Manage and Protect the Microsoft Cloud Platform
Give Us a Call +1 561-898-1100

How 5nine Cloud Security helps to provide PCI DSS compliance for Hyper-V



Security in virtualized environment for the Payment Card Industry

Merchants, banking and finance sector achieve high competitive advantage if they provide the highest level of cardholder data security. Virtualization is cost-efficient in terms of hardware and operational expenses due to flexibility and scalability of the infrastructure.

Virtual environment has a dynamic nature, generating new previously unknown threats. The only way to achieve the required level of protection, while keeping performance high, is to leverage a solution that would be specifically designed for a virtual environment. This is a key to an optimized and secure infrastructure, with fast return on investment.

PCI DSS compliance becomes critical for businesses of all sizes to remain competitive in the market. There are strong reasons for businesses to become PCI DSS compliant:

REPUTATION
Both for acquirers and payment card issuers

TRUST
Secure payment environment enhances a cardholders’ trust for sharing high sensitive data

PREVENTION
Avoid credit card frauds and data breeches

How 5nine Cloud Security meets PCI DSS Security Standards

5nine Cloud Security is the solution to help merchants meet a majority of the PCI DSS requirements. It is a unified security and compliance solution designed to specifically address every Hyper-V security vulnerability using patent-pending technologies, eliminating the need to install additional expensive and resource-consuming security software.

Recorded Webinar: Achieving PCI DSS Compliance for the Microsoft Cloud using 5nine Cloud Security

Find how financial institutions and merchants can meet a majority of the PCI DSS requirements using 5nine Cloud Security.

Webinar Slides

Whitepaper: PCI DSS Compliance for Hyper-V

Read the complete guide on the PCI compliance in our whitepaper.

PCI Whitepaper

PCI compliance requirements

There are many PCI guides (standards) for the varying stakeholders involved in the payment industry. 5nine Software helps you achieve many of the PCI DSS level standards, providing a secure environment for your virtualized datacenters.

PCI DSS compliance ecosystem

Any Microsoft Hyper-V virtual network that is protected by 5nine Cloud Security is PCI compliant, because 8 of 12 PCI requirements related to a virtualized environment are met by 5nine Cloud Security’s architecture. The remaining 4 requirements are physical factors, so 5nine covers all of the software-based security requirements for Hyper-V.

"We offer security as a service through Windows Azure Pack, and it was essential for us that the security solution integrated with our management portal in the best possible way. I think there's no better solution than 5nine."

Sergi Martínez Mudarra
CTO, MediaCloud

MediaCloud Success Story

"Whether we provision VMs on behalf of our customers or our customers go through the local Azure portal to provision their own VMs, they want the same thing—individual firewall security and management capabilities. No one wants the multitenant complexities of the traditional approach of having a shared firewall or the operational constraints of having multiple dedicated firewalls."

Izak Laubscher
Chief Architect, Global Micro Solutions

Global Micro Success Story

"Yoku’s clients can now manage risk, improve protection and ensure compliance within their organization. Using 5nine we can create effective and on-demand protection customizable for each client with agentless firewall, intrusion detection, and antivirus configured within a private virtual LAN."

Rob Conley
Partner and CTO, Yoku Cloud Hosting

Yoku Hosting Success Story

Providing PCI DSS compliance to Hyper-V clouds

Below is the list of payment card industry data (PCI DSS) security requirements from the official website. Discover how 5nine matches the PCI requirements in this blog post.

Virtual Network Security

PCI DSS Requirement 1. Install and maintain a firewall configuration to protect cardholder data.

5nine Cloud Security provides network protection with an integrated multitenant virtual firewall, that is integrated into Hyper-V virtual switch. This allows 5nine Cloud Security to monitor any type of virtual network traffic (internal, external, and private), isolate individual VMs and security groups. Firewall rules can be tied to a specific schedule to reduce potential attack surface.

PCI DSS Requirement 2. Do not use vendor-supplied defaults for system passwords and other security parameters.

5nine Cloud Security supports Windows Server Active Directory (AD) to manage users and passwords for multi-tenant environments. It does not use default passwords to reduce the chances of administrators keeping them unchanged.

Cardholder Data Protection

PCI DSS Requirement 3. Protect stored cardholder data.

This requirement is a question of physical access restrictions and cannot be covered by 5nine Cloud Security.

PCI DSS Requirement 4. Encrypt transmission of cardholder data across open and public networks.

5nine Cloud Security does not encrypt traffic by itself, however it will support the transmission of encrypted traffic through its networks.

Network Vulnerability Management

PCI DSS Requirement 5. Use and regularly update anti-virus software on all systems commonly affected by malware.

5nine Cloud Security runs agentless antivirus scans of the virtual machines deployed on Microsoft Hyper-V. This security level is invisible to end-users, and they cannot disable AV scanning.

The unique technology allows to achieve up to 70 times faster antivirus scans compared to legacy AV solutions installed inside virtual machines. 5nine Cloud Security is shipped with Bitdefender, Kaspersky or ThreatTrack engines with frequently updated antivirus signatures.

PCI DSS Requirement 6. Develop and maintain secure systems and applications.

5nine Cloud Security includes security components integrity checks. It allows to isolate testing, development and production environments by leveraging the security groups, while web applications can be protected with an extra 5nine Web Application Firewall product.

Continual operations logging allows security administrator to monitor and detect unauthorized security configuration access attempts. Integrated intrusion detection system, allows to detect application level attacks directly on a Hyper-V virtual switch level, by leveraging Snort engine and signatures.

Strong Access Control

PCI DSS Requirement 7. Restrict access to cardholder data by business need-to-know.

This requirement is covered by standard authentication methods of Windows Server and Active Directory.

PCI DSS Requirement 8. Identify and authenticate access to system components.

This requirement is covered by standard authentication methods of Windows Server and Active Directory.

PCI DSS Requirement 9. Restrict physical access to cardholder data.

This requirement is a question of physical access restrictions and cannot be covered by 5nine Cloud Security.

Regular Network Monitoring and Testing

PCI DSS Requirement 10. Track and monitor all access to network resources and cardholder data.

This requirement is covered by standard access rights of Windows Server and security events logging of 5nine Cloud Security. An integrated network anomaly detection system detects malicious and suspicious network activities. All operations and events are logged in an unchangeable format for future analysis. Integration with centralized logging systems allows to achieve a required log retention period.

PCI DSS Requirement 11. Regularly test security systems and processes.

5nine Cloud Security is constantly collecting and controlling network statistics, such as overall traffic, number of packets and packets’ size. Then, by leveraging heuristics algorithm, it creates a base level of normal traffic behavior for each virtual machine, and constantly monitors deviations from that. If a deviation exceeds the sensitivity level, 5nine Cloud Security immediately notifies about a potential attack or malicious network activities. Integrated intrusion detection system based on Snort signatures along with heuristics algorithm allows to successfully pass penetration tests.

Information Security Policy

PCI DSS Requirement 12. Maintain a policy that addresses information security.

This requirement is a question of corporate information policy and cannot be covered by 5nine Cloud Security.