Cisco Blogs
Share

Snort your way to PCI compliance


December 15, 2015 - 2 Comments

When organizations look to secure their retail stores, branches, or points-of-sale, meeting the required mandates for Payment Card Industry (PCI) security compliance quickly becomes the number one prioritized focus area.  In fact, the 2015 Verizon PCI compliance report demonstrates this when it states that the number of companies that fully complied with the payment card industry (PCI) security standards during 2014 rose to 20 percent from about 11% in 2013. While this standalone increase in compliance is great, Verizon also notes that less than a third of the companies were fully compliant a year later after successful validation. The major takeaway here is that it is unfortunately easy to fall out of compliance if organizations don’t take the appropriate steps to maintain their security.  With 69% of consumers admitting that they will be less inclined to do business with a breached company, it is increasingly important for reaching and maintaining PCI compliance to be one of the highest priorities for organizations.

PCI Requirement 11 demands that organizations have a sustainable network and application vulnerability management program and that evaluates the overall effectiveness of security measures in place across the organization.  In a very telling sign, most organizations that suffered a breach were not compliant with Requirement 11.  Intrusion detection and prevention systems (hereafter, “IPS”) technology play a critical role in helping meet PCI compliance by monitoring all traffic in the cardholder data environment and issuing timely alerts to suspected compromises. Of course, simply having the technology is not enough.  Considering many organizations fall out of compliance due to maintenance, it is absolutely critical that IPS engines are updated with new signatures and rule sets to ensure that new threats are stopped.

Snortpig_professor2

Here, at Cisco, we’re happy to announce that our Cisco Integrated Services Router (ISR) 4000 Series  now come equipped with Snort IPS to help customers meet these PCI-compliance requirements at the branch. Snort IPS is an open source, signature-based  IPS that is capable of real-time traffic analysis and packet logging.  With over 4 million downloads and nearly 500,000 registered users, it is the most widely deployed IPS in the world.  Now, with Snort IPS on the ISR 4000 platform, retail stores, small businesses, home offices, and other organizations that process payments can turn on cost-effective IPS capabilities in their ISR 4000 branch routers without the need for an additional appliance.

To help organizations stay PCI-compliant, maintenance for Snort IPS is simple.  Rule set updates cultivated by Cisco Talos Security Intelligence and Research Group can be downloaded automatically to your ISR 4000 router. Cisco Talos network security experts work around the clock to proactively discover, assess, and respond to the latest trends in hacking activities, intrusion attempts, malware, and vulnerabilities. Snort IPS complements other integrated security features on the 4000 Series routers such as VPN, zone-based firewall, and connectors to Cisco Cloud Web Security (CWS) help you implement and maintain a cost-effective and secure PCI-compliant “one box” solution.

What are the benefits?

  • Save scarce rack space in the branch with an “all-in-one-box” solution that builds integrated security and threat protection into your Cisco ISR 4000.
  • More easily adhere to and maintain Payment Card Industry Data Security Standard (PCI-DSS) (and other regulatory) compliance at the branch
  • Halt malware and other threats at their entry point, before they can do damage and monopolize network bandwidth
  • Safely deploy direct Internet access (DIA) in remote locations for employees, customers, and guests

For those organizations who struggle with adhering to PCI mandates at their branch locations, Cisco Snort IPS for ISR 4000 series offers an easy and cost-effective way to not only reach compliance but continue maintaining compliance to protect (and keep) their customers.

More information is available on Cisco Router Security page

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

2 Comments

  1. that is great.this is the idea that i always like to see on router.is there any info about the performance of the IPS.and is it run on device CPU along the IOS code or running as package on a VM.

  2. Thanks, Elisa. I appreciate how you tied everything together here. I now have a clear understanding of how simple it can be to maintain Snort IPS. I like that it leverages Cisco's security intelligence and the integrated security features on the 4000 Series routers.