PCI Compliance Automation

                   

Compliance at ludicrous speed

AUTOMATION

The entire environment is built and configured automatically without human intervention.

CONTROLS

Audit-ready, preconfigured security controls: SIEM, AV, IDS/IPS, WAF, etc.

DOCUMENTATION

A complete library of audit-ready policy templates and compliance artifacts is included.

GUARDRAILS

24x7x365 human and automated monitoring to maintain both security and compliance.

REVOLUTIONIZING

PCI COMPLIANCE

Imagine achieving PCI audit-readiness in a few weeks, not years.

Imagine eliminating all the human error in building a compliant environment.

Imagine slashing the cost and labor needed to achieve critical compliance standards.

That’s Compliance Automation.

ACCURATE

Our architectures are already built to the PCI-DSS standard. There is no interpretation or human-introduced variables.

 

FAST

Our audit-ready cloud environment deploys automatically, configured to meet rigorous compliance requirements right away. 

 

EFFICIENT

Compliance Automation delivers lower costs. The value is in our unique full-stack solution, which includes templates, controls, configurations, and documents, with optional on-going support and customization. 

SECURE BY DEFAULT AND BY DESIGN

The entire environment is code. Security and compliance are enforced and maintained by default and by design. For more information, check out our eBook, The Case for Security in the Cloud.

SHERLOCK REVOLUTIONIZES COMPLIANCE

Imagine achieving PCI or FedRAMP compliance in the cloud in days, not months. 

Imagine eliminating human error in setting up a compliant environment. 
Then imagine dramatically lowering the cost of compliance.

That’s Sherlock Compliance Automation.

ACCURATE

The Sherlock Compliance Architectures are already built to PCI or FedRAMP standards. There is no guesswork, interpretations, or human-introduced variables. This is a level of accuracy and consistency that has never been possible before now.

 

FAST

In just hours, Sherlock can build out an entire compliant cloud environment that is pre-configured to meet rigorous compliance and security requirements. Sherlock can be ordered directly from the AWS Marketplace, removing procurement issues for instant availability.

 

EFFICIENT

With less time and money spent on people and controls, Sherlock Compliance Automation delivers lower TCO. The value is in our unique full stack solution – which includes templates, controls, configurations, and documents, with on-going support and customization.

 

SECURE: BY DEFAULT AND BY DESIGN

Sherlock CA fully embraces DevOps principles. The entire environment is code, and fully deployed in hours. Security and compliance are enforced and maintained by default and by design. For more information, check out our eBook, The Case for Security in the Cloud.

PCI Compliance Automation is for sale on the AWS Marketplace.
For other purchasing options please contact Anitian.

How Do We Compare?

 

Only Compliance Automation offers the
full stack of tech and services for rapid compliance

Managed
Security
Provider

Managed
Cloud
Provider

Value
Added
Reseller

Compliance
Auditor/
Consultant

COMPLIANCE
AUTOMATION


Architecture


Configuration


Controls


Documentation


24x7 Support


24x7 Monitoring


Pen Tests


Audit Stewardship

Subscription Options (old)

Sherlock Compliance Automation
PCI

When you purchase SCA-PCI, you get full stack compliance:

1.  Technology Stack

  • PCI Architecture:  VPC with firewall rules and access rights.
  • Hosted Active Directory: populated with all required user accounts, rights, and policies
  • PCI Controls:
  • Trend Micro Deep Security Endpoint: provides endpoint malware scanning, as well as file integrity monitoring, IDS/IPS, log monitoring, and more
  • Splunk SIEM: pre-configured to capture all log and event data. Also includes all necessary reports, dashboards, and alerts.
  • SAINT: vulnerability management, pre-configured to scan the environment every week
  • GitHub: secured code repository for your code
  • Puppet Enterprise: configuration management of the environment
  • Barracuda WAF: web application firewall pre-configured to pass PCI requirements

    2.  Documentation Stack

  • Template Library: a library of PCI policies, procedures, and guidelines.
  • Artifact Repository: secured S3 bucket populated with necessary artifacts

    3.  Support Stack

  • Guardrails: preconfigured rules that monitor your environment for any non-compliant state and automatically revert it back to a compliant state
  • Onboarding:  Anitian’s team of QSAs and cloud security engineers will provide up to 90 days of assistance to get your environment up and running
  • Support: After your on-boarding you have access to technical support through each vendor and Anitian

    4.  Managed Detection and Response Stack (Optional)

  • Augment the PCI compliance process with 24x7 SOC monitoring and threat hunting. See below. 

Sherlock Compliance Automation
Managed Detection and Response Service

How can you make PCI compliance in the cloud even easier? Add on our Sherlock Managed Detection and Response services. This provides round-the-clock monitoring, management, and support.

 

  • 24x7x365 monitoring from our USA based SOC
  • Active threat hunting
  • Integrated threat intelligence (deployed to the SIEM)
  • Management of all security components (SIEM, vulnerability scanner, etc.)
  • Weekly status report via email
  • Rapid Incident Response in the event of a serious security event
  • Advanced Guardrails which provide additional monitoring of compliance requirements

Sherlock Compliance Automation 

Professional services packages

Complete your PCI compliance process with professional services and QSA certification from Anitian.

ROC-pack

  • QSA PCI Compliance Assessment
  • Issue Report on Compliance (ROC)
  • QSA signed Attestation of Compliance (AOC)
  • QSA signed PCI compliance certificate
  • QSA signed letter for your Acquirer

SAQ-pack

  • QSA PCI Compliance Assessment
  • QSA signed Self Assessment Questionnaire
    .
    .
    .
    .

Pentest-pack

  • PCI network penetration test
  • External PCI ASV scans
    .
    .
    .
    .
    .

Sherlock Compliance Automation is coming soon to the AWS Marketplace.
For other purchasing options please contact Anitian.

Sherlock Managed Detection and Response is for sale on the AWS Marketplace.
For other purchasing options please contact Anitian.

PCI Professional Services Packages

Complete your compliance process with professional services and QSA certification

ROC-pack

 

  • QSA PCI Compliance Assessment
  • Issue Report on Compliance (ROC)
  • QSA signed Attestation of Compliance (AOC)
  • QSA signed PCI compliance certificate
  • QSA signed letter for your Acquirer

SAQ-pack

 

  • QSA PCI Compliance Assessment
  • QSA signed Self Assessment Questionnaire

Pentest-pack

 

  • PCI network penetration test
  • External PCI ASV scans

Managed security and compliance

Continuous compliance was a pain. We fixed that.

Managed Security and Compliance (MSC) goes beyond MDR to offer continuous monitoring and remediation for our Compliance Automation (CA) environments.

With the powerful combo of CA and MSC, setup and ongoing support are fast, simple, and automated.

READY?

Environment Sizing

CA is available in six convenient sizes.
Custom sizes are available from your friendly
Anitian Account Executive.

Product
(sizing metric)
Splunk
(GB per day )
TrendMicro
(Agents*)
SAINT
(IPs scanned)
GitHub
(Users)
Puppet
(Nodes)
Barracuda
(Mbps throughput)
Environment
Size
Micro11641025100
Small5101281025100
Medium10252561050200
Large205051210100400
Jumbo50100102420250750
Enterprise100250409630500750

*Each architecture automatically includes 14 endpoint agents to cover the infrastructure components. The number in the table above represents the number of agents you have for your own hosts.

Compliance Automation Pricing

 

CA is available as a yearly subscription
billed through the AWS Marketplace.

 

License Term

  
Environment Size

1 Year

2 Years

3 Years

Micro

$65,500

$117,900

$163,750

Small

$79,500

$143,100

$198,750

Medium

$125,500

$225,900

$313,750

Large

$165,000

$297,000

$412,500

Jumbo

$295,000

$531,000

$737,500

Enterprise

$565,000

$1,017,000

$1,412,500

Price includes a 60-day onboarding engagement.

Share This