Client:
A mid-sized retail company with 120 employees, 150 endpoints, and an e-commerce platform that processes payment card data, needing to comply with PCI-DSS requirements.
Challenge:
The company faced potential vulnerabilities in their payment systems, including outdated encryption protocols (TLS 1.0) and improperly segmented networks. They required a detailed vulnerability assessment to ensure they were fully compliant with PCI-DSS standards and to prevent any future payment card data breaches.
Solution:
- Conducted an internal and external vulnerability assessmenton their payment systems, web applications, and internal network.
- Discovered outdated encryption protocols, misconfigurations in network segmentation, and vulnerable APIs that could expose customer cardholder data.
- Applied TLS 1.2encryption across the payment systems and web applications, improving data transmission security.
- Segmented the network to ensure payment systems were isolated from other parts of the network to meet PCI-DSS requirements.
- Provided detailed recommendations for continuous monitoring and regular vulnerability scans, along with a roadmap for maintaining PCI-DSS compliance.
Outcome:
The retail company achieved PCI-DSS compliance with minimal downtime. They passed a subsequent Approved Scanning Vendor (ASV) external scan without any critical findings, protecting customer payment data and ensuring compliance with regulatory standards. The company also reduced its attack surface and increased customer trust.