Built with PCI DSS in mind, UKFast’s Threat Monitoring is already being used by our clients to help meet the criteria required to achieve PCI DSS compliance.
Our threat monitoring service utilises baseline and vulnerability scanning tools, coupled with advanced intrusion detection systems and log collection. It also secures your server against threats and ensures a secure baseline is achieved, in accordance with PCI DSS.
So, which PCI DSS requirements (controls) can UKFast Threat Monitoring help you with?
Through the use of UKFast’s Threat Monitoring System Audit Scanning, default credentials for many applications and services are easily detected. This prompts an alert for the credentials to be changed. Additionally, server security scanning can be used to determine insecure server configurations to further enhance security.
UKFast supports default credential scans for many web applications, local packages, databases and administration tools. We also run system audit scans that interrogate your server’s configuration against a UKFast-approved PCI DSS 3.2 baseline.
UKFast Threat Monitoring integrates closely with common anti-virus services, like McAfee AV and ClamAV, to provide real-time alerts on detected items. UKFast security experts are always on hand to assist in setting up real-time, on-access malware scanning and scheduled malware scans for your solution.
Taking scanning to the next level, our Threat Monitoring ties in closely with industry-recognised rootkit scanners. These detect even the most deceptive malware, including many rootkits, trojans and system backdoors. With the assistance of a UKFast security professional, these scans can be set up to run on a schedule and alerts are set up for detection events.
Partially covering Control 6, UKFast Threat Monitoring assists with defending against attacks to your application’s code where applicable. Web-based applications are protected against common web attacks, such as SQL Injections, CSS, PHP Remote file inclusion andmore.
UKFast’s security specialists also work closely with you to implement compensating controls where applicable to further secure your applications for threats. These include IP whitelisting, user-agent blacklisting and HTTP authentication.
File Integrity Monitoring (FIM) can be applied to critical application files, ensuring that unauthorised changes don’t go unnoticed. By placing FIM on critical files, such as payment gateway files, admin login directories and configuration files, you receive an alert as soon as a change is detected.
In addition, audit information can be applied to track what has changed in files, the user that changed the file and what process was used to make the changes, adding an audit trail for investigations.
Through the use of a lightweight software agent, Threat Monitoring captures your server’s log in real time and securely sends them to our enterprise-grade log interrogation infrastructure for analysis and storage. These logs are interrogated for incoming threats and automated actions are triggered to block attacks as they happen and send real-time alerts.
UKFast Threat Monitoring’s IP blocking feature also allows attacks to be mitigated in real time. This stops common attacks in their tracks and adds defensive capabilities to further improve on PCI DSS requirements.
In accordance with PCI DSS, these logs can be readily accessed for up to three months. They are archived for a further nine months, meaning logs are available upon request for up to a year.
Unofficial external and internal vulnerability scans can be run through the Threat Monitoring MyUKFast dashboard. This provides a quick and easy way of hunting down server and application vulnerabilities, outdated software and insecure configurations on your infrastructure, in preparation for running a vulnerability scan from an approved scanning vendor to achieve PCI compliance.
These scans are provided in a report. You can use this to reference PCI DSS for internal audits or utilise a regularly updated list of industry-recognised CVE numbers and scores. (Please note UKFast is currently not an ASV and cannot provide official PCI DSS vulnerability scans to achieve compliance. All scans are for test purposes only).
The additional product, UKFast Threat Response, allows regular updating and patching to be offloaded to our security engineers. Clients can utilise their expertise to manage regular software updates and to apply security patches, for items found in vulnerability scans and critical CVEs, as they are released.
Find out more about how UKFast Threat Monitoring enhances your security and helps you to achieve PCI DSS compliance.