PCI DSS Compliance
PCI DSS headache? Your job just got easier. Imperva data security solutions meet key components of the Payment Card Industry Data Security Standard (PCI DSS) requirements and automate data security processes and reporting for you.
The PCI DSS is complex. Imperva has you covered.
The PCI DSS has 11 high-level requirements that impact web, database, and file security. Imperva meets the following of PCI DSS requirements.
PCI 6.1 Establish a process to identify security vulnerabilities
SecureSphere Database Assessment discovers databases on the network, identifies, and classifies PCI data within databases, identifies database vulnerabilities and misconfigurations, and then prioritizes mitigation by calculating risk based on data sensitivity and the severity of vulnerability. Additionally, Imperva ThreatRadar feeds that profile malicious bots, bad IPs, flagged visitors, and more—leading to a more proactive process that identifies emerging security vulnerabilities.
PCI 6.4.3 Production data is not to be used for testing/development
Imperva Camouflage Data Masking replaces sensitive data with realistic fictional data to ensure that privacy is intact and hackers don’t have the opportunity to steal vulnerable production data.
PCI 6.6 Protect public-facing web applications
Imperva SecureSphere web application firewall protects applications and offers virtual patching to eliminate the window of exposure that comes with manual code fixes.
PCI 7 Restrict access to cardholder data by need-to-know
You are required to limit data access to the minimum necessary for employees to do their jobs. Imperva SecureSphere Database Audit and Protection controls user access to ensure only those who are authorized can access sensitive data. It also determines how users are accessing data, so you can manage data effectively. Imperva Camouflage data masking limits the amount of personal data held and processed, with data replacement that is functional and statistically accurate.
PCI 8.1.4 Remove/disable inactive user accounts within 90 days
You must demonstrate secure user authentication and password management processes, including disabling accounts after 90 days of inactivity. Terminated users also must have their access privileges revoked. Imperva SecureSphere automates this process for you.
PCI 10 Track and monitor all access to network resources and cardholder data
There are stringent tracking requirements that mandate you track all user activity, monitor every transaction and audit privileged user activity. Imperva SecureSphere and Imperva CounterBreach monitor and track all user activity without degrading server performance, needing application changes or requiring in-house audit management tools. Easy reporting grants visibility into all database and file server activity by external and internal users.
PCI 11.5 Alert personnel to unauthorized modification of files
Imperva SecureSphere File Firewall and Imperva CounterBreach create baselines of “normal” user behavior, then track all user behavior and alert you to any activity that deviates from the norm. You’ll see who is accessing data and how it’s being accessed – giving you time to respond immediately before a major breach can happen.
Why choose Imperva for PCI DSS compliance?
Imperva [SecureSphere] was the product for us based on three key factors. One was functionality of the product. Two was ROI or total cost of ownership. And three was ease of management. At the end of the day, that was one of the things that really separated Imperva from the competition.Ross Bobenmoyer VP of Information Security Read case study ›