Complying with PCI controls can be a real challenge. This is especially true in the modern network where some in scope systems may be in the house, in company data centers and in a public cloud. With FlowTraq’s capability to consolidate and analyze data from all of these sources, usually with no additional hardware or agents, compliance becomes far less painful. Leveraging FlowTraq’s ability to identify anomalous traffic patterns you can implement network-based intrusion detection that is just as effective when data streams are encrypted. With FlowTraq’s insight into all communication sessions, you can quickly show evidence of compliance with topology and inventory requirements.
Control 11.4 specifies that you need network-based intrusion detection to protect all in-scope systems. Signature-based intrusion detection has become less relevant, as a majority of Internet traffic is now encrypted. This is especially true for malicious traffic. The result is that you end up spending a lot of time updating signatures that cannot detect malicious patterns inside of encrypted packets.
FlowTraq avoids this needless overhead by helping you focus in on anomalous patterns. Consider your Web server for a moment. What type of outbound connectivity does it require? This list is probably pretty short. It may need to make calls to a known database, use NTP for time sync and retrieve remote patches. FlowTraq permits you to identify these patterns as “normal” and generate alerts or reports on everything else. One of your internal servers starts mining bitcoins or communicating with a command and control server? That’s a pretty good indication you have suffered a server compromise and the system should be immediately isolated and investigated. FlowTraq can help you identify these systems with very little administrative overhead.
Further, identifying approved traffic patterns on each of your in scope systems is required by PCI DSS controls 1.1.2 and 2.4. Validating that you remain in compliance with these controls can be a real challenge. You need to be able to submit evidence that you have properly documented all traffic patterns going to and from in-scope systems, and can detect changes when they take place. FlowTraq can easily provide reports for your auditors that show you are aware of all traffic in real time.
FlowTraq is available as an on-premise or cloud hosted solution. Choose the implementation that best fits your requirements. For more information, see our pricing page.
FlowTraq supports all major hardware vendors including Cisco and Juniper. We also support operating systems such as Linux and Windows, and public clouds like Amazon AWS. See our Features page for a complete list of supported hardware, software, and standards.