Call a Specialist Today! 833-335-0426

Enterprise-class PCI Services


Trustwave Solutions
Trustwave PCI Compliance
Trustwave Enterprise business
Contact us for pricing!
Get a Quote

Enterprise Compliance Programs Simplified

Medium- and large-size enterprises depend on Trustwave to establish and improve their PCI Compliance programs and strengthen their security posture. With the combination of elite testing and assessment teams, trusted compliance advisors and integrated and automated technology platforms, Trustwave will help you achieve your compliance goals and build a sustainable program – no matter where you are in the process.

Overview:

For businesses managing complex payment environments, Trustwave provides enterprise-class assessment services and compliance-enabling technology to help secure your environment and then automate the right pieces of the PCI effort. Enterprises often are managing multiple compliance regimes that demand time, resources and budget. Trustwave is here to help you proactively manage your PCI efforts and ensure the process is completed with security and other regulatory requirements in mind.

server block

Benefits:

Trustwave is the known leader in PCI services, consulting and validation technology. We have more experience than any other QSA in managing large and complex assessments. We’re here to help you establish the security strategy behind your compliance program and simplify the way you manage compliance and risk across your business.

folder check icon

Establish Best Practices

Our trusted compliance and security advisors help you create a strong and strategic foundation. We also conduct and manage assessments, and deliver elite testing and remediation services.

locked file icon

Reduce Complexity

Uniform security policies and integrated technologies are developed, deployed and delivered easily and consistently across your business.

bathroom man icon

Conserve Resources

Built-in best practices and user-friendly toolkits simplify technology deployment and reduce the time and resources you spend on achieving and maintaining compliance.

laptop icon

Improve Visibility and Control

The Trustwave TrustKeeper platform provides transparency into a fully automated compliance and managed security PCI compliance solution. This increases your visibility into corporate and remote locations, and improves management oversight.

lock icon

Make Security a Priority

Our PCI approach is designed with the security of your business in mind. We've developed the right tools and automation - powered by managed services and technology to help your business become secure - to help you validate with the PCI DSS.

How It Works:

Customized Compliance Validation Services

For PCI DSS engagements with larger enterprises, Trustwave will create a custom Compliance Validation Services (CVS) approach that includes the specific requirements you need to achieve and continuously maintain PCI compliance.

Savvy organizations know that PCI compliance is not a snapshot in time, but a continuous state that requires diligence, planning and the right automation. Trustwave offers unmatched resources and experience in guiding you through the process – from initial scheduling of your PCI review to final preparation of your Report on Compliance (ROC).

Trustwave will kick off the project with the right stakeholders from your organization, and then run your CVS project with four succinct phases:

Compliance Phases

What to expect from your PCI CVS engagement

PCI CVS Engagement

Expert QSAs Guide the Process

For any CVS engagement, Trustwave assigns a Qualified Security Assessor (QSA) to act as the management consultant and facilitator. These experts oversee the project, coordinate and schedule activities and resources with the client and ensure the quality of all Trustwave deliverables.

Each CVS assessment is scoped individually and typically includes data gathering and pre-assessment activities, a kickoff meeting, pre-onsite data gathering and consulting, an on-site audit and a wrap-up briefing session. A remediation phase can be added as needed.

Compliance Manager Tracks and Reports

Delivered by TrustKeeper, the Trustwave cloud-based managed security and compliance platform, Compliance Manager is a real-time tool that provides clear and actionable information through a single, consolidated view of the CVS engagement.

As we work through the phases of your assessment, Trustwave QSAs will build your Report on Compliance in Compliance Manager, so you have visibility into the process and stay on top of areas that need attention and action. Customers can access on-demand reports at any time – for Report on Compliance variables such as Asset Status Reports and Control Status. And because it’s delivered by TrustKeeper, Compliance Manager works with the other pieces of CVS, providing a view into scheduling and managing vulnerability scan status and penetration testing findings.

TrustKeeper View

Trustkeeper view

Track your assessment by different views into requirements, assets and controls: Compliance Manager provides a powerful interface that simplifies the complexity of enterprise PCI engagements. Customers can access on-demand reports at any time - for Report on Compliance variables such as Asset Status Reports and Control Status. And because it's delivered by TrustKeeper, Compliance Manager works with the other pieces of CVS, providing a view into scheduling and managing vulnerability scan status and penetration testing findings.

Penetration Testing

Penetration Testing

Under PCI DSS, penetration testing must be performed against both external and internal environments within scope for the PCI assessment. Trustwave Managed Security Testing allows customers to schedule application or network penetration testing on demand, and manage results and remediation projects. Customers can view and track penetration test findings for Pen Tests associated with any current assessment in Compliance Manager.

Vulnerability Scanning

Vulnerability Scanning

Trustwave Vulnerability Manager provides both internal and external scanning to meet PCI requirements, including 24x7x365 support, self-scan and reporting capabilities. Accessible in TrustKeeper, the scanning engine links to other TrustKeeper modules (like Compliance Manager) to help you demonstrate compliance and take immediate action against identified vulnerabilities.

PCI customers can schedule and manage scans within TrustKeeper with an easy-to-use dashboard that includes trending analysis. Vulnerability Manager can accommodate large numbers of bulk scans, bulk appeals, and multiple scan types.

Compliance and Security Monitoring

The TrustKeeper Agent is the Trustwave compliance monitoring and data discovery tool. The Agent helps facilitate vulnerability scanning for dynamic IP addresses, as well as provides basic security health and PCI compliance monitoring. Detection of prohibited data – such as track data found in the magnetic stripe - and payment application detection and policy monitoring can help enterprises keeps tabs on activity within their in-scope systems.

The agent also delivers more robust monitoring and alerts to help you maintain compliance on an ongoing basis. Other ways the agent can help your business:

bathroom man with laptop icon

File Integrity Monitoring

FIM examines OS and registry file data on Windows-based POS devices, laptops, desktops and servers for changes to alert the customer to potentially risky or non-compliant activity. FIM bundles well with the robust Trustwave Data Loss Prevention product.

bathroom man with laptop icon

Security Log Monitoring

SLM pulls Windows security logs from the machine and sends them to the Trustwave SIEM for review, correlation and analysis. The agent acts as the delivery mechanism for our Managed SIEM, which many enterprises enlist for logging and monitoring to address PCI requirements.

Optional Services from Trustwave

Many customers rely on our other services to help augment a PCI engagement. Call 1-888-878-7817 to find out more.

generic cloud server icon

Security Awareness Education

Trustwave offers a comprehensive Security Awareness Education program, built with the expertise of elite ethical hackers and guidance from our PCI experts. Delivered in the cloud, Trustwave SAE is ideal for large organizations that need a company-wide program to help employees stay vigilant and aware, and take an active role in protecting the organization.

bathroom man with laptop icon

Policy and Procedure Development

Trustwave can help you build a customized set of policies that create the right internal process to protect sensitive data and help you meet your compliance requirements. An engagement with us connects you with a Trustwave consultant to help conduct interviews with your key stakeholders, create a comprehensive set of policies and then finalize and implement these policies within your organization.

bathroom man with laptop icon

PCI Gap Analysis

Trustwave experts can identify gaps in your security posture by measuring the existing security posture against mandates, such as PCI DSS.

bathroom man with laptop icon

Social Engineering Testing

Trustwave can identify the vulnerabilities of facilities, both externally and internally, by testing their physical security controls for technical weaknesses.

bathroom man with laptop icon

Wireless Network Penetration Testing

Using directed attack based logic, Trustwave can present your organization with the real risks of compromise inherent in its wireless infrastructure and explain what this risk means to sensitive data stored elsewhere.

Documentation:

Download the Trustwave Managed Security Services Data Sheet (PDF).