FIM, PCI-DSS Compliance, and NYDFS Compliance for Financial Services

Banks and financial services providers want to launch new services, welcome and service new customers, and be able to grow profit margins within a highly competitive market. These providers need to be able to process large volumes of transactions on a daily basis, undergo intense regulatory scrutiny, and thwart cybercriminals, for whom they are a prime target.

An emphasis on cybersecurity is a must to maintain the level of trust demanded by customers, investors and regulators.

Today’s security has to:

• Keep up with new revenue-driven service offerings that can introduce new vulnerabilities to your environment. You can’t patch to keep up. Instead, engineer the security into your organization’s distributed service offerings via a SOAR DevSecOps approach.
• Provide secure account management. Financial service providers need real time visibility into data, processes and systems as part of their security strategy and compliance with multiple requirements (e.g., HIPAA and GDPR) that protect personally identifiable information (PII).
• Build trust from the compliance perspective.
  • PCI-DSS. Financial service providers handle credit card data… in fact they’re often the issuer of the cards themselves. As such, FSPs must comply with all PCI-DSS compliance regulations, including implementing audit control measures and passing regular audits.
  • 23 NYCRR Part 500. New York Department of Financial Services (NYDFS) 23 NYCRR Part 500 regulation requires compliance with detection, defense, recovery and reporting requirements to do business in the state of New York.
  • SWIFT CSP is a set of mandatory security controls for worldwide bank transfers and other transactions. If you want to use the SWIFT network, you have to comply with its standards.
  • Sarbanes-Oxley (SOX) regulations. SOX requires organizations to establish security controls that prevent confidential data from getting leaked, and also establish audit trails that detect data tampering.

The Atomic OSSEC intrusion detection and response solution secures your infrastructure, inspects your files and systems, and adds built-in PCI-DSS controls to protect financial services providers and their customers’ data.

FIM, HIDS, PCI-DSS Compliance for Financial Services Providers

Financial service providers, or the MSSPs serving them, can use Atomic OSSEC to:

• Detect threats and prompt rapid response versus just logging incidents. There’s no shortage of log files for the security operations center (SOC) to inspect, either manually or automatically. You want technology to do intelligent filtering out in front, integrating deep detection that’s built in by developers (DevSecOps) before the malware or malice reaches the main office. This log data analysis will not only result in lower SIEM costs, but also decrease response time, put less strain on the network and firewall, and demand less VPN dependencies.
• Reduce noise and SIEM infoglut management costs. Intrusion detection and file integrity monitoring (FIM) tools should enable you to select thresholds and the files you want to monitor, and filter out the less important stuff. This empowers more accurate detection, which should include not only known threats but evolving ones as well. Keep your organization safer and more compliant with privacy laws, while relieving the toll of manually searching file logs and the overall cost of SIEM.
• Inspect more than just files. A good FIM tool should monitor more than just the files and data stores containing sensitive data. It should also monitor configuration information and software native to the operating system, like registries, binary files, and libraries, as well as infrastructure components such as the configuration of network and cloud devices, web servers, and firewalls. All this should be monitored in real-time.
• Detect and manage vulnerabilities and threats. Detect not only known threats but evolving ones as well, leveraging OSSEC community threat intelligence. Detect changes to the system – running the agent in real time, and specifically monitoring malware and rootkits, and shield the workload and endpoints from vulnerabilities. Manage firewall policies, and track and record system and file changes, and maintain forensics copies of these changes.
• Inspire strategic DevSecOps thinking and service orchestration in which advanced security, network behavior and business-optimum transformation are all built into releases versus one or more of these disciplines being an afterthought. Empower your security operations to keep up with rapidly innovating DevOps.
• Reduce agent fatigue. How many different security programs does your average company have running on its most private servers and computing devices? Often, it’s a lot, in the neighborhood of several or more. We call this agent fatigue and the disparate security system agents don’t always work well together to protect your data and apps. What’s more, they all cost money. Wouldn’t it be nice to have just one type of agent to manage, with both FIM and the other security functions built-in or enabled?
• Comply with standards and regulations such as PCI-DSS, HIPAA, Hitrust, NIST 800-53, NIST 800-171, NERC CIP, CIS, NYDFS, SWIFT CSP, and GDPR. File integrity monitoring and audit control are essential toward ensuring breaches and unauthorized changes are detected in your environment and toward generating artifacts to respond to regulatory requirements.

Atomic OSSEC empowers financial service providers to secure their infrastructures, inspect files and systems, and leverage PCI-DSS controls to protect FSPs and their customers’ data.

Learn more about Atomic OSSEC. Get maximum protection and active response capabilities with Atomic Protector. Visit ModSecurity Rules and WAF for additional protection against web attacks.

Download the PCI-DSS Compliance whitepaper to discover how to:

• Drive a vulnerability management program – i.e., regularly update anti-virus protections and maintain secure applications.
• Install and maintain a firewall configuration to protect cardholder data.
• Implement strong access control measures – i.e., restrict access to cardholder data and authorized users.
• Change vendor-supplied defaults for system passwords and other security mechanisms.
• Protect ‘stored’ cardholder data.
• And much more.