Please complete the form to apply for a free scan account.
We'll get back to you as soon as possible.
Turaco Labs needs the information provided to contact you about our services.
Tags:
A regular query we've had from our partners is "how we are going to support the new PCI requirements 6.4.3 and 11.6.1 for eCommerce merchants"?
The good news is that this is fully supported in our ThreatView platform.
But by focusing on those 2 requirements, we believe the industry is missing the bigger picture.
Let's think about these merchants for a moment. Merchants (currently) needing to be compliant with 6.4.3 and 11.6.1 are those that need to complete SAQ A-EP or SAQ D ie typically larger and more complex merchants (yes, I know there are exceptions to this rule, with small merchants also implementing payment processes that push them into this bracket).
The larger more complex merchants are typically the target of choice for criminals - complex set ups are harder to secure, larger businesses process more transactions. A good combo for a criminal to target.
We find the focus on 6.4.3 and 11.6.1 interesting - these controls make absolute sense, when coupled with an advanced threat detection capability (as they are in ThreatView). But if these controls determine that a malicious script has been introduced to the site, it means that fundamentally, the site is compromised. The malicious script is the last stage of that attack and is the most visible.
How do the criminals enable access - how are they breaking in, firstly, and have they deployed backdoors etc for persistence?
While these types of additional malware can be detected by a multi-layered threat detection system like ThreatView Advanced, this is also where PCI Requirement 11.5.2 really comes into play.
Requirement 11.5.2 is about File Integrity Monitoring (FIM).
And very few people in the industry talk about this "boring, but hugely important" control.
Being able to identify malicious changes quickly means a team of developers can rapidly "find the needle in the haystack", roll back those changes and secure the site. Saving time, effort and cost all round. It is a hugely useful part of the security toolbox to mitigate and manage threats.
Well, in our experience at Turaco Labs and our previous 16 years at Foregenix, we have not once seen a hacked eCommerce merchant with FIM in place. In fact, most have had almost zero security in place.
FIM is hard to do well, particularly in eCommerce websites.
A quick Google Search for "FIM solutions for eCommerce Merchants" does not bring up many SME-relevant options:
None of these would suit a SME eCommerce website. These are Enterprise solutions, designed for corporate server environments, not an eCommerce website.
Additionally, if they were deployed, they are really good solutions at monitoring changes, but how would a systems administrator know if those changes were malicious or not. Multiple systems, FIM, threat detection, script monitoring and so on would be required to do this well.
And then let's consider who the industry is expecting/requiring to deploy and manage these technologies: SME eCommerce websites.
If we have learned anything in the last decade and a half of forensic work in this industry, it is that these types of businesses are generally run very lean, with development and hosting outsourced. They do not have a security team. They do not have the budget to hire a security team OR buy enterprise security solutions.
Yes, let's get excited about the 6.4.3 and 11.6.1 controls because they can and will help to reduce risk.
But let's also look deeper - if we take a Security First approach, then, at the very least, we need the ability to:
=> ThreatView Advanced Edition.
This is what we do. And to the best of our knowledge, ThreatView is the ONLY solution in the eCommerce industry taking this multi-layered approach.
ThreatView is a SECURITY-FIRST solution. We are not just trying to "tick the box" - we are focused on reducing risk across the riskiest portion of the eCommerce sector.
=> If you are looking for a solution that addresses 6.4.3 and 11.6.1, why not include 11.5.2 also? And why not support 3 & 5 too? It makes sense from a security perspective.
=> If you are focused on security and risk management, then perhaps we should have a conversation. Perhaps we could help?
eCommerce businesses are facing a rapidly growing threat, targeting their payment data. This has been documented in our ThreatScape Reports over the years - and the most telling number for us is the total number of hacked sites we detect each time we conduct a global scan for threats across our portfolio - this morning's result reported over 48,000 sites detected with malware.
Magento 2 and Adobe Commerce users are currently dealing with a critical security crisis: the SessionReaper...
At Turaco Labs, we have identified a live digital skimmer (e-skimmer) that hijacks Stripe...
