Download PDF
Illumio > Case Studies > Leading eCommerce Retailer Achieves PCI Compliance in Record Time with Illumio
Illumio Logo

Leading eCommerce Retailer Achieves PCI Compliance in Record Time with Illumio

Technology Category
  • Cybersecurity & Privacy - Cloud Security
  • Cybersecurity & Privacy - Security Compliance
Applicable Industries
  • E-Commerce
Applicable Functions
  • Sales & Marketing
Use Cases
  • Cybersecurity
Services
  • System Integration
  • Testing & Certification
The Challenge
A leading eCommerce retailer was facing a challenge in achieving PCI compliance for its payment infrastructure. The company's network was flat, and penetration testing revealed vulnerabilities that could expose its payment infrastructure to malicious activity if perimeter defenses were breached. The company needed to quickly segment their Cardholder Data Environment (CDE) from the rest of their applications to avoid critical findings during the PCI audit. The challenge was to isolate systems processing credit card data and mitigate lateral movement attacks in a heterogeneous hardware platform environment.
About The Customer
The customer is a leading eCommerce retailer. The company's environment includes the global credit card processing systems and Tier 2 systems that interface with applications inside the Cardholder Data Environment (CDE). The company was facing a challenge in achieving PCI compliance for its payment infrastructure due to vulnerabilities within its flat network. The company needed to quickly segment their CDE from the rest of their applications or they ran the risk of critical findings during the PCI audit.
The Solution
The company selected the Adaptive Security Platform® (ASP) from Illumio to segment systems processing credit card data. The solution leveraged two methods: user segmentation to ensure that only authorized users can access payment applications and via a secure channel, and environmental isolation of the CDE. The company utilized Illumio's real-time application dependency map, Illumination, to identify the Tier 2 systems that were included in the CDE and Policy Generator to automatically generate micro-segmentation policies. They also took advantage of Illumio’s pre-packaged Segmentation Templates, then tested security policies to quickly define and enforce segmentation rules. The roll out was completed within a month, with an easy deployment.
Operational Impact
  • The company was able to quickly meet PCI DSS requirements to segment CDE for PCI compliance.
  • The solution provided real-time application dependency map and micro-segmentation policies to quickly scope CDE across global heterogeneous deployment.
  • The company was able to mitigate lateral movement attacks.
Quantitative Benefit
  • Achieved PCI compliance in record time.
  • Plan to expand to another 1,000 workloads to cover its entire environment.

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.