Tempered Networks released recently its Identity-Defined Networking (IDN) platform that provides a unified PCI security architecture for enterprise and government organizations. The latest IDN platform release removes PCI systems and assets from scope through cloaking, micro-perimeter segmentation, machine authentication and authorization, and end-to-end encryption. These, and other controls, support Payment Card Industry Data Security Standard (PCI DSS) compliance requirements.
PCI compliance is essential to any organization that processes, stores, and transports payment card data. PCI DSS has strict guidelines that must be satisfied before any systems can be deployed. Tempered Networks’ IDN platform helps organizations meet these stringent requirements through local and wide-area PCI micro-segmentation, providing a level of isolation and containment previously unattainable. The IDN platform enables organizations to fulfill specific PCI requirements in the following ways.
PCI-DSS requirements have been written with traditional networking and security technologies in mind. Because firewalls, VPNs, and other access control technologies base their segmentation policies on spoofable IP addresses and VLANs which can be traversed, traditional segmentation is not only permeable but error-prone.
With Tempered Networks’ IDN software, access controls and policy enforcement are based on a machine’s provable cryptographic identity. Every PCI machine authenticates and authorizes to other authorized machines before data transport can be established based on a machine whitelist. The machines then encrypt all data in motion creating an unbreakable local as well as wide-area network overlay.
With new Smart Device Group capability, administrators can easily create pre-defined group policies for specific IDN PCI overlays. Only machine authenticated and authorized hosts can communicate within an encrypted IDN overlay. Using Smart Device Groups, automatically adding PCI resources to specific segments is simple, consistent, and predictable. The IDN solution’s centralized orchestration engine, The Conductor, and its secure RESTful API makes PCI orchestration seamless and easy.
The new PCI reporting capabilities created by the IDN solution help administrators ensure they have the proper controls and policies in place. To address policy guidelines for chain-of-custody requirements, the IDN solution ensures that only authorized administrative staff can access audit logs, which can be downloaded on demand by PCI auditors in an automated fashion.
Within the IDN fabric, the security and networking perimeter can easily be moved from the network edge to the PCI machines or hosts, creating hardened yet flexible secure micro-perimeters–without modifying existing infrastructure. Requirements for securing data-in-motion are addressed, since all whitelisted devices and associated traffic are automatically secured within PCI micro-segments using machine-to-machine AES-256 encryption. This capability supports PCI DSS v3.2 requirements across the LAN and WAN.
The IDN solution was designed with a manageability-first mindset, making ease-of-use through its intuitive orchestration engine a top priority. Because of this design principle, meeting PCI audit requirements is much simpler for IT personnel. Specifically, secure transport of logs, auditability of access to the system, traffic filtering, and audit reporting of system configuration changes, is easy using The Conductor and its new PCI reporting capabilities. Customers can reduce IT personnel time spent on PCI audits by 60 percent, on average.
“A PCI compliant environment does not mean your network and assets are immune from attack, especially east-west lateral movement, which is why we continue to witness so many hacks of PCI compliant networks,” said Erik Giesa, VP of Products at Tempered Networks. “Hacks against healthcare organizations alone have increased by 63% in 2016, according to a recent TrapX report. These organizations are still relying on IP address-defined policies that are subject to spoofing. Instead, our approach unifies PCI compliance with security, giving customers the best of both worlds. By using cryptographic machine identities for enforcement, local and wide area micro-segmentation easily removes systems from PCI scope, while cloaking PCI segments from bad actors. This capability is also ideal for achieving HIPAA and NIST Cyber Security Framework (CSF) compliance.”
“With Marcum’s PCI practice, we pride ourselves on not only helping customers achieve PCI compliance, but also focus on ways to improve their overall security posture while saving time and money in the process,” said Ted Carlson, President, Marcum Technology. “That’s why we’ve partnered with Tempered Networks and we’re excited about their new PCI compliance support. Not only does Tempered dramatically improve an organization’s security posture with unique capabilities like wide area micro-segmentation and cloaking, but the simplicity of their solution can reduce PCI personnel time by as much as 62 percent.”
The company also announced that it has partnered with Coalfire Systems, a qualified security assessor, to test and validate Tempered Networks’ identity-based PCI micro-segmentation capabilities. A comprehensive report from Coalfire will be published next month.