Rackspace offers a variety of services and solutions to help you meet your specific compliance and threat protection requirements.
Maintaining a secure environment for applications and infrastructure is a common concern of companies of all sizes. When building an application and its cloud infrastructure, how should one incorporate security considerations into the design, particularly when there are numerous kinds of attacks, all with varying levels of sophistication?
Though business, application, and infrastructure needs can vary widely across industries and workloads, Rackspace works to provide our customers with common tools and expertise that can effectively mitigate the risk of cyber security breaches to their hosted systems. Learn more
PCI comprises a set of policies and procedures aimed to protect personal cardholder information from misuse. This standard was developed by the PCI Security Standards Council, comprising the six major credit card companies, American Express, Discover Financial Services, JCB International, MasterCard and Visa. This standard applies to merchants as well as service providers that provide services for merchants that involve processing, storing and/or transmitting cardholder data, and was established as a minimum set of standards that must be met by organizations that accept, process and/or transmit credit card data.
Compliance can be a complex and costly exercise. PCI controls include building and maintaining a security network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitor and test networks, and maintaining an information security policy.
Rackspace has a breadth of experience with hundreds of customers' hosted environments. We can help you navigate through the complex maze by providing you with infrastructure and solution requirements that can help reduce the scope and complexity of your compliance efforts.
“It is probably true to say that without the considerable amount of help from Rackspace we could not have passed the exceptionally stringent PCI audit. Rackspace certainly went above and beyond their remit to ensure that everything was perfect for us.”
DoS or Distributed DoS (DDoS) attacks seek to bring systems or networks down by exhausting resources or exploiting vulnerabilities. These attacks tend to be sophisticated and complex. With names such as Flood, Ping of Death, SYN, Teardrop or Smurf attacks, these can be classified in terms of the target resource: network bandwidth, server sockets, web server threads, and CPU resources. Attacks targeting the application layer are becoming more prevalent. Because of their complexity, different types of DoS attacks require different defense mechanisms. There is really no single approach to defend against each different type of DDoS attack. However, there are steps you can take to mitigate the risks. From a technology standpoint, there are several options. Firewalls and load balancers provide a level of protection by analyzing network traffic; intrusion detection and prevention systems can look for patterns in network traffic to detect and in many cases prevent an intrusion; Web Application Firewalls are able to look at HTTP and HTTPS traffic and learn about normal patterns of traffic and disable abnormal ones.
But technology alone won't protect against all attacks. This is why it is important to have a plan in place that establishes the processes and procedures to execute during an attack.
Rackspace offers DDoS Mitigation Services that can be another layer of defense against a DDoS Attack.
Vulnerability scans are considered an essential tool in your efforts for a secured computing environment. By having an assessment performed on your systems, you will know that it is properly configured and secured from thousands of known vulnerabilities that can allow intruders to take control of your servers and access sensitive information essential to your business. Ideally, scans should be done periodically, as new vulnerabilities are constantly evolving on different operating systems. While vulnerability scans do not provide protection, they are intended to proactively notify you of the existence of a vulnerability such that remedial action can be taken as soon as practical.
A scan produces a prioritized list of discovered vulnerabilities. Typically, this process is done by interacting with the active hosts and checking for specific vulnerabilities against active services and ports. The prioritized list serves then as a guide for decision making, and typically leads to certain configuration and actions to address each vulnerability.
At Rackspace, we work with Approved Scanning Vendors (ASV) and together, we can assess your environments at Rackspace and assist you in implementing controls.
Traditional security controls are no longer sufficient to protect customers from today's cyber attacks, because they focus on network perimeter defense and not on controls that guard against unauthorized access and misuse of sensitive data.
Organizations should examine a different model of sensitive data protection—the data-centric model—that focuses on protecting the asset (data) that we care most about, using technologies like database access monitoring, and encryption and key management solutions.