What information does Detectify provide for PCI Compliance Requirement 6?

The Payment Card Industry Data Security Standard (PCI DSS) program provides an information security compliance benchmark for companies that are handling, processing and storing cardholder data online. Software development and vulnerability management are covered in the PCI DSS compliance requirements as this concerns products and applications created to handle cardholder data.


Announcing Sysdig Secure 2.3: NIST + PCI image compliance checks, Kubernetes and Docker remediation tips, and more!

Today we are very excited to announce our latest release — Sysdig Secure 2.3! In this version of Sysdig Secure, we have invested heavily in hardening the compliance posture of Kubernetes, Docker configurations, and container images. We have released a set of features that provide compliance focused image scanning, guided remediation, compliance dashboards, and more.


Best Practices for PCI Compliance in a Container Environment

The PCI DSS compliance framework dates back to the mid-2000s — well before anyone was talking about containers. This does not mean, however, that PCI compliance doesn’t affect you if you’re running a containerized environment. Although the PCI DSS framework doesn’t deal in specific detail with containers, a containerized infrastructure presents unique challenges that your organization must solve in order to remain PCI-compliant.

PCI DSS Compliance: An Overview

The Payment Card Industry (PCI) comprise all credit card providers including Visa and MasterCard. These entities are required to uphold the integrity of the cardholders’ information to prevent any breach. While complying with the PCI DSS requirements can be overwhelming, it is necessary since it’ll enable you to develop stringent measures to store and protect the cardholders’ data.

What is PCI DSS and why do I need it?

PCI DSS is an incredibly important compliance standard for those processing card payments. It stands for Payment Card Industry Data Security Standard. Whilst that doesn’t exactly roll off the tongue, it is a very resilient set of standard requirements that aims to make a business more secure. A 2018 payment security report revealed that no company affected by a data breach was completely compliant with PCI DSS.


The role of SIEM in PCI DSS compliance

Studies have shown a direct correlation between data breaches and non-compliance. This isn’t to say that compliant companies never get breached, but to reinforce the importance of incident detection and response. Businesses have begun to realize the devastating consequences of data breaches—their finances and reputation are at stake, so many have been taking steps over the last few years to comply with the PCI DSS. The main goal is often an emphasis on achieving continuous compliance.


Top 10 PCI DSS Compliance Pitfalls

Despite the fact that PCI DSS has been in effect for over a decade, and most merchants are achieving compliance, some of the world’s largest retailers have been hit by to data breaches. The sad truth is that achieving compliance doesn’t guarantee data protection, even for large organizations. For example, more than five million credit card numbers were stolen in 2018 hacks of two major retailers.


4 stops on the road to PCI compliance for AWS

Have you moved PCI cardholder data to Amazon Web Services (AWS)? AWS has been PCI DSS certified for many years but you still need to take steps to ensure the “security in the cloud.” Ultimately, the responsibility for PCI compliance rests on you, not AWS. According to the 2018 Cloud Security Report from Cybersecurity Insiders, the top two security control challenges SOCs struggle with most are visibility into infrastructure security (43 percent) and compliance (38 percent).