Track and Protect Cardholder Data for PCI
Imperva enables organizations to meet the most challenging requirements in the Payment Card Industry (PCI) Data Security Standard (DSS). Merchants and service providers of all sizes trust Imperva SecureSphere to protect sensitive information, audit access to cardholder data, and automate their PCI compliance processes.
PCI DSS Requirements for Data Security Compliance
SecureSphere helps organizations meet 8 of the 12 high level requirements in the PCI standard including the traditionally most challenging Web application and database security requirements.
| Requirement | SecureSphere Capabilities for PCI DSS |
| 1. Install and maintain a firewall configuration to protect cardholder data | Contains built-in network firewall and intrusion prevention system |
| 2. Do not use vendor-supplied defaults for system passwords and other security parameters | Scans databases for default passwords, insecure settings, unpatched software and other vulnerabilities and configuration flaws |
| 3. Protect stored cardholder data | Identifies and prevents storage of magnetic track data and addresses all of the compensating controls for section 3.4, rendering cardholder data unreadable |
| 4. Develop and maintain secure systems and applications | Meets the application security requirements in section 6.6 with its market-leading Web Application Firewall. |
| 5. Restrict access to cardholder data by business need-to-know | Enforces need-to-know access based on business activities; reports demonstrate that only users with legitimate need have access to cardholder data |
| 6. Assign a unique ID to each person with computer access | Identifies shared user accounts and other potential account violations with monitoring and reporting |
| 7. Track and monitor all access to network resources and cardholder data | Provides full access auditing for sensitive data and intelligent alerts that notify administrators of suspicious activity, providing actionable information for compliance |
| 8. Regularly test security systems and processes | Delivers up-to-date compliance assessments and reports; alerts administrators to changes in usage, automates ongoing compliance |
- Comprehensive, accurate protection of cardholder data
- Continuous, automated data protection and audit logging
- Low cost of ownership
- No impact on existing infrastructure
- Automated policy configuration
- Enterprise-class management and reliability
- Automated PCI compliance reporting
SecureSphere's sophisticated application and database security technology enables organizations to meet PCI IT requirements
Deploying a Web Application Firewall was the most efficient and cost effective solution for us to comply with the PCI Data Security Standard. SecureSphere was the easiest product to deploy and configure, and delivered the best performance in our tests. When we learned about its ability to also monitor and protect databases, we expanded our project scope and deployed this functionality as well. With Imperva we have a complete solution for data security and PCI compliance.
Jean-Pierre Zaiter, CIO, Intuition Systems