Illumio Case Studies Leading eCommerce Retailer Achieves PCI Compliance in Record Time with Illumio

Edit This Case Study Record

	Leading eCommerce Retailer Achieves PCI Compliance in Record Time with Illumio Illumio

Leading eCommerce Retailer Achieves PCI Compliance in Record Time with Illumio

Illumio

Technology Category	Cybersecurity & Privacy - Cloud Security Cybersecurity & Privacy - Security Compliance
Applicable Industries	E-Commerce
Applicable Functions	Sales & Marketing
Use Cases	Cybersecurity
Services	System Integration Testing & Certification
Challenge	A leading eCommerce retailer was facing a challenge in achieving PCI compliance for its payment infrastructure. The company's network was flat, and penetration testing revealed vulnerabilities that could expose its payment infrastructure to malicious activity if perimeter defenses were breached. The company needed to quickly segment their Cardholder Data Environment (CDE) from the rest of their applications to avoid critical findings during the PCI audit. The challenge was to isolate systems processing credit card data and mitigate lateral movement attacks in a heterogeneous hardware platform environment. Read More
About Customer	The customer is a leading eCommerce retailer. The company's environment includes the global credit card processing systems and Tier 2 systems that interface with applications inside the Cardholder Data Environment (CDE). The company was facing a challenge in achieving PCI compliance for its payment infrastructure due to vulnerabilities within its flat network. The company needed to quickly segment their CDE from the rest of their applications or they ran the risk of critical findings during the PCI audit. Read More
Solution	The company selected the Adaptive Security Platform® (ASP) from Illumio to segment systems processing credit card data. The solution leveraged two methods: user segmentation to ensure that only authorized users can access payment applications and via a secure channel, and environmental isolation of the CDE. The company utilized Illumio's real-time application dependency map, Illumination, to identify the Tier 2 systems that were included in the CDE and Policy Generator to automatically generate micro-segmentation policies. They also took advantage of Illumio’s pre-packaged Segmentation Templates, then tested security policies to quickly define and enforce segmentation rules. The roll out was completed within a month, with an easy deployment. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Cloud Security

Cybersecurity & Privacy - Security Compliance

Applicable Industries

E-Commerce

Applicable Functions

Sales & Marketing

Use Cases

Cybersecurity

Services

System Integration

Testing & Certification

Challenge

A leading eCommerce retailer was facing a challenge in achieving PCI compliance for its payment infrastructure. The company's network was flat, and penetration testing revealed vulnerabilities that could expose its payment infrastructure to malicious activity if perimeter defenses were breached. The company needed to quickly segment their Cardholder Data Environment (CDE) from the rest of their applications to avoid critical findings during the PCI audit. The challenge was to isolate systems processing credit card data and mitigate lateral movement attacks in a heterogeneous hardware platform environment.

About Customer

The customer is a leading eCommerce retailer. The company's environment includes the global credit card processing systems and Tier 2 systems that interface with applications inside the Cardholder Data Environment (CDE). The company was facing a challenge in achieving PCI compliance for its payment infrastructure due to vulnerabilities within its flat network. The company needed to quickly segment their CDE from the rest of their applications or they ran the risk of critical findings during the PCI audit.

Solution

The company selected the Adaptive Security Platform® (ASP) from Illumio to segment systems processing credit card data. The solution leveraged two methods: user segmentation to ensure that only authorized users can access payment applications and via a secure channel, and environmental isolation of the CDE. The company utilized Illumio's real-time application dependency map, Illumination, to identify the Tier 2 systems that were included in the CDE and Policy Generator to automatically generate micro-segmentation policies. They also took advantage of Illumio’s pre-packaged Segmentation Templates, then tested security policies to quickly define and enforce segmentation rules. The roll out was completed within a month, with an easy deployment.

Impact #1	The company was able to quickly meet PCI DSS requirements to segment CDE for PCI compliance.
Impact #2	The solution provided real-time application dependency map and micro-segmentation policies to quickly scope CDE across global heterogeneous deployment.
Impact #3	The company was able to mitigate lateral movement attacks.

Impact #1

The company was able to quickly meet PCI DSS requirements to segment CDE for PCI compliance.

Impact #2

The solution provided real-time application dependency map and micro-segmentation policies to quickly scope CDE across global heterogeneous deployment.

Impact #3

The company was able to mitigate lateral movement attacks.

Benefit #1	Achieved PCI compliance in record time.
Benefit #2	Plan to expand to another 1,000 workloads to cover its entire environment.

Benefit #1

Achieved PCI compliance in record time.

Benefit #2

Plan to expand to another 1,000 workloads to cover its entire environment.

Download PDF Version

Overview

Leading eCommerce Retailer Achieves PCI Compliance in Record Time with Illumio

Operational Impact

Quantitative Benefit