CALL US: USA +1 561-898-1100 | EUROPE +44-20-3026-1881


Security in a Virtualized Environment for the Payment Card Industry

Merchants, banking and finance sector achieve high competitive advantage if they provide the highest level of cardholder data security. Virtualization is cost-efficient in terms of hardware and operational expenses due to flexibility and scalability of the infrastructure.

Virtual environment has a dynamic nature, generating new previously unknown threats. The only way to achieve the required level of protection, while keeping performance high, is to leverage a solution that would be specifically designed for a virtual environment. This is a key to an optimized and secure infrastructure, with fast return on investment.

PCI DSS compliance becomes critical for businesses of all sizes to remain competitive in the market. There are strong reasons for businesses to become PCI DSS compliant:

  • Reputation: Both for acquirers and payment card issuers.
  • Trust: Secure payment environment enhances a cardholders’ trust for sharing high sensitive data
  • Prevention: Avoid credit card frauds and data breeches

How 5nine Cloud Security meets PCI DSS Security Standards

5nine Cloud Security is the solution to help merchants meet a majority of the PCI DSS requirements. It is a unified security and compliance solution designed to specifically address every Hyper-V security vulnerability using patent-pending technologies, eliminating the need to install additional expensive and resource-consuming security software.

PCI Compliance Requirements

There are many PCI guides (standards) for the varying stakeholders involved in the payment industry. 5nine Software helps you achieve many of the PCI DSS level standards, providing a secure environment for your virtualized datacenters.

Any Microsoft Hyper-V virtual network that is protected by 5nine Cloud Security is PCI compliant, because 8 of 12 PCI requirements related to a virtualized environment are met by 5nine Cloud Security’s architecture. The remaining 4 requirements are physical factors, so 5nine covers all of the software-based security requirements for Hyper-V.

Providing PCI DSS Compliance to Hyper-V Clouds

Below is the list of payment card industry data (PCI DSS) security requirements from the official website. Discover how 5nine matches the PCI requirements in this blog post.

Virtual Network Security

PCI DSS Requirement 1. Install and maintain a firewall configuration to protect cardholder data.

5nine Cloud Security provides network protection with an integrated multitenant virtual firewall, that is integrated into Hyper-V virtual switch. This allows 5nine Cloud Security to monitor any type of virtual network traffic (internal, external, and private), isolate individual VMs and security groups. Firewall rules can be tied to a specific schedule to reduce potential attack surface.

PCI DSS Requirement 2. Do not use vendor-supplied defaults for system passwords and other security parameters.

5nine Cloud Security supports Windows Server Active Directory (AD) to manage users and passwords for multi-tenant environments. It does not use default passwords to reduce the chances of administrators keeping them unchanged.

Cardholder Data Protection

PCI DSS Requirement 3. Protect stored cardholder data.

This requirement is a question of physical access restrictions and cannot be covered by 5nine Cloud Security.

PCI DSS Requirement 4. Encrypt transmission of cardholder data across open and public networks.

5nine Cloud Security does not encrypt traffic by itself, however it will support the transmission of encrypted traffic through its networks.

Network Vulnerability Management

PCI DSS Requirement 5. Use and regularly update anti-virus software on all systems commonly affected by malware.

5nine Cloud Security runs agentless antivirus scans of the virtual machines deployed on Microsoft Hyper-V. This security level is invisible to end-users, and they cannot disable AV scanning.

The unique technology allows to achieve up to 70 times faster antivirus scans compared to legacy AV solutions installed inside virtual machines. 5nine Cloud Security is shipped with Bitdefender, Kaspersky or ThreatTrack engines with frequently updated antivirus signatures.

PCI DSS Requirement 6. Develop and maintain secure systems and applications.

5nine Cloud Security includes security components integrity checks. It allows to isolate testing, development and production environments by leveraging the security groups, while web applications can be protected with an extra 5nine Web Application Firewall product.

Continual operations logging allows security administrator to monitor and detect unauthorized security configuration access attempts. Integrated intrusion detection system, allows to detect application level attacks directly on a Hyper-V virtual switch level, by leveraging Snort engine and signatures.

Strong Access Control

PCI DSS Requirement 7. Restrict access to cardholder data by business need-to-know.

This requirement is covered by standard authentication methods of Windows Server and Active Directory.

PCI DSS Requirement 8. Identify and authenticate access to system components.

This requirement is covered by standard authentication methods of Windows Server and Active Directory.

PCI DSS Requirement 9. Restrict physical access to cardholder data.

This requirement is a question of physical access restrictions and cannot be covered by 5nine Cloud Security.

Regular Network Monitoring and Testing

PCI DSS Requirement 10. Track and monitor all access to network resources and cardholder data.

This requirement is covered by standard access rights of Windows Server and security events logging of 5nine Cloud Security. An integrated network anomaly detection system detects malicious and suspicious network activities. All operations and events are logged in an unchangeable format for future analysis. Integration with centralized logging systems allows to achieve a required log retention period.

PCI DSS Requirement 11. Regularly test security systems and processes.

5nine Cloud Security is constantly collecting and controlling network statistics, such as overall traffic, number of packets and packets’ size. Then, by leveraging heuristics algorithm, it creates a base level of normal traffic behavior for each virtual machine, and constantly monitors deviations from that. If a deviation exceeds the sensitivity level, 5nine Cloud Security immediately notifies about a potential attack or malicious network activities. Integrated intrusion detection system based on Snort signatures along with heuristics algorithm allows to successfully pass penetration tests.

Information Security Policy

PCI DSS Requirement 12. Maintain a policy that addresses information security.

This requirement is a question of corporate information policy and cannot be covered by 5nine Cloud Security.