ModoSecurity is committed to delivering excellent quality of work to better help our customers protect their data and reputation.
For organizations that store, process or transmit credit card data, we provide a comprehensive set of services to help you comply with the Payment Card Industry Data Security Standard (PCI DSS). Our PCI-related offerings help your company achieve its compliance goals and build a sustainable program regardless of where you are in the compliance cycle.
ModoSecurity offers various PCI services and has partnered with a diverse range of clients to act as their trusted security and PCI experts. Our consultants have been involved with the PCI standard since its very beginning in 2004 and are trusted by banks, governments, and the major payment card brands in order to attain and/or maintain PCI compliance to safeguard against today’s cyber threats. They have successfully completed numerous PCI Level 1 Assessments and cyber-security projects of varying complexity.
PCI DSS Compliance Services
There is no one-size-fits-all solution to every security problem. We are flexible and only offer what our clients need when it comes to IT security professional services. As such, we thrive on small or large scale projects; whether it is just a half-day security infrastructure review, or Firewall rule optimization, or an exhausted review of your overall cyber security solution. By using the considerable knowledge and compliance expertise of our consultants, ModoSecurity’s remediation services helps minimizing your risk of non-compliance and maximizing your investment.
For our Report on Compliance service (ROC), our QSA will focus on all pertinent areas of the current PCI DSS standard and dive into the details associated with each required control. Our PCI Compliance services utilize a combination of remote and onsite interviews, documentation review, walk-through of cardholder data processing environments, examining process flows, support systems, and all other areas associated with card-data processing. Once compliant, an Attestation of Compliance is completed at the end of the project.
Our QSAs will provide guidance and assistance to service providers and merchants that wish to complete their own PCI Self-Assessment Questionnaire (SAQ). They will evaluate client’s SAQ and verify whether the client has sufficient evidence to support their compliance assessment. Our consultants will provide valuable information to assist clients in making informed decisions on their PCI compliance status for each of the requirements.
A Pre-Assessment “Readiness review” lays the groundwork and prepares you for undergoing a successful PCI assessment. In our experience, this also helps to prioritize efforts, establish milestones, and lowers the risk of surprises during the compliance process. We do not take a one-size-fits-all approach. Instead, we customize our approaches to focus on the areas where you need the most assistance and set priorities. A matrix of evidence mapping will be provided to assist the client in prioritizing next steps and remediation. Our in-house compliance tool will help with collecting data and reporting of compliance status. Strategic recommendations are provided at the end of the Pre-Assessment.
Defining and minimizing the appropriate scope for your credit card data environment is a critical part of our approach, especially for a client who is planning their first PCI assessment. Our consultants use our scope definition framework, identifying in-scope components and processes. Depending upon the needs of our clients, we will provide a scope document and other required reports such as a “Next Steps Report” to aid in planning and in making strategic decisions.
This goes beyond the Pre-Assessment Readiness Review. Our QSA consultants will review and analyse the supporting PCI related data in greater detail and map the data using our custom-built compliance software. The data mapping is key to identifying gaps and areas of weakness. Our consultants provide remedial advisory along the way. A GAP report will document our findings, recommendations, and a road map to achieve compliance.
Maintaining PCI-DSS compliance between assessments can be a challenging proposition, it cannot be considered a once a year event. Our consultant will work with you to establish compliance checkpoints throughout the year. This program is tailored to the specific needs of individual clients. It has several benefits, including in helping plan compliance activities, reduce annual PCI DSS assessment efforts through continual compliance demonstration, and increasing compliance sustainability by elimination of compensating controls.
There are many reasons why our clients choose our penetration testing services over our competitors. Our penetration testing consultants have proven themselves through many challenging penetration testing projects that demand in-depth knowledge of different technologies.
Our approach goes far beyond vulnerability scanning. Customized test cases are designed to mimic a real attacker trying to infiltrate the sensitive areas (e.g. cloud or network) and steal the corporate “crown jewels”. This type of thorough test demands vast testing experience, and advanced knowledge in network systems. As a value added service, we offer post-test learning sessions based on Indicators of Compromises (IOCs).
We offer white box, black box, and gray box penetration testing services in the following areas:
- Internal and external penetration test
- Application best practice security testing
- Social engineering tests
- Phishing tests
- Physical penetration testing
- Cloud infrastructure pen testing
- Mobile device testing
This service can be part of your regular security best practice program or continuous compliance reviews.
Firewalls are at the core of network protection. With the natural aging of firewall rule-bases, combined with possible administrator errors, the increased risk of device misconfigurations may affect the scope of compliance audits. As firewall rule-bases grow, they become more complex and difficult to manage. Emergency outages often require fast paced rule changes, bypassing normal change management checks and balances. When these rule changes remain in rule-bases they may present a significant security risk to the organization. The Firewall Assessment helps uncover configuration and rule-base errors, such as the following:
- Promiscuous Rules
- Shadowed Rules
- Redundant Rules
- Rule Specification Errors
- Rule Composition Errors
We also review the security settings, such as administrative access, user groups, password settings, SNMP settings, running services, high availability configuration, and audit and log settings.
We take a risk-based approach to evaluate the overall security posture for an organization. The assessments typically include an evaluation of the client’s security and resilience of critical infrastructure, incident management and response plan and processes, security operations readiness and compliance. Our consultants will work with you to identify the appropriate assessment methodology and framework that is appropriate to your goals and objectives.
Whenever you need a security expert with specific skills and knowledge for a special project, our IT security consultants are your “trusted advisors” on demand.
We can help with:
We have developed partnerships with best-of-breed security and infrastructure technology partners that provide cutting-edge and proven technology solutions:
- Security Event Log Management and Monitoring
- GRC tools
- Threat Intelligence
- EndPoint Threat Detection
- Intrusion Detection and Prevention System
- Internal Vulnerability Scanning
- External Vulnerability Scanning
- File Integrity Monitoring
Education and Training
Is this your first time taking the journey to PCI compliance? Are you looking for industry insights to help you make informed decisions? Our education seminars cover the information you need to kick start the PCI process and promote security awareness. These seminars and information sessions can be held at your offices or presented using online media.
Education and Training
Please contact us to inquire about additional courses
This information session focuses on “What to Expect When You Are Expecting a PCI Audit”. It is ideal for customers who are going through PCI compliance for the first time.
Designed for infrastructure auditors or network administrators, this hands-on seminar covers the basics on how to review firewall rules and configurations.
Click on the boxes above to read more about the individual services we provide.