Cisco Blogs


Cisco Blog > Enterprise Networks

Snort your way to PCI compliance

When organizations look to secure their retail stores, branches, or points-of-sale, meeting the required mandates for Payment Card Industry (PCI) security compliance quickly becomes the number one prioritized focus area.  In fact, the 2015 Verizon PCI compliance report demonstrates this when it states that the number of companies that fully complied with the payment card industry (PCI) security standards during 2014 rose to 20 percent from about 11% in 2013. While this standalone increase in compliance is great, Verizon also notes that less than a third of the companies were fully compliant a year later after successful validation. The major takeaway here is that it is unfortunately easy to fall out of compliance if organizations don’t take the appropriate steps to maintain their security.  With 69% of consumers admitting that they will be less inclined to do business with a breached company, it is increasingly important for reaching and maintaining PCI compliance to be one of the highest priorities for organizations.

PCI Requirement 11 demands that organizations have a sustainable network and application vulnerability management program and that evaluates the overall effectiveness of security measures in place across the organization.  In a very telling sign, most organizations that suffered a breach were not compliant with Requirement 11.  Intrusion detection and prevention systems (hereafter, “IPS”) technology play a critical role in helping meet PCI compliance by monitoring all traffic in the cardholder data environment and issuing timely alerts to suspected compromises. Of course, simply having the technology is not enough.  Considering many organizations fall out of compliance due to maintenance, it is absolutely critical that IPS engines are updated with new signatures and rule sets to ensure that new threats are stopped.

Snortpig_professor2

Here, at Cisco, we’re happy to announce that our Cisco Integrated Services Router (ISR) 4000 Series  now come equipped with Snort IPS to help customers meet these PCI-compliance requirements at the branch. Read More »

Tags: , , ,

Securing BGP sounds great but is there a tradeoff in terms of router performance?

A primary concern of any network administrator when configuring new IOS features is the potential impact the enabling of new features will have on router performance including CPU utilization and memory usage.

It is fully expected that the layering of additional features, in this case BGP security features, will undoubtedly have an adverse impact on the available memory of an IOS router. But, based on our testing, the results were not quite what we expected… Read More »

Tags: , , ,