What Is Quasar Scan?
Quasar Scan is a complete cardholder data scanning solution that can help organisations in their PCI DSS compliance efforts.
Quasar Scan enables organisations to provide their business and security teams with real-time information on where cardholder data is located in their systems.
Why Do You Need Quasar Scan?
Any organisation handling credit cards runs the risk of having cardholder data build up in unexpected places. Data breaches are costly to remediate and damaging to your company’s reputation. The first step is understanding where your cardholder data is, where it came from, and where it is going.
Quasar Scan gives organisations the ability to effectively search for non-compliant cardholder data in a timely, cost-effective manner with consistent results.
Quasar Scan ranks its results by the likelihood of them being actual cardholder data allowing analysts to quickly determine which information is relevant for reporting. This frees up time and resources for other compliance activities.
What Does Quasar Scan Do?
Powered by an advanced enterprise data mining engine, Quasar Scan can:
- Access a number of sources including local and remote filesystems and SQL databases.
- Support both batch and single target scan jobs.
- Create reusable search jobs.
- Exclude test card data.
- Run searches without interrupting day-to-day operations.
- Create customised reports, including file location, owner, last access time, and more.
Who is Quasar Scan Designed For?
Business leaders and security experts from organisations of all sizes are turning to Quasar Scan for improved cardholder data search features not found in other software packages.
Quasar Scan is designed for organisations of all sizes in all industry sectors that are concerned about cardholder data security.
Recognise Problem Areas
The included reporting features provide information that will help your analysts determine where the largest compliance issues are. For example, fi you want to know which users or computers have the most cardholder data hits, Quasar’s reports can tell you. This allows you to spend your time focusing on the actions needs to ensure data security and compliance requirements are met, rather than spending time figuring out where the cardholder information is.
Deliver Consistent, Trusted, and Verifiable Information
Quasar Scan consistently retrieves accurate and timely information about cardholder data to allow the business to ensure that the right changes are made to the data storage processes.
Search Virtually Any Data Source
Quasar Scan aggregates data searches from practically any file format or database structure. This allows you to generate reports on your entire environment and to locate cardholder data no matter where it resides.
Make Faster, Better Decisions for PCI DSS Compliance
Quasar Scan reports can be used by security managers to quickly get the information they need in order to make better decisions faster. Why waste time looking for the data when you can spend that time reducing the risk of a costly data breach.
Free Up Expensive Resources
Quasar Scan’s enhanced filtering engine minimises false-positive cardholder data matches. Other than spending time on tedious data-mining tasks, staff can focus on compliance issues and remediation.
Access a Variety of File Formats
Quasar Scan can search for cardholder data in a wide variety of document formats and databases.
Access virtually any form of textual data, including:
- ASCII text
- Microsoft Office formats
- Archives (e.g. zip files)
Support for Volume Shadow copy on Windows minimises disruptions and allows access to files that would otherwise be inaccessible.
Quasar’s smart file-content fingerprinting system ensure that files are reliably scanned regardless of the file name. Even if the file is renamed, Quasar will know the scan status of it.
Enhanced Security Features
We want to help you as you work towards PCI DSS compliance, which means that we make sure our software is developed with security in mind.
All network traffic sent and received by Quasar Scan is encrypted. We use:
- AESCTR mode encryption
- 256-bit keys
- HMAC-signed messages for encryption of in-flight cardholder data to the results server to ensure that cardholder data cannot be compromised in the course of normal operations.
All Quasar files are encrypted at rest.
Role-based access controls for the Web UI prevent unauthorised users from accessing reports or running scans.
- The Secure API backing the user interface integrates with your existing Active Directory environment (if present) to deliver role-based access control and single-sign-on for domain users.
- The “as-shipped” configuration segregates job-management capability from results-viewing capability.
- More fine-grained and complex security setups can be accommodated with deployment-time configuration settings.
- Security features ensure a tamperproof audit-trail of user actions, system modifications, and attempts to view and/or export sensitive data.
- Security features ensure a tamperproof audit trial of user actions, system modifications, and attempts to view and/or export sensitive data.
All scan results have the cardholder data truncated regardless of whether you are exporting to .csv or viewing the results in the web-based Quasar interface.
- Cardholder data is always truncated on export, making sure it’s not possible to export full cardholder data
- the shipped configurations are aggressive in their approach to truncation, but they are customisable to meet your analysis and workflow requirements as well as to adapt to changing card number formats.
Quasar Scan uses advanced filtering to weigh the likelihood of a result being actual cardholder data.
- Quasar’s filters automatically determine the likelihood that a “hit” is real cardholder data.
- We incorporate the latest international BIN lists, compiled be reputable 3rd party suppliers to enhance the relevance of search results.
The as-shipped filter sets are constantly updated to ensure more accurate identification of cardholder data and to avoid false positives that plague other software.
- New filters can be constructed and supplied to customers in response to analysts discovering new false-positive trends and patterns.
- Quasar ships with scanning patterns for PAN, Track 1, and Track 2 data. These patterns are configurable and extensible to support format variations.
Installing agents over an entire network is easy with Quasar Scan’s self-contained installers that work with all enterprise deployment technologies.
Quasar’s scan agents have a small disk-space footprint, meaning that they can be smoothly deployed over networks of any size, whether you have 5 machines or 5,000 machines.
- The installation process is designed for use with SCCM and group-policy style deployment systems.
- Agents run as Windows Services.
- The Quasar server does not require a separate database meaning that your data is self-contained and costs are lower.
Quasar scan lets you change your settings to minis the disruption to heavily used systems through the use of performance management settings including:
- Setting the CPU priority to allow the system to only use resources when available.
- Setting a hard limit on processor time.
- Changing scan settings and server settings as appropriate for your environment.
Quasar Scan’s deep search engine allows you to scan for virtually all text-based files and databases, regardless of their location helping you find areas where your data leaks are affecting your compliance efforts.
- The recursive file access engine fines cardholder data, even when it’s buried in files multiple levels deep (for example, an email attached to an email inside of a zipped email archive folder).
The scan engine is fully customisable, allowing you to:
- Create whitelists for scanning directories
- Blacklists for excluding directories
- Configure a range of other performance enhancements to improve throughput.
File system scanning options are flexible. By default, all attached fixed rives will be scanned. If you know particular areas that you want to focus on, these areas can be whitelisted.
Using folder names, file extensions, and other file/folder path fragments blacklists can be used to avoid scanning files or areas of systems and to speed up scans while complying with data discovery policies.
It is possible to easily perform scans of large user-home-drive SANs and file servers with Quasar Scan’s ability to configure these scans from a central point.
Quasar scan allows for parallel and asynchronous jobs to scheduled and run.
- Jobs can be run in parallel, even on the same agent
- Jobs can be asynchronous, allowing agents to be part of a scheduled job, even fi they are not connected at the time the job is created. Ideal for when you have people working remotely that are only connected periodically.
The text scanner collects a small amount of surrounding contextual data from the same line of text where ether potential PAN/SAD is identified. This helps the person analyse the data without having to access the locations where the results are found since they still have enough information to determine whether the result is likely to be PAN/SAD.
Scans can be scheduled and repeated and if you ever need to check what settings were used on a past scan, all the profile / settings are contained in the past job file.
Hit Identification and Categorisation
The reporting algorithms in Quasar Scan automatically groups cardholder data hits based on the likelihood that a hit truly contains PAN/SAD. This allows analysts to focus on data that is likely to be a compliance risk.
- Specific filters are used to determine the likelihood of the results containing PAN/SAD.
- Hit categorisation is logged, allowing analyst to determine why each result was categorised as “likely”, “possible”, or “unlikely” to contain cardholder data.
Quasar Scan’s web-based interface and the server architecture provides customisable reporting features, letting your analysts drill down into scan results to gain deeper insight into problem areas of cardholder data storage.
A number of reports are available out of the box including:
- Hits per file
- Files scanned and hits found (PAN/SAD)
- Hits per user
New report types can easily be added if the need arises.