PCI Compliance

Address PCI Requirement #11.4 and Detect Intrusions Early

Satisfying PCI compliance requirements is no easy task. But for real peace of mind, organizations should not only check the box for PCI security, they should fortify their networks against the threats that could undermine their applications and data. LightCyber Magna Behavioral Attack Detection not only meets PCI requirement #11.4 for intrusion detection, it also closes a dangerous data breach detection gap.

Deploy a QSA-Validated Solution for PCI #11.4

PCI requirement 11.4 states that organizations must provision intrusion detection or prevention at their network perimeter and at critical points in the cardholder data environment. HALOCK Security Labs, a Qualified Security Assessor (QSA), evaluated LightCyber Magna and concluded that it addressed the PCI security standards for intrusion detection and prevention. Review the results of HALOCK’s assessment and learn how LightCyber Magna accurately pinpoints network intrusions for better PCI security.

By detecting threats such as internal reconnaissance, lateral movement, and command and control activity, LightCyber Magna uncovers intrusions quickly and keeps payment card data safe.

Learn more by reading the Achieve PCI Compliance and Protect Against Data Breaches with LightCyber White Paper.


Document Security Assurance to Auditors

Many IT Security teams must not only fulfill the demanding requirements of the PCI standard, they must also demonstrate to auditors, executives, and business partners that their network has not been compromised. LightCyber Magna enables IT Security to:

  • Produce clear, concise reports of internal network attacks.
  • Quickly investigate incidents using detailed network alerts and endpoint analysis.
  • Remediate threats instantly by terminating malicious processes or integrating with third-party solutions to quarantine compromised devices or disable user accounts.
  • Show that there is no evidence of post-intrusion activity in the network.

The LightCyber Magna Security Assurance Report illustrates the current security status of the network. The LightCyber Magna Attack Detection and Alert Handling Report summarizes attack activity and shows how alerts have been dispositioned.

Arriva Trains Addresses PCI Compliance with LightCyber

When a PCI Qualified Security Assessor (QSA) told Arriva Trains they should augment their breach detection capabilities, Arriva turned to LightCyber. Find out how LightCyber Magna helps Arriva satisfy PCI compliance and detect active attackers in their network.


Why Behavior-Based Intrusion Detection?
Organizations today can deploy signature-based or behavior-based intrusion detection for PCI compliance. Behavior-based intrusion detection can spot all stages of an attack, but it offers unrivaled visibility into post-intrusion activity, such as reconnaissance and lateral movement. In addition, a behavior-based intrusion detection system can identify zero-day attacks and it is impervious to SSL encryption and signature evasion techniques.

Download the white paper Stop Network Attacks Without Decrypting Traffic:


Intrusion Detection Comparison: Behavior Profiling and Machine Learning vs. Conventional IDS

CapabilityBehavior Profiling and Machine LearningConventional Intrusion Detection Techniques
Attack Detection
Command & Control
No behavior-based checks
Basic static thresholds
Lateral Movement
Data Exfiltration
Known Application or System Exploit
Endpoint Analysis
Reliability and Accuracy
Can detect zero-day attacks
Can detect attacks without decrypting traffic
Resilient to signature evasion
Accuracy based on percentage of alerts reviewed or resolved43% of all alerts 99% of confirmed alerts4%* of security alerts, including alerts from IDS, IPS, firewall, and advanced threat protection
OperationNon-inlineIDS: non-inline IPS: inline
PlacementInternal, between users and serversIDS: Internal, between users & servers IPS: Perimeter, between local users and the Internet or between external users and Internet-facing servers **
Incident Response
Log, email, and syslog alerts
RemediationThird-party integration with NAC, firewall and orchestration systems; malicious file terminationIPS: Block attacks IDS: Optional third-party integration; TCP resets

* “The Cost of Malware Containment,” Ponemon Institute, 2015
** Placement of intrusion detection and prevention may vary.

White Paper

Achieve PCI Compliance and Protect Against Data Breaches with LightCyber

Read this white paper to learn how to achieve PCI compliance and protect against data breaches using LightCyber Magna.


Case Study

Arriva Trains PCI Compliance Case Study

Arriva deployed LightCyber Magna to know the status of their network, which included finding operationalized malware that escaped perimeter security.



Protecting Credit Card Data – Compliant or Safe?

This infographic clearly shows why just meeting PCI compliance does not ensure that your organization is safe data breaches from a network attack.