NGINX Full Version

Achieving PCI DSS Compliance with NGINX App Protect

Digital transformation has changed the security landscape. Traditional digital security no longer exists as organizations transition from monolithic applications to cloud‑native microservices architectures to increase business agility. Because microservices communicate over the network, modern websites and web applications are more vulnerable to cyberattacks than monoliths and have become one of the easiest ways to compromise the networks of companies of all sizes. Organizations need to find the right balance between security and agility.

The credit card industry continues to be a frequent target for cyberattacks. This blog discusses the specific security and compliance challenges that enterprises face when they handle credit card transactions, and how technologies like a web application firewall (WAF), and NGINX App Protect in particular, help them meet regulatory requirements.

PCI DSS Compliance Is Critical to Today’s Modern Applications

The Payment Card Industry Data Security Standard (PCI DSS) describes the actions that all parties involved in processing credit card payments must take to protect cardholder data. The very first requirement is to “Install and maintain a firewall configuration to protect cardholder data”. Requirement 6.6 further states that owners of public‑facing web applications must protect them by “installing an automated technical solution that detects and prevents web‑based attacks (for example, a web application firewall)…”.

Unfortunately, installing a WAF is not a simple matter of “set it and forget it”. There is a wide variety of possible attacks and attackers are constantly coming up with new ones. That makes maintaining PCI DSS compliance one of the most significant challenges faced by modern applications.

Requirement 6.5 of the standard lists the vulnerabilities that a WAF must defend against “at a minimum”:

The PCI DSS list doesn’t even overlap completely with another commonly used list of vulnerabilities, the Open Web Application Security Project (OWASP) Top 10, which adds XML external entities, misconfiguration (such as using default configs), insecure deserialization, and insufficient logging and monitoring.

NGINX App Protect Meets and Exceeds PCI DSS Requirements

To comply with PCI DSS and protect your apps against the ever‑growing set of vulnerabilities, you need a modern WAF solution like NGINX App Protect. It protects against the listed PCI DSS vulnerabilities, the OWASP Top 10, and beyond.

NGINX App Protect is designed for modern infrastructure and can be installed anywhere. It slots directly into your CI/CD pipeline “as code”, and being closer to your applications than traditional WAFs enables you to rapidly update security policies. Because NGINX App Protect deploys on all platforms (public and private clouds, VMs, containers, and more) and use cases (including API gateway and Kubernetes Ingress controller), you get consistent performance and the same level of protection across your entire infrastructure.

NGINX App Protect covers more than 6,000 signatures that are updated at least every two months to cover the latest known attacks.

Also, beyond the signatures, NGINX App Protect:

Try NGINX App Protect for free for 30 days. You’ll see why the performance and functionality of F5’s marketing‑leading WAF combined with the lightweight and programmable nature of NGINX Plus are the perfect combo to solve your PCI DSS compliance challenges.

Exit mobile version