Garland Technology ensures complete packet visibility by delivering a full platform of network TAP (test access point), inline bypass and packet broker products.
Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.
Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.
The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners
Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.
Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.
For years, the financial services industry was the most targeted industry for sophisticated cyber attackers (and some not so sophisticated). This was never too surprising—attackers often follow the money, starting with the low hanging fruit.
Out of all the credit card breaches that have been made public in the last several years, not many (if any) companies were truly compliant Payment Card Industry Data Security Standards (PCI DSS) compliance.
At the same time, being compliant also doesn’t mean that you are truly protecting the data that is important.
Any company dealing with credit card transactions knows PCI compliance can cause major headaches. The key is to implement a plan for evaluation, remediation and ongoing management.
The greatest PCI compliance challenge for any companies conducting credit card transactions is defining scope—which parts of your network actually need to adhere to PCI?
You might have 500 or 1,000 people in your company on a 1Gb connection. But your PCI scope could be just 50 endpoints generating 10Mb of traffic. The cost differences from a security standpoint are massive, so defining your scope is a critical first step to compliance.
This is why you work with a Qualified Security Assessor (QSA) before upgrading your cyber security infrastructure. A QSA will conduct a comprehensive analysis of your existing environment and provide a gap assessment for achieving compliance.
However, the results of a security assessment are often overwhelming—especially for organizations that never had these security considerations before. Many companies don’t have the staff or security budget to completely overhaul their infrastructures, and may not need to. But, getting your scope and gaps properly identified first is going to set you in the right direction. A QSA will definitely help you with this, but having an understanding of where your data exists and how you intend to monitor and secure your environment helps as well.
Partnering with an MSSP is also an easy and effective way to get help in addressing PCI compliance issues and implement your controls properly. Rather than suffering through a list of objectives from a QSA, you can work with people who have expertise and experience in proper compliance implementation.
What we are starting to see across the industry is that there are overlapping security requirements, sometimes requiring organizations to comply with multiple frameworks simultaneously. At the end of the day, these all have the same goal in mind; protect the data and implement best-practice security measures.
A great example in New York is the newly implemented Regulation 500 from the New York Department of Financial Services (DFS). For the more traditional financial services companies, this is just another regulation to manage. But for small businesses, Regulation 500 will bring entirely new, more specific, rules to comply with; possibly in addition to PCI and in some cases HIPAA.
Here are a couple key points that should be considered for most compliance programs:
Choosing a security partner or MSSP that understands emerging regulations like PCI and NY 500 is a great way to get help with compliance management as well as identifying and reducing overall cyber risk.
In addition to this understanding of your specific compliance needs, your MSSP must have the proper equipment to implement the necessary infrastructure for your scope. Whether utilizing a SIEM, IDS, IPS, firewall, and/or any other tools to meet compliance, having 100% visibility is essential. Utilizing network TAPs for anytime network access and packet brokers to filter company-wide traffic into these tools is essential.
Darrick Kristich is a security professional and founder of Sedara, a managed security service provider. His background primarily stems from the Aerospace & Defense markets and has expertise in technical and security architecture, as well as compliance program development and incident response. He currently resides in Buffalo, NY.