国家银行卡服务通过 SecureSphere SE 增强安全性以实现 PCI 合规性
技术
- 应用基础设施与中间件 - 事件驱动型应用
- 网络安全和隐私 - 应用安全
适用行业
- 国家安全与国防
适用功能
- 维护
- 质量保证
用例
- 篡改检测
- 资产跟踪
关于客户
National Bankcard Services (NBS) 是一家总部位于美国明尼苏达州的公司,专注于为石油和便利店市场提供经济高效的定制处理解决方案。该公司为这些零售商提供在线服务,以便他们能够为消费者提供一系列支付选项,包括信用卡/借记卡/EBT 卡、专有卡、车队卡、支票、礼品卡和预付卡以及忠诚度解决方案。 NBS 通过 NBS 网站上的在线门户向每个客户公司提供网络托管服务。公司登录该门户以访问其不断更新的销售信息。 NBS 必须确保信息免受未经授权的访问或更改。
挑战
国家银行卡服务 (NBS) 为石油和便利店市场提供定制处理解决方案,包括为零售商提供各种支付选项的在线服务。作为其业务的一部分,NBS 使客户能够通过在线门户跟踪支付卡使用情况的销售情况。为了维护其声誉,NBS 必须确保其客户的销售和相关私人公司信息免受未经授权的访问和数据盗窃。该公司之前对其 Web 应用程序进行代码审查和手动代码修复,这一过程既耗时又容易出现人为错误。 NBS 需要遵守 PCI 6.6,以保护在线门户免受所有类型的应用程序威胁。然而,由于 IT 人员较少,该解决方案需要易于配置和维护。
解决方案
在评估各种解决方案后,NBS 选择了 Imperva SecureSphere SE Web 应用防火墙解决方案。该解决方案直接满足 PCI 6.6 应用层防火墙要求,为应用程序提供强大的保护,具有易于使用的管理 UI,并支持自动生成报告以简化组织的合规工作。 SecureSphere SE 是一款面向中型企业的市场领先的 Web 应用程序防火墙,为其在线客户门户提供自动化且准确的保护。通过动态分析,SecureSphere SE 无需不断手动调整应用程序监控和安全策略。通过相关攻击验证,SecureSphere SE 提供高度准确且完全自动化的防御系统,将误报率降至最低。 SecureSphere SE 内联安装,可直接实时检测并阻止应用程序攻击。它还检测并警告 NBS 发现的应用程序漏洞,并指出 Web 服务器响应代码中的相关错误,开发人员可以在下一个应用程序代码更改周期中修复这些错误。
运营影响
数量效益
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
相关案例.
Case Study
Data Capture for Afghanistan Forces
Electronic equipments on the field of Afghanistan provided information on the status of the vehicle and to identify potential threats surrounding it to the British Force. The monitoring and interpretation of this data requires robust and sophisticated digitization for data capture and communication.
Case Study
Enhancing Security and Compliance in Remitly's Global Money Transfer Service with Fastly
Remitly, an online remittance service, was faced with the challenge of securing its proprietary global transfer network. The company needed a security solution that could meet PCI requirements and protect customers' sensitive transactions through its mobile application. The solution had to be capable of defending against new and emerging attack types without impacting performance. Remitly also had to deal with irregular traffic patterns, such as a sudden spike in account transfers from a small network segment on the Pacific coastline of South America. The company needed to determine in real time whether such traffic indicated an attack or valid requests. A traditional web application firewall (WAF) would not be able to distinguish this traffic, potentially leading to customer frustration if the IP was blacklisted.
Case Study
Major Aerospace Company Automates Asset Management
The O&M division of an aerospace and global security company was using spreadsheets to manually track more than 3,000 assets assigned to students and staff. Maintaining audit trails for this high volume of equipment became increasingly time-consuming and challenging. The chore involved knowing precisely what equipment was on hand, what had been issued, its location and the name of the custodial owner of each item. Every aspect of this task was carried owner of each item. Every aspect of this task was carried out by individuals with spreadsheets. Manually documenting the full lifecycle of each asset added to the burden. This included tracking maintenance requirements and records, incidents and damages, repairs, calibrations, depreciation, and end-of-life data.
Case Study
Securing a Large Data Center in the EMEA Region: An IoT Case Study
A leading data-center operator in the EMEA region, with multiple facilities spanning over 25,000 square meters, faced significant security challenges. The operator experienced interruptions in their internal IT network due to unsupervised work of third-party technicians. Despite having a high-end building control system that provided 24x7 monitoring and control to all the building’s infrastructure, the data center was vulnerable from a cyber perspective as it was connected to the IT network infrastructure. The operator launched an urgent OT cyber security project that included both IT-OT network segmentation and OT network asset mapping and anomaly detection. The main objectives were to harden the security of the server systems, secure the facility’s power supply and server cooling system, strengthen the segmentation between building and operational systems, create a visual OT network map, and set up a system for presenting supply-chain attacks that may threaten the data center through equipment vendors’ maintenance activities.
Case Study
Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph
MITRE, a federally-funded, not-for-profit company that manages seven national research and development laboratories in the United States, was grappling with the challenge of managing an influx of cybersecurity data. The constant changes in network environments were impacting the security posture of U.S. government agencies. Intrusion alerts, anti-virus warnings, and seemingly benign events like logins, service connections, and file share access were all potentially associated with adversary activity. The cybersecurity researchers at MITRE needed to go beyond rudimentary assessments of security posture and attack response. This required merging isolated data into higher-level knowledge of network-wide attack vulnerabilities and mission readiness. The challenge was not the lack of information, but the ability to assemble disparate pieces of information into an overall analytic picture for situational awareness, optimal courses of action, and maintaining mission readiness. The team also struggled with fully comprehending a given security environment and mapping all known vulnerabilities.
Case Study
Enhancing Security Precision with IoT: A Case Study of Guardsman Group
Guardsman Group, a leading security company in the Caribbean, faced a significant challenge in maintaining the security of its digital infrastructure. The company provides security equipment, personnel, and systems for various businesses across the region. However, one of its offices experienced a security incident that affected all communications at that location. The existing security tools were not sufficient to provide the necessary protection, and it took hours to identify the source of the issue. This incident highlighted the need for a dynamic solution that could proactively identify threats. The company's primary concern was any disruption to its business, as it manages a significant portion of Jamaica's money and cannot afford for its operations to go down.
