SAINT released new capabilities on Friday, April 21, 2017. Major features include:
- Support new standards guidance related to Payment Card Industry (PCI) compliance
- Enhancements to the Phishing tool to support Mobile phishing, and
- New deployment options to support scanning and assessing EC2 instances on Amazon Web Services (AWS).
PCI ASV Changes
As many of you know, there is a new ASV Program Guide (version 3.0) from the PCI Security Standards Council. Changes in the new guide will become a requirement on June 1. These changes will impact our ASV customers and technical partners that use SAINT’s vulnerability scanning and reporting capabilities related to the ASV quarterly attestation process. A summary of changes to the PCI scan engine and report templates includes the following:
Two new automatic fail conditions:
1. Information leakage
2. SSL and Early TLS
The format of the PCI Reports has changed for both the Attestation and Executive Summary Reports
Cleartext services is no longer specified as an automatic failure. Cleartext services are now a Special Note.
Amazon Machine Image on AWS
As a Technical Partner within the Amazon Partner Network (APN),SAINT offers feature rich security solutions to secure your AWS environments against today’s threats. SAINT now offers a preconfigured Amazon Machine Image (AMI) on the AWS Marketplace to simplify deployments and manage vulnerability assessments of your EC2 instances. Visit us on the AWS Marketplace to learn more and get started today!
SAINT as a Preauthorized AWS Scanner
Deploying SAINT Security Suite on AWS as a preconfigured AMI was Step 1 to the planned goal of deploying an AWS solution as a preauthorized scanner. Concurrently with 8.15 development, SAINT has been developing the required architecture changes to meet the specification necessary to obtain this approval from Amazon. Formal testing of the SAINT “preauth” AMI is planned for late April. SAINT will make the preauthorized AMI available on the Marketplace once it has been approved by Amazon. Look for an official announcement from SAINT on this availability in the near future.
To further test risks related to internal threats from phishing attempts, customers can now send phishing attempts to mobile devices, using the same Phishing tool used for testing via email.