PCI-DSS

The current version of the standard (v1.2) specifies 12 requirements for compliance, organized into six logically related “control objectives.”

PCI DSS Data Security Standard Requirements v1.2

1. Maintain firewalls to protect data Change Control facilitated

 • GreenSQL Gives Real-time database protection with a rules-based DB firewall

3. Protect stored data

 • Automatically identifies movement of CVV/PIN data

 • Automatically locates and classifies sensitive data

 • Detects, prevents and alerts of real-time intrusion

 • GreenSQL Provides a “out-of-box” method to store sensitive data encrypted in the database*

4. Encrypt transmission of cardholder data

 • GreenSQL Encrypts transmission between any application and GreenSQL and from GreenSQL to the DB and back to the application

6. Develop & maintain secure systems Change Control facilitated

 • Develops and maintains industry best practices on software & data security

 • Maintains & alerts of all DB changes, including to external configuration files

 • Automates reconciliation of DB changes to authorized work orders

 • Secures all web-facing applications against known attacks

7. Restrict access to cardholder data

 • Restricts access according to user, and application, as defined by user rights rules

 • Credit card numbers are masked when displaying cardholder data*

10. Track & monitor – comprehensive

 • Implements a secure, comprehensive, automated audit trail

 • Creates detailed reports based on the audit trail

12. Maintain policy

 • Automated learning mode automatically generates a full rules policy customized for each DB as required

* GreenSQL Pro Advanced version.

Implemented at the end of 2008, the Payment Card Industry Data Security Standard (PCI DSS) was developed by leaders of the credit card industry, including American Express, Discover Financial Services, MasterCard Worldwide, JCB International, and Visa Inc. International. The standard combined five different programs developed by these companies to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when storing, processing, and transmitting cardholder data.

As well as safeguarding card issuers, PCI DSS serves the essential purpose of satisfying consumer demands for total protection of their sensitive card account data.

The logical and practical benefits of PCI DSS cannot be denied. In reality though, the requirement to implement compliance systems is generally seen by merchants and payment processors as yet another complex and costly hurdle set up by the “big five payment brands” to remove their responsibility for security breaches. This attitude is reinforced by the fact that even if an organization is PCI DSS compliant and passes a PCI DSS audit, it does not ensure that the organization’s cardholder data is secure. Similarly, PCI DSS compliance does not absolve merchants from the disastrous effects of a credit card breach.

Since the advent of the PCI DSS, developers have worked on a solution that enables organizations to achieve their PCI DSS obligations while also keeping within the spirit and aim of the standard – protecting cardholder data. That solution is finally here.

Implementing and attaining PCI DSS compliance places strict requirements on organizations. Your PCI DSS compliance solution must be thorough, reliable, robust, and user friendly. Your peace of mind and your client’s peace of mind depend on it.

GreenSQL Pro is the best of breed Unified Database Security solution that enables you to secure your databases, safe in the knowledge that they are being used for their intended purpose and for nothing else. Confidential credit card data must remain just that – confidential. Securing your databases with the security capabilities of GreenSQL Pro ensures an impenetrable fortress protects your data from those attempting to infiltrate your database.

GreenSQL Pro is a firewall that is installed as a front end to databases, fully hiding and securing them. GreenSQLPro works as an SQL reverse proxy, by validating SQL queries for permissible commands before dispatching them to the SQL database for execution.

Known exploits are handled by the GreenSQL Pro signature attacks database, while unknown exploits are managed by the GreenSQL Pro heuristic engine. This dual approach to securing your database against exploits ensures that, with GreenSQL Pro, your database OS and database vulnerabilities are a thing of the past.

GreenSQL Pro affords you unprecedented flexibility in protecting your databases, effectively facilitating overhead performance. As the only database security solution with the flexibility to sit either on your Web server, DB server, or on a dedicated server protecting multiple databases, you are assured of maximum security with minimum compromise of overhead performance .

The GreenSQL Pro best practice caching module minimizes latency and preserves database performance in keeping with your requirements. The GreenSQL Pro smart caching solution automatically responds to application SQL query behavior patterns and dramatically increases database performance. The caching feature can be enabled or disabled by database and by query to provide full caching control.

Only GreenSQL Pro can be quickly and easily deployed between servers as required to maintain unprecedented database security and improve system efficiency.

GreenSQL Pro automatically protects against newly discovered 0-day database and OS vulnerabilities or potential attacks aimed against databases or database operating systems until the application or operating system vendor releases the required fixes and mitigation plans. GreenSQL Pro enables you to continue to function securely until you are able to download the relevant security patches.

Furthermore, the automated learning mode of GreenSQL Pro independently learns database behavior and automatically generates a full custom rules policy for each database in accordance with its specific behavior. Instead of wasting time and resources configuring rules, simply accept or reject the rules custom made for you.

The large number of stringent data and regulatory compliance requirements forced upon organizations can place enormous strain on a company’s financial and manpower resources.

GreenSQL Pro provides comprehensive real-time auditing functions that can be easily configured on the fly. GreenSQL Pro identifies every query request and response, including every field affected in this process. Similarly, the GreenSQL Pro firewall policy enables you to fully define user profiles. Coupled with the real-time alerts feature, the configurable audit feature of GreenSQL Pro empowers organizations in addition to enabling compliance. The abundant information gathered for audit purposes is second to none.

Organizing such vast quantities of data is effortless with the intuitive GreenSQL Pro audit report template. It can be easily configured to display all relevant data required by an organization and its auditors. Demonstrating PCI DSS compliance to auditors has never been simpler.

The implementation of PCI DSS was initially met with resentment by the businesses upon whom it was imposed. The theory behind PCI DSS is sound but the uncertainty about how to become compliant remains.

GreenSQL Pro provides a cost effective, unified solution that enables all businesses not simply to satisfy the letter of the PCI DSS standard but also to conduct their affairs in the spirit of the standard. GreenSQL Pro is the new gold standard for PCI DSS compliance.