DMA Locker 4.0, yet another ransomware (June 2nd, 2016)

/in /by

The Dell Sonicwall Threats Research team have observed yet another ransomware in the wild called DMA Locker. Ransomware remains a very lucrative business for its operators. The only way of recovering files is to pay the ransom assuming no backup is available. With this ransomware we can measure some level of success by observing the bitcoin transactions associated with the given address:

Infection Cycle:

The Trojan uses the following PDF icon:

The Trojan drops the following files to the filesystem:

  • %ALLUSERSPROFILE%cryptinfo.txt (encrypted file)
  • %ALLUSERSPROFILE%select.bat (encrypted file)
  • %ALLUSERSPROFILE%svchosd.exe [Detected as GAV: DMALocker.D (Trojan)]
  • %USERPROFILE%Start MenuProgramsStartupx.vbs (encrypted file)

The Trojan adds the following keys to the registry:

  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun Windows Firewall “%ALLUSERSPROFILE%svchosd.exe”
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun Windows Update “%ALLUSERSPROFILE%select.bat”

The Trojan can be seen running in the process list:

The Trojan exhibited 4 “action” commands which are used when communicating with the C&C server:

  • “action=0” : request for unique ID
  • “action=1” : request for RSA Public Key
  • “action=2” : status information from C&C
  • “action=3” : ransom data

The Trojan obtains a unique bot ID from a remote C&C server (“action=0”):

It then uses this bot ID to request an RSA public key from the server (“action=1”):

The bot ID and RSA Public Key are stored in the registry:

  • HKEY_CURRENT_USERSoftware dma_id “111E7723E0A34AD3815C0D8A85327F54”
  • HKEY_CURRENT_USERSoftware dma_public_key hex:2d,2d,2d,2d,2d,42,45,47,49,4e,20,50,55,42,4c,49,43….

The Trojan requests the ransom information that is to be displayed to the user (“action=3”):

The following ransom information is displayed on the screen of the infected machine:

A quick lookup of the bitcoin address using the blockchain.info website shows that the same bitcoin address is being used for multiple infections. The campaign has been successful and 6.0001 BTC (totaling $3,150 USD at the time of writing this alert) has been paid by victims so far:

SonicWALL Gateway AntiVirus provides protection against this threat via the following signature:

  • GAV: DMALocker.D (Trojan)

Six Tips for Selecting a Firewall Sandbox

/0 Comments/in /by

Network firewalls have evolved from 1st generation simple packet filters to advanced devices that evolve so fast that labeling them as “next-generation (NG)” is the best way to classify them. They are often defined by the services that are attached to them and one of the greatest and newest internet security technologies to service today’s firewall is the sandbox. A sandbox is an isolated environment where suspicious files or applications can be run, examined and probed before they can be passed through a firewall and into a network. Applications, such as anti-virus, are best known for detecting and stopping known threats, but a sandbox is designed to detect unknown attacks designed to circumvent network security measures. Think of it as a bomb squad opening packages in a secluded open-air environment instead of a crowded stadium.

So, if you want to try this technology, how do you get started? With numerous vendors in this space, each with their promises and bold announcements, how do you cut through the noise? When you are shopping for a firewall and/or a sandbox, please consider these six tips:

  1. Look for a sandbox that has multi-engine support. First generation sandboxes use a siloed approach to examining files but malware authors are designing their code to detect and evade this technology. Leverage a multi-engine sandbox to cover analytical gaps and mitigate the need to deploy multiple vendor’s solutions. Simply put, using a single-engine sandbox is akin to trying to catch insects with a fishing line instead of a net.
  2. Before making a decision, look for any file type and size limits. Organizations use a broad range of operating systems that support everything from network systems to mobile devices. A sandbox needs to be able to examine a very broad range of file types without any limits to the size of the file.
  3. Files need to be held at the gateway before they are allowed to enter the perimeter of the network. Beware of any sandbox that delivers files before a verdict, otherwise it would be better to invest your budget into vulnerability assessment tools because you could be allowing havoc to ensue without proper management.
  4. With nearly one million pieces of malware being created every day, the threat landscape changes on a daily basis. Network and security administrators can’t stay on top of manual patches. Look to a sandbox that can rapidly deploys remediation signatures on a global scale. SonicWall’s sandbox, Capture ATP, quickly sends these signatures to all SonicWall Network Security Appliances within your network.
  5. Single point solutions issued by one-hit-wonder security vendors are often good at what they do, but do they interface with other network security appliances? If they can, it is often due to the manipulation of fickle and poorly supported APIs. Look for a next generation firewall that can communicate and update threat intelligence dynamically throughout your network security infrastructure for ease of management and improved security.
  6. The use of SSL/TLS encryption (AKA HTTPS) is on the rise by not only website and security administrators but by hackers as well. To evade detection, threats are often hidden within encrypted traffic. Evaluate sandboxes based on how they can inspect encrypted traffic.

Keep these tips in mind when evaluating a next-generation firewall and/or a sandbox feature. It is for these reasons that I recommend  SonicWall Capture Advanced Threat Protection Service. Patrick Sweeney, vice president of Marketing and Product Management of SonicWall Security, authored a blog detailing our  SonicWall Capture ATP Service. Currently in beta, this service will give you great protection against advanced persistent threats (APTs) and zero-day attacks. This multi-engine sandbox platform includes virtualized sandboxing, full system emulation, and hypervisor-level analysis technology all while resisting evasion tactics that hobble other sandboxing solutions. I also recommend reading SonicWall Security’s executive brief titled 5 Ways Your Firewall Sandboxes Can Fail.

Hear from Dmitriy Ayrapetov, SonicWall Security’s director of Product Management, on how you can maximize zero-day threat protection with SonicWall Capture Advanced Threat Protection (ATP), a cloud-based multi-engine solution that stops unknown attacks at the gateway.

How Network Security Has Evolved From Saying “No” to Saying “Yes!”

/0 Comments/in /by

In medieval times, people relied heavily on physical security to protect their critical assets. Originally they had castles with walls and as attackers figured out how to breach those walls they added moats and draw bridges and murder holes to keep the advanced attackers out. But all of these hardened physical security measures designed to keep people out had the unfortunate side effect of making it difficult for people to get in, which in turn interfered with business and commerce. Needless to say, this type of security did not survive.

Cyber security has evolved in a similar fashion. Fifteen years ago, stateful packet inspection (SPI) firewalls were considered to be best-in-class protection against external threats. These firewalls were typically configured to block peoples’ access to internal resources.  A user often had to submit a ticket to gain access to a server. Some types of communications required that specific rules were written to be allowed. This is the “castle wall” approach that many CISOs learned when they were being introduced to network security. But this approach to security is also outdated.

Organizations have to attract people rather than keep people out. Retail businesses post signs saying, “These doors must remain unlocked during business hours.” Security must take a similar approach, to become more dynamic: The question now is how do you keep an eye on who is coming in and out to provide necessary protection?

Unlike brick-and-mortar stores, where you keep doors open, electronic online presence never closes. Today, ecommerce is being done electronically 24 x7. Not only do you need to keep your electronic communication presence open, but also highly available and redundant. The question becomes: How do you keep an eye on what is constantly coming in and out of the network?

Two parallel goals in security are to keep the malicious traffic out while also keeping employees productive. If employees want to boost their productivity but IT is slow moving, they invent ways to work around the rules to enable the productivity measures they need to do their jobs more efficiently.

Fortunately, that paradigm is now shifting. Security is no longer about blocking or allowing necessary access. It is about enabling secure access on a permanent basis to enable the business. The perimeter is not only about blocking traffic, but also about easily enabling appropriate access for users. What should be allowed? Whatever enhances the environment and makes it better. For network security to detect malicious behavior,  SonicWall next-generation firewalls analyze all of the network traffic, identify and eliminate what is bad, and let the good flow in and out freely.

In a similar way, application control becomes important as more people rely on their own applications. With the deluge of mobility, everyone is BYOD, bringing their own cloud (BYOC) and bringing their own applications. CISOs need to know what applications are running on their networks and analyze those applications.

And, with identity and access management, we need to make sure this is the right person, right level of privilege and the right level of access to critical company data. Also, for CISOs to effectively manage identities, it is important to have self-governance and self-provisioning to create, modify and revoke and renew identities without always having to call an information security administrator.

The Department of Yes is about empowering business initiatives while retaining security by governing every identity and inspecting every packet. It enables security professionals to allow remote workers to be more mobile, to go to the cloud, and to go back to the corporate network – securely and productively.

Visit SonicWall Security and open your own Department of Yes.

Expand Your Knowledge Through the Power of Security at PEAK16

/0 Comments/in /by

The following is a guest post. Eamon Moore is Managing Director of EMIT, an Irish IT solutions company and SonicWall Security Preferred Partner specialising in IT Consultancy, Cloud Computing, IT Security & IT infrastructure solutions.

At EMIT, providing innovative security solutions that allow our customers to both achieve and surpass their goals has become a core part of what we do. Our clients look to us for inspiration and innovation, for cutting-edge solutions that will solve a long-standing issue or help elevate their business to the next level. Sometimes, however, we need to seek inspiration from our peers, to meet, network and explore new ideas and ways of doing business, so that we can broaden our own horizons to expand those of our clients.

So, we’re excited to be attending  Security EMEA PEAK16 in Valletta, Malta, which promises to be a fantastic event, showcasing how SonicWall partners can increase security sales, discover up-sell and cross-sell opportunities, and how customers can be enabled to do and achieve more. Designed for business and technical leaders, it’s an opportunity to, in SonicWall’s words, “Come for knowledge and Leave with power,” a chance to share the insights your work has kindled with colleagues from across Europe.rev

And we here in EMIT have a lot to share.

The last 12 months have been a tremendous period for us. In October 2015, we were recognised as the SonicWall Global Social Media Partner of the Year at SonicWall World in Austin, Texas – SonicWall recognised our unique ability to collaborate and engage audiences within the social sphere, which bolstered both EMIT and SonicWall’s business initiatives in Ireland. The following month we also received SonicWall’s Security New Partner of the Year award, a fantastic achievement that represents a real recognition of our hard work in developing our SonicWall Security business, and in particular the success of our Firewall-as-a-Service solution. Considering our position as the top Managed Service Provider in Europe on the  SonicWall Firewall-as-a-Service programme, alongside being shortlisted for Ireland’s Tech Excellence Awards, we look back on the past year with a mixture of pride and a determination to replicate and improve on this success in the months ahead.

These achievements were the result of a combination of hard work, a commitment to excellence, and capitalising on connections forged during SonicWall Security EMEA PEAK15, as IT security is one of our four business pillars, with SonicWall Security at the forefront of the solutions that we deliver to clients. I made the most of my time in Berlin last May – my first experience of SonicWall PEAK – meeting and building relationships with SonicWall executives, partners and distributors. Jason Hill and the team at Exertis VAD, whom I met for the first time in Berlin last year, have become a key distribution partner for EMIT’s Firewall-as-a-Service solution, and their support over the past year has been a huge advantage. We came to Berlin for knowledge and left with the power to evolve and expand our reach!

So what’s on offer this year?

SonicWall Security PEAK16 represents a fantastic opportunity to share your successes and insights with industry colleagues, to discuss what lies ahead with top executives and industry leaders, to discover more about new and innovative products and solution roadmaps, and to learn about best practice for delivering SonicWall Security solutions from those with a wealth of experience in the field, including Curtis Hutcheson, Vice President and General Manager, SonicWall Security Solutions; Steve Pataky, Vice President, Worldwide Sales; Patrick Sweeney, Vice President, Marketing and Product Management and Florian Malecki, International Product Marketing Director, SonicWall Security.

Speaking from personal experience, the breakout and technical sessions are a great way to learn more about how you can expand your security portfolio, with discussions revolving around Network Security-as-a-Service, selling in the retail space, and expanding your services with SonicWall’s Connected Security, to name but a few. Add to that a fantastic commitment from SonicWall that many of the senior leadership team members will be in attendance, and will take the time to meet one-on-one with partners, and it’s hard to disagree that three days in Malta could provide you with a roadmap for your future that you might never have imagined.

And then there’s the location, a stunning city full of architectural marvels designed in the artistic and exuberant baroque style. If you’re a history buff then you’ll be in heaven (the entire city is a UNESCO World Heritage Site), from the magnificent St. John’s Co-Cathedral, built by the Knights of Malta, to the fabulous Manoel Theatre – Malta’s national theatre and Europe’s third oldest. Don’t forget to sample the local fare – Mediterranean cuisine is famous for its healthy ingredients and rich flavours.

View of the conference location in Malta

There’s no doubt that SonicWall’s PEAK15 conference played a significant role in our successes over the past year, and we eagerly await what the next 12 months will hold for EMIT following our mingling in Malta. It represents a clear opportunity to benefit from the knowledge of those who have risen to the top of their field, to discover new and innovative avenues for business, and the power to shape your future. So, are you willing to discover what SonicWall and PEAK16 can do for you?

Top tips for PEAK16

  • Plan your sessions in advance and make the most of your trip.
  • If more than one person is attending from your business, try to split the sessions between business and technical.
  • Download the SonicWall PEAK app ahead of the conference – it’s a great way to engage with other attendees.
  • Get to know members of the SonicWall team, other partners and distributors.
  • Finally, don’t miss Florian Malecki speaking – one of the highlights from Berlin in 2015.

Eamon Moore, Founder and Managing Director of EMIT

Eamon Moore is the Founder and Managing Director of EMIT, an award winning business productivity and technology company with thirteen years’ experience in delivering professional IT services to the Irish market. Since 2003 Eamon has led EMIT in becoming one of Ireland’s leading technology providers across infrastructure, cloud computing, security and business productivity. EMIT’s partnership with SonicWall dates back to the company’s formation and now positions itself as an industry leader in SonicWall Security, Networking and Data Protection Solutions.

Eamon is actively involved with a number of Irish business organisations including the Small Firms Association, the Institute of Directors and the Dublin Chamber of Commerce. He was recently appointed to the industry steering board of the Innovation Value Institute in Maynooth University in Ireland. Eamon is also an active commentator in the technology and business sectors and has contributed to many of Ireland’s leading publications as well as presenting at various business conferences worldwide.

Badblock ransomware is on the block (May 25, 2016)

/in /by

The Dell Sonicwall Threat Research team has received reports of yet another ransomware. This newest one to join the increasingly lucrative business of ransomwares is called BadBlock. Over the past year, Ransomware has proven to be a success for cybercriminals and has become very widespread that more versions are being released regularly. This new strain is even using a catchy phrase “BadBlock is on the Block!” in its help file to indicate successful infection.

Infection Cycle:

Badblock uses the following icon:

Upon execution, Badblock creates the following files:

  • %SystemDrive%Network Prosoftbadransom.exe (copy of itself)
  • %SystemDrive%Network Prosoftbaman.vab
  • %SystemDrive%Network Prosoftwarn (copy of the Help Decrypt.html file)

Badransom.exe is then executed and a new window is opened showing the victim’s files being encrypted.

Badblock sends a user ID to a remote server hosted on managemilz.com. A reponse is received containing arbitrary strings which is the appropriate bitcoin account address the victim can send the payment to. This string is also referenced in the Help_decrypt.html file which contains the payment instructions.

Upon successful infection, a copy of the help file is then displayed showing instructions on how to pay the ransom of 2 Bitcoins or roughly about $900.

A copy of this “Help Decrypt.html” file is added to all the directories where files have been encrypted.

Badblock encrypts files with the following file extensions:
.asp, .aspx, .avi, .bak, .bmp, .cab, .cer, .chk, .chm, .class, .css, .dat, .data, .db, .dmp, .doc, .dot, .edb, .Evt, .exe, .gif, .htm, .html, .jar, .jpg, .js, .json, .lnk, .log, .lst, .map, .mar, .mdb, .mpp, .pdf, .pem, .pf, .php, .png, .pot, .ppt, .sav, .sdf, .sql, .sqlite, .swf, .txt, .vab, .vbs, .ver, .wav, .wma, .wmv, .xls, .xml, .zip

Unlike most ransomwares, Badblock does not append a new extension to encrypted files.

Because Badblock also encrypts system files, it renders the box extremely slow and unstable. In the instructions, the Badblock authors suggest not to shutdown the infected machine. If the user decides to, they will not be able to log back in because during our analysis we found that the files responsible for rebooting the machine were also encrypted.

At this point, the victim is locked out of their machine and the machine is rendered useless. Users will also be unable to use system restore because the files, progman.exe and rstrui.exe, have also been encrypted.

Because of the prevalence of these types of malware attacks, we urge our users to back up their files regularly.

Dell SonicWALL Gateway AntiVirus provides protection against this threat with the following signature:

  • GAV: Badblock.RS (Trojan)

Recent Flash zero day (CVE-2016-4117) attacks spotted in the wild (May 24,2016)

/in /by

CVE-2016-4117 exploits have been spotted in the wild. Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code.

The swf exploit is packed and the binary data is encrypted as seen below. The swf file decrypts this section when this flash file is loaded in memory.

To unpack this swf let us load it in IE and attach a debugger. When the swf loads in memory,it decrypts the binary data to create another flash file which carries the actual payload.We can search the memory for this malicious flash file by looking for the magic bytes.

After spotting the swf exploit with payload

Extract the swf using writemem command.

This swf has many action scripts objects.

In the Data4 object notice the use of import com.adobe.tvsdk.mediacore.timeline.operations.DeleteRangeTimelineOperation and placement object which are a part of Primetime SDK.

Looking at the Data99 class we observe that flash90 variable is declared of type DeleteRangeTimelineOperation which is set to null. Later in the code at line 236 this variable is type confused with the placement property triggering the vulnerability which enables arbitrary read and write access to memory.

The exploit sprays the memory with shellcode.

Dell SonicWALL Threat Research Team has researched this vulnerability and released following signatures to protect their customers

  • GAV 16631: CVE-2016-4117.A
  • SPY 4502: Malformed-File swf.MP.410

The “Aha” Moment. Say Yes to Security and Collaboration.

/0 Comments/in /by

In survey after survey, IT executives continue to say that security is one of the top challenges they face. No one has to tell us about the risks. The stories of data theft and breaches are in the media every day. We are intimidated by the rapidly changing threat environment. New malware is being written every day and some of it is being written using a variety of methods that defeat existing security technologies. And too often the way that we protect our organizations is to add a myriad of approaches, tools and solutions, creating a tremendous amount of complexity that becomes hard to understand let alone manage.

But if you dig down one level, what you find is that security concerns create a barrier to doing what IT really needs to do, which is implement cool new initiatives that move the business forward.

Everybody wants to be seen as a hero, the clever one who can take on challenges, solve problems and make an impact on the business. Unfortunately, the security concerns become the reason they can’t do it. At SonicWall Security, we are working to help out with the security equation.

What are the initiatives that organizations are trying to deploy? One of the biggest areas of opportunity comes from all of the innovation that is going on in the cloud. Moving your work to the cloud streamlines the ability of your workers to collaborate and share information in real time. Tools like Microsoft Office 365 and DropBox allow employees to collaborate in a way that is changing the workplace.

This really hit home for me a couple of weeks ago when my 11-year-old daughter was assigned a big project in her fifth grade class. She and her teammate needed to create a report and a presentation. The night before the project was due, I came into her bedroom and she had her iPod setup to FaceTime her partner. They were both working together on the report using Google Docs and on the presentation using Google Sheets. They were oblivious to me, so I watched for a few minutes as they talked through ideas, added and edited text and pictures, and generally created and fine tuned the deliverables.

For this project, there was no need for them to meet, or even call each other. Collaboration tools enabled the entire project. This was an “aha” moment for me, because I realized then and there that these kids were demonstrating the future of work. What they take for granted is sadly often not possible in the work environment for a variety of reasons, but I couldn’t stop thinking that security is a big stumbling block to achieving the productivity new collaboration tools offer.

So, what is on your IT wish list? Do you want to move your CRM to the cloud? Or streamline your customer service delivery, or give your team access to data analytics no matter where they are? Or are you looking to eliminate paper and go all digital? Whatever it is, don’t let security be a barrier. If you want to learn how to turn IT security into the Department of Yes, contact SonicWall Security.

GD Library Buffer Overflow (May 19, 2016)

/in /by

The GD Graphics Library (libgd) is an open-source graphics software library for dynamically manipulating images. It can create many formats of image files including GIFs, JPEGs, PNGs, and WBMPs. GD is extensively used with PHP, where a modified version supporting additional features is included by default as of PHP 4.3 and may be used in PHP 5.3 as well.

There is a heap buffer overflow vulnerability has been found in GD Library libgd 2.1.1 and prior. The vulnerability exists when a signed integer was claimed to store the size of chunked data, however, an unsigned integer was used for copying. When a negative integer was set to the size variable, the vulnerable codes will overwrite the heap buffer which may cause denial of service or remote code execution under the current user, which may be web application’s privileges.

Dell SonicWALL has researched this vulnerability. The following signature has been created to protect their customers.

  • IPS:11621 GD Library Buffer Overflow

This vulnerability is referred as CVE-2016-3074.

New Russian Rasomware spotted in the wild (May 20, 2016)

/in /by

The Dell SonicWall Threats Research team has received reports of a new Ransomware Trojan, Svchostix which encrypts the user files and also deletes them if the payment is not made on time.

Infection cycle:

The Trojan has the name as Svhost (misspelled svchost) with the following properties:

The Trojan adds an autostart object to enable startup after reboot:

  • %APPDATA%RoamingMicrosoftWindowsStart MenuProgramsStartupwin.exe (copy of original) [Detected as GAV: Svchostix.A (Trojan)

It connects to the C&C server and makes the following request:

The trojan creates the following files on the victim’s desktop:

  • YourId.txt
  • YourId (in Russian)
  • Hacked.txt

The trojan creates the following files at Desktop/Downloads and Documents folder on the victim’s machine and
encrypts all the victims documents listed with .Silent extension.

It displays the following details in the file YourID.txt:

It displays the following ransom message in the file hacked.txt:

SonicWALL Gateway AntiVirus provides protection against this threat via the following signature:

  • GAV: Svchostix.A (Trojan)

6 Cybersecurity Tips Any Business Can Learn From PCI-DSS

/0 Comments/in /by

I started this year speaking and writing about how retail establishments can protect themselves from the rising tide of malware. I continue this train of thought by considering the Payment Card Industry Data Security Standard (PCI-DSS) as a general guidance to protect any small business.

Instead of looking at PCI-DSS as guidelines for protecting cardholder data, consider it as guidance for protecting any critical data. You may wonder what critical data you have, or think that you may have nothing of value to cyber thieves. And yet any business has at least one of the following types of critical data that cybercriminals want, which means that any business “including yours” is a potential target:

  • Employee records
  • Customer records
  • Intellectual property
  • Access (user names, passwords, etc.) to partner networks (the easiest way to breach a big company many be through a small partner)
  • Access (user names, account numbers, passwords, etc.) to your bank account

Therefore, PCI-DSS guidelines can be a starting point for any business, retail or not. (I say a “starting point” because even if you are PCI-compliant as, I believe, Target was when they were breached, it does not mean you are secure.) At a high level, PCI-DSS guidelines provide some excellent places to start when looking to protect critical data. Looking at the six high-level guidelines for PCI-DSS, I have some thoughts:

  1. Build and maintain a Secure Network and SystemsThis one is pretty straightforward: build your network with an eye on security starting at the planning phase. Often businesses take a money saving approach and not structure their network for growth. This is a short-term view that often costs more money down the road. Often, in order to maximize performance, security settings are turned off. When looking at your network, make sure you are able to build it under the security umbrella. Looking at the cost of a breach, security is a very low-cost investment.
  2. Protect Cardholder DataIn the spirit of this blog, let me replace “Cardholder Data” with “Critical Data.” Making sure critical data is handled in a secure way would include encryption of your data and isolating it from those not qualified to access it. Again, something learned from Target.
  3. Maintain a Vulnerability Management ProgramAnti-virus should be something you require on all devices that can access network resources. This includes phones. I am sure we will see a newsworthy breach that starts with a compromised phone. There is a recent trend to deliver ransomware to phones. For both personal and professional reasons an antivirus on all your internet accessible devices is common sense.
  4. Implement Strong Access Control MeasuresIf you leave your freshly baked pie in the window, someone is going to take it. The aroma of your critical resources should be kept behind locked doors. It is more than passwords; the ability to see who is using these passwords will help you keep assets secure. This leads me to:
  5. Regularly Monitor and Test NetworksThere are many reputable organizations that can test your defenses. I have seen many of them offer inexpensive or free services to show you where you have vulnerabilities. Let the experts help you.
  6. Maintain an Information Security PolicySecurity is a critical business issue and should be considered integral to the organization. As you talk about products or new ways to expand your business, make sure that you do it in the context of a secure environment. After the fact and ad hoc security may leave you thinking you are protected when you actually are not.

I would hasten to add one more thing: implement an ongoing education program to build security awareness in the organization. As we all become more educated in proper cyber-hygiene, it becomes harder for criminals to compromise your organization.

The PCI guidance is something that is a great starting point for any business looking for a roadmap to security. If you are looking for more information, you might want to check out this webinar that Tim Brown, executive director and CTO of SonicWall Security, delivered on PCI – Focusing on security to meet compliance responding to changes in PCI DSS 3.1.