Illumio > 实例探究 > Leading eCommerce Retailer Achieves PCI Compliance in Record Time with Illumio

Leading eCommerce Retailer Achieves PCI Compliance in Record Time with Illumio

Illumio Logo
公司规模
Large Corporate
地区
  • America
国家
  • United States
产品
  • Illumio Adaptive Security Platform®
技术栈
  • Illumination
  • Policy Generator
实施规模
  • Enterprise-wide Deployment
影响指标
  • Cost Savings
  • Customer Satisfaction
技术
  • 网络安全和隐私 - 云安全
  • 网络安全和隐私 - 安全合规
适用行业
  • 电子商务
适用功能
  • 销售与市场营销
用例
  • 网络安全
服务
  • 系统集成
  • 测试与认证
关于客户
The customer is a leading eCommerce retailer. The company's environment includes the global credit card processing systems and Tier 2 systems that interface with applications inside the Cardholder Data Environment (CDE). The company was facing a challenge in achieving PCI compliance for its payment infrastructure due to vulnerabilities within its flat network. The company needed to quickly segment their CDE from the rest of their applications or they ran the risk of critical findings during the PCI audit.
挑战
A leading eCommerce retailer was facing a challenge in achieving PCI compliance for its payment infrastructure. The company's network was flat, and penetration testing revealed vulnerabilities that could expose its payment infrastructure to malicious activity if perimeter defenses were breached. The company needed to quickly segment their Cardholder Data Environment (CDE) from the rest of their applications to avoid critical findings during the PCI audit. The challenge was to isolate systems processing credit card data and mitigate lateral movement attacks in a heterogeneous hardware platform environment.
解决方案
The company selected the Adaptive Security Platform® (ASP) from Illumio to segment systems processing credit card data. The solution leveraged two methods: user segmentation to ensure that only authorized users can access payment applications and via a secure channel, and environmental isolation of the CDE. The company utilized Illumio's real-time application dependency map, Illumination, to identify the Tier 2 systems that were included in the CDE and Policy Generator to automatically generate micro-segmentation policies. They also took advantage of Illumio’s pre-packaged Segmentation Templates, then tested security policies to quickly define and enforce segmentation rules. The roll out was completed within a month, with an easy deployment.
运营影响
  • The company was able to quickly meet PCI DSS requirements to segment CDE for PCI compliance.
  • The solution provided real-time application dependency map and micro-segmentation policies to quickly scope CDE across global heterogeneous deployment.
  • The company was able to mitigate lateral movement attacks.
  • The solution provided full compliance documentation and auditability.
  • The company plans to expand to another 1,000 workloads to cover its entire environment, including change management between development and production.
数量效益
  • Achieved PCI compliance in record time.
  • Plan to expand to another 1,000 workloads to cover its entire environment.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

相关案例.

联系我们

欢迎与我们交流!
* Required
* Required
* Required
* Invalid email address
提交此表单,即表示您同意 IoT ONE 可以与您联系并分享洞察和营销信息。
不,谢谢,我不想收到来自 IoT ONE 的任何营销电子邮件。
提交

感谢您的信息!
我们会很快与你取得联系。