Enterprise-class PCI Services
Enterprise Compliance Programs Simplified
Medium- and large-size enterprises depend on Trustwave to establish and improve their PCI Compliance programs and strengthen their security posture. With the combination of elite testing and assessment teams, trusted compliance advisors and integrated and automated technology platforms, Trustwave will help you achieve your compliance goals and build a sustainable program – no matter where you are in the process.
For businesses managing complex payment environments, Trustwave provides enterprise-class assessment services and compliance-enabling technology to help secure your environment and then automate the right pieces of the PCI effort. Enterprises often are managing multiple compliance regimes that demand time, resources and budget. Trustwave is here to help you proactively manage your PCI efforts and ensure the process is completed with security and other regulatory requirements in mind.
Trustwave is the known leader in PCI services, consulting and validation technology. We have more experience than any other QSA in managing large and complex assessments. We’re here to help you establish the security strategy behind your compliance program and simplify the way you manage compliance and risk across your business.
Establish Best Practices
Our trusted compliance and security advisors help you create a strong and strategic foundation. We also conduct and manage assessments, and deliver elite testing and remediation services.
Uniform security policies and integrated technologies are developed, deployed and delivered easily and consistently across your business.
Built-in best practices and user-friendly toolkits simplify technology deployment and reduce the time and resources you spend on achieving and maintaining compliance.
Improve Visibility and Control
The Trustwave TrustKeeper platform provides transparency into a fully automated compliance and managed security PCI compliance solution. This increases your visibility into corporate and remote locations, and improves management oversight.
Make Security a Priority
Our PCI approach is designed with the security of your business in mind. We've developed the right tools and automation - powered by managed services and technology to help your business become secure - to help you validate with the PCI DSS.
How It Works:
Customized Compliance Validation Services
For PCI DSS engagements with larger enterprises, Trustwave will create a custom Compliance Validation Services (CVS) approach that includes the specific requirements you need to achieve and continuously maintain PCI compliance.
Savvy organizations know that PCI compliance is not a snapshot in time, but a continuous state that requires diligence, planning and the right automation. Trustwave offers unmatched resources and experience in guiding you through the process – from initial scheduling of your PCI review to final preparation of your Report on Compliance (ROC).
Trustwave will kick off the project with the right stakeholders from your organization, and then run your CVS project with four succinct phases:
What to expect from your PCI CVS engagement
Expert QSAs Guide the Process
For any CVS engagement, Trustwave assigns a Qualified Security Assessor (QSA) to act as the management consultant and facilitator. These experts oversee the project, coordinate and schedule activities and resources with the client and ensure the quality of all Trustwave deliverables.
Each CVS assessment is scoped individually and typically includes data gathering and pre-assessment activities, a kickoff meeting, pre-onsite data gathering and consulting, an on-site audit and a wrap-up briefing session. A remediation phase can be added as needed.
Compliance Manager Tracks and Reports
Delivered by TrustKeeper, the Trustwave cloud-based managed security and compliance platform, Compliance Manager is a real-time tool that provides clear and actionable information through a single, consolidated view of the CVS engagement.
As we work through the phases of your assessment, Trustwave QSAs will build your Report on Compliance in Compliance Manager, so you have visibility into the process and stay on top of areas that need attention and action. Customers can access on-demand reports at any time – for Report on Compliance variables such as Asset Status Reports and Control Status. And because it’s delivered by TrustKeeper, Compliance Manager works with the other pieces of CVS, providing a view into scheduling and managing vulnerability scan status and penetration testing findings.
Track your assessment by different views into requirements, assets and controls: Compliance Manager provides a powerful interface that simplifies the complexity of enterprise PCI engagements. Customers can access on-demand reports at any time - for Report on Compliance variables such as Asset Status Reports and Control Status. And because it's delivered by TrustKeeper, Compliance Manager works with the other pieces of CVS, providing a view into scheduling and managing vulnerability scan status and penetration testing findings.
Under PCI DSS, penetration testing must be performed against both external and internal environments within scope for the PCI assessment. Trustwave Managed Security Testing allows customers to schedule application or network penetration testing on demand, and manage results and remediation projects. Customers can view and track penetration test findings for Pen Tests associated with any current assessment in Compliance Manager.
Trustwave Vulnerability Manager provides both internal and external scanning to meet PCI requirements, including 24x7x365 support, self-scan and reporting capabilities. Accessible in TrustKeeper, the scanning engine links to other TrustKeeper modules (like Compliance Manager) to help you demonstrate compliance and take immediate action against identified vulnerabilities.
PCI customers can schedule and manage scans within TrustKeeper with an easy-to-use dashboard that includes trending analysis. Vulnerability Manager can accommodate large numbers of bulk scans, bulk appeals, and multiple scan types.
Compliance and Security Monitoring
The TrustKeeper Agent is the Trustwave compliance monitoring and data discovery tool. The Agent helps facilitate vulnerability scanning for dynamic IP addresses, as well as provides basic security health and PCI compliance monitoring. Detection of prohibited data – such as track data found in the magnetic stripe - and payment application detection and policy monitoring can help enterprises keeps tabs on activity within their in-scope systems.
The agent also delivers more robust monitoring and alerts to help you maintain compliance on an ongoing basis. Other ways the agent can help your business:
File Integrity Monitoring
FIM examines OS and registry file data on Windows-based POS devices, laptops, desktops and servers for changes to alert the customer to potentially risky or non-compliant activity. FIM bundles well with the robust Trustwave Data Loss Prevention product.
Security Log Monitoring
SLM pulls Windows security logs from the machine and sends them to the Trustwave SIEM for review, correlation and analysis. The agent acts as the delivery mechanism for our Managed SIEM, which many enterprises enlist for logging and monitoring to address PCI requirements.
Optional Services from Trustwave
Many customers rely on our other services to help augment a PCI engagement. Call 1-888-878-7817 to find out more.
Security Awareness Education
Trustwave offers a comprehensive Security Awareness Education program, built with the expertise of elite ethical hackers and guidance from our PCI experts. Delivered in the cloud, Trustwave SAE is ideal for large organizations that need a company-wide program to help employees stay vigilant and aware, and take an active role in protecting the organization.
Policy and Procedure Development
Trustwave can help you build a customized set of policies that create the right internal process to protect sensitive data and help you meet your compliance requirements. An engagement with us connects you with a Trustwave consultant to help conduct interviews with your key stakeholders, create a comprehensive set of policies and then finalize and implement these policies within your organization.
PCI Gap Analysis
Trustwave experts can identify gaps in your security posture by measuring the existing security posture against mandates, such as PCI DSS.
Social Engineering Testing
Trustwave can identify the vulnerabilities of facilities, both externally and internally, by testing their physical security controls for technical weaknesses.
Wireless Network Penetration Testing
Using directed attack based logic, Trustwave can present your organization with the real risks of compromise inherent in its wireless infrastructure and explain what this risk means to sensitive data stored elsewhere.
Download the Trustwave Managed Security Services Data Sheet (PDF).