, and endpoint interrogation into a single Super Timeline (see below). No more parsing through disparate log files, jumping between multiple solutions for investigations, or retracing user activity across IPs, assets, and services.
- Requirement 11.4: InsightIDR identifies malicious behavior earlier in the attack chain, the steps required to breach a company. Through a combination of user behavior analytics and purpose-built Intruder Traps, InsightIDR detects the top attack vectors behind breaches, including phishing, compromised credentials, and malware.
- Requirement 12.3, 12.5, 12.10: InsightIDR can aggregate, search, and attribute logs and alerts from Intrusion Detection/Prevention Systems (IDS/IPS) and Firewalls to the users and assets behind them. For example, with one search, the security team can identify the users generating the most IDS/IPS alerts.
InsightIDR was built hand-in-hand with security teams to be the SIEM solution you always wanted, armed with the detection you will always need. It combines learnings from the Metasploit project, our penetration testing teams, and tested User Behavior Analytics (UBA) that hundreds of organizations benefit from today. You can finally get visibility and detection while meeting PCI compliance without it becoming a second full-time job.