Proactive Defense In Depth


Presented by: Brett Stewart, President and CTO, Acumera; DeWayne Mangan, Senior Director Infrastructure and Client Support, Acumera; and Mark Palmer, PCIP, ISA, QIR, Director Technical Solutions, Acumera



Convenience stores are prime targets for data theft by attacker-present tactics (dispenser skimmers or ATM jackpotting), and attacker-remote exploits that install malware onto the POS from an external location. This presentation centers on attacker-remote exploits because ”...criminals are turning a PCI-compliant application that does not store payment card data into a very non-PCI-compliant and criminal-controlled data harvester ...” (Verizon Data Breach Investigation Report, 2018).


There are many paths to breach retail networks. Therefore we will focus on building a “proactive defense-in-depth” approach to defend against the different potential vectors within the network. Proactive defense in depth uses multiple security layers and network visibility to monitor and reduce the risk of compromise to any single layer.


Learn how proactive defense-in-depth helps mitigate risk as we deconstruct three prevalent attacker-remote vectors using techniques already required by the PCI Data Security Standard. We will also provide a framework to help you define your own proactive defense-in-depth architecture.


Contact [email protected] with any questions. 

Cybersecurity, Risk Management