Wireless PCI scanning debate

Interesting post on CWNP back in March. 

Douglas Haider compares the pros and cons of quarterly wireless vulnerability scanning vs. a full time wireless IPS to satisfy PCI DSS compliance requirement 11.1.  Douglas writes:

“This requirement begs me to ask which is “better” option?  Quarterly manual scans or a wireless IDS/IPS?   

Maybe it’s the former IT auditor in me, but I think the best way to meet this requirement is by deploying a wireless IDS/IPS. 

http://www.cwnp.com/community/articles/wireless_requirements_of_the_payment_card_industry.html

I agree, the goal of PCI is securing cardholder data than quarterly scanning can’t be taken seriously.  Cost is obviously the biggest issue for merchants with multiple locations.  But surely a hosted wireless scanning services with a low monthly fee would be cheaper AND provide round the clock security, wouldn’t it?  

Hmmm… see my post AirTight on “Cloud Nine”.

Mike Baglietto

Mike is responsible for product marketing at AirTight and oversees the inside sales team and lead generation. He is a veteran of the Silicon Valley high tech industry with 20 years of experience in product marketing, sales and technical account management. Prior to joining AirTight, Mike held the position of senior product marketing manager for data protection services at eVault. Before eVault, Mike held senior product marketing positions at Quest Software, Keynote Systems, SBE, Inc., NetManage and Software Publishing Corporation.
Mike holds a BA in International Relations from the University of California, Davis.

Mike Baglietto Best practices, Compliance, PCI, Wireless scanning, Wireless security Overlay WIPS, PCI