Page 36 - Cyber Warnings - November 2015
P. 36
Gearing Up for the Holiday Shopping Season: PCI Compliance
and Other Security Considerations
By Mav Turner, Director of Product Marketing and Strategy, Security, SolarWinds
If you’re like most, your security audits usually don’t take place during the busy holiday season,
which is now virtually upon us; instead, they happen months in advance when you have more time
to focus on meeting compliance standards. However, the drawback of conducting audits well in
advance of the holiday season is that an IT environment can go through drastic shifts throughout
the year, leaving your infrastructure potentially vulnerable just as cybercriminals start to take
advantage of the holiday season, and your company needs its infrastructure operating at its best.
While it may not always be feasible to shift your auditing to later in the year, it’s at the very least
critical to ensure the same level of focus on security as if being audited now, just prior to the holiday
season, to make absolutely sure your compliance and security is in order, which means accounting
for not only changes in your company’s infrastructure since being audited, but anticipating
challenges of the holiday rush.
Unique Security Considerations for the Holiday Season
During the end-of-year holiday season, when consumer shopping increases dramatically, there are
greater risks surrounding security. Consumers increase credit card usage, causing a surge in
activity that makes it easier for an attack to slip through. What’s more, we can essentially throw
“normal” shopping behavior and activity out the window during the holiday season, because with
midnight sales and round the clock shopping, detecting abnormal activity can be tricky. You want to
make sure something isn’t a threat, but you also don’t want to prohibit traffic.
Improving Security before the Holiday Surge
As a result, it’s important to have a more discerning eye at this time of year—more focus as the
traffic increases. It’s helpful to have a tool, such as a security information and event management
platform, to automate some of this, lessening the burden on you. When looking for such a tool,
you’ll want to confirm it automates the collection of data and analyzes it to ensure compliance long
after audits have been completed. Some tools automate, but then need other tools to do the
analysis. Aggregating is one thing, but if you aren’t pulling knowledge from the data, you could put
your network in danger. You should also make sure it can easily demonstrate compliance. For
example, some companies try to pull data manually from disparate locations, which takes a great
amount of time and effort. By having an out-of-the-box tool, you can prove your compliance as soon
as possible—the less time spent logging, the more you can spend securing.
Infrastructure performance monitoring tools can also help improve security posture at this time of
year by helping to identify potential threats based on performance anomalies. Network, application,
firewall and systems performance management and monitoring tools with algorithms that highlight
36 Cyber Warnings E-Magazine – November 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
