Fox-IT received an Attestation of Compliance for the PCI-DSS standards for its Managed Detection & Response service on 15 March 2019. Fox-IT received the PCI-DSS certificate for the CTM Network module used to run the monitoring service after an assessment by an independent auditor. This PCI-DSS accreditation makes it even easier for customers of Fox-IT’s Managed Detection & Response service to demonstrate their PCI-DSS compliance in the annual mandatory audit.
Since 2004, all credit card data processing organisations are required to comply with PCI-DSS standards. This applies not only to direct processors, such as financial institutions and shops, but also to their suppliers. In short, to all organisations that may come into contact with credit card data. Under these standards, not only how security is arranged and how the network and systems are monitored must be ensured, but also how the data will be secured in the event of a data leak.
Fox-IT’s network monitoring service has been developed based on the experience of cyber security experts over the past two decades. It combines comprehensive insight into current threats and innovative technology with the support of a global team of security experts. The CTM Network Module monitors all traffic across the network for what are referred to as Indicators of Compromise (IOC), such as certain types of traffic, traffic with conspicuous destinations, or in which remarkable technology is used. If one or more of these IOCs are detected, a report is sent to the Security Operations Center (SOC), where the security analysts check the observation. If suspicious activities are confirmed, immediate action is taken and the customer is informed.
Christian Prickaerts, Director Managed Services: “This accreditation shows that we take that extra step for our customers. Suppliers of credit card processing organisations must be able to demonstrate that they are PCI-compliant. The PCI-DSS accreditation of our Managed Detection & Response service therefore saves them a lot of work in the annual audit in terms of the mandatory monitoring of their networks. We are proud to be able to offer them this.”