Erik Giesa profile picture

Erik Giesa

Thursday, April 12, 2018

According to the Identity Theft Resource Center, in 2017 alone there were 1579 data breaches, resulting in nearly 179 million records exposed. 163 million of these involved general business exposures, but even the supposed hardened security bunkers of financial institutions saw over 3.1 million record exposures across 134 breaches.

The Verizon 2018 Data Breach Investigations Report is also now out and the results, while not necessary shocking, paint an ugly picture of data and network security. The report talks about breaches – actual confirmed disclosure of data to an unauthorized party and stats tell the tale: over 2,216 confirmed data breaches to date. What’s perhaps even scarier, is that the stats provided do not take into account the 43,000 successful accesses to personal data from botnet attacks.

Just this past week or so, a ZDNet article – A new Mirai-style botnet is targeting the financial sector – got our attention! PCI DSS compliance is a framework that defines baseline physical, technical, and operational security controls – defined as requirements and sub-requirements – necessary for protecting payment card account data. It covers the merchants, payment processors, issuers, acquirers, and service providers. Within this bucket are the financial institutions that are being targeted with botnets and live-person breach attempts.

The increased sophistication of attacks that bypass traditional defenses has accelerated breaches over the years forcing organizations to spend more time on security than ever before. However, the unfortunate reality is that even if an organization is deemed PCI DSS compliant, its network and assets are not necessarily protected against cyberattacks and breaches. So what to do?

Our Identity Defined Networking (IDN) solution, enables you to easily remove sensitive systems and assets from prying eyes through cloaking, micro-segmentation, machine authentication and authorization, and end-to-end encryption. With our comprehensive, defense-in-depth approach, we not only facilitate industry compliance, but also delivers hardened security, resource resiliency, and network elasticity. And best of all (at least for the folks in IT), it’s quick to deploy and saves money! In fact, we think you can decrease CapEx and OpEx by as much as 50 percent, reduce networking and resource provisioning time by 97 percent, all while reducing your attack surface by up to 90 percent.

Coalfire, an independent cyber risk management advisor, did an in-depth analysis of our IDN solution specifically for PCI DSS compliance and came to this conclusion:

In Coalfire’s opinion, Tempered Networks Identity-Defined Networking (IDN) is effective in providing significant support for the key requirements and controls of PCI DSS and can assist in a comprehensive program of cyber-security for merchants, issuing banks, processors, services providers, and other entities required to comply with PCI DSS 3.2.

The IDN solution is highly effective in supporting the key requirements and controls of PCI DSS and ensuring your PCI assets are secure. We give you control of the audit scope for PCI systems and assets and provide a level of isolation and containment previously unattainable. Removing systems and devices that do not belong ‘in scope’ can be done in a few mouse clicks. And that will make not only IT happy, but just about everyone you do business with!