The IP Fabric team had the chance to attend the UK version of the Gartner IOCS conference in London from 21st - 22nd November. Represented by Global Channel Development Lead Joe Kershaw, Senior Channel Managers Belema Roberts and Riccardo Guglielmi, Solution Architect Alex Gittings and Product Evangelist Daren Fulwell, the conference represented another unmissable opportunity for our star-studded cast of networking protagonists to spread the word on Network Assurance!

The IP Fabric Team (L-R) Riccardo, Joe, Belema, Daren and Alex

Insights gained; connections made

The two-day conference, hosted at the O2 arena in London, was based around the theme of empowering the "Anywhere Business", and was attended by Infrastructure & Operations (I&O) leaders and vendors alike. The team had the chance to speak with a selection of I&O leaders from a wide variety of sectors, ranging from retail and manufacturing to finance.

Here's what the team had to say about the event:

“Hearing first-hand how I&O leaders view network automation and its importance in driving positive business results gave me valuable insights into what they care about. Discussing how IP Fabric is foundational in removing barriers to network & automation projects was very well received by Gartner’s audience - I consider the event to have been a huge success”" - Belema Roberts

"The quality of the conversations that I had at Gartner IOCS were great. I gained a lot of new insight into the challenges facing enterprises and that is always extremely valuable for me" - Riccardo Guglielmi

"The IOCS conference gave us access to innovation-focused executives and leading practitioners. The discussions we had were fruitful and, in some cases, very well aligned. The outstanding realization was that organizations across all sectors are piling investment into new technologies as they seek to improve control and security across their network. However, many are unaware that technology exists which can help accelerate and de-risk the new technology rollouts whilst helping to abstract the inherent complexity of multi-vendor, multi-domain networks, to ease integration and operation. It was a pleasure to surprise many of these professionals with a view into just how easy Network Assurance can actually make things" - Joe Kershaw

Get IP Fabric

Request a demo and discover how to increase 
your networks visibility & get better time efficiency.
Free Demo | Zero Obligation
Request a Demo

Aside from sparking insightful conversations around the topic of reimagining networking operations with network assurance, Daren had a speaking slot to sink his teeth into. The talk given by Daren, which delved into de-risking automation to maximize value from infrastructure and cloud investments, was well-received and garnered a lot of engagement from the rapt audience in attendance.

Daren delivering his talk at Gartner IOCS

Networking in motion

The event also gave attendees the chance to unwind and get to know each other - At the end of the first day, the conference hall was transformed into a reception for all attendees, with lots of food and drink on offer for people to enjoy.

Avid football fan Daren even got the chance to meet England, Watford and Liverpool football legend John Barnes at the conference. What better way for Daren to cap off the conference than by having the chance to dive into some old-school football nostalgia with one of England's finest!

To find out how IP Fabric can help you to reimagine your own networking operations, request a demo here. Also make sure to follow us on LinkedIn, and on our blog, where we publish new content regularly.

Fall is here, and with it comes some of our favorite things - the beautiful auburn fall foliage, pumpkin spice, and the chance for IP Fabric to spread the word on Network Assurance at ONUG Fall 2022!

From 19th to 20th October, vendors and guests from a wide variety of sectors gathered at Center 415 in New York City for the fall edition of the biannual ONUG conference, and IP Fabric wasn't going to miss out! Solution Architects Dan Kelcher, Justin Jeffrey, and Senior Channel Sales Manager Nick Abbaticchio were on hand to demonstrate the power of Network Assurance and network with like-minded tech enthusiasts and business leaders.

(L-R) Dan, Nick and Justin ready and raring to go at ONUG Fall 2022

With the conference being hosted in-person and virtually, there was lots to see, and lots to do. Dan, Nick and Justin had the opportunity to discuss the benefits of IP Fabric's Network Assurance platform with interested visitors at our booth, sparking many insightful, thought-provoking conversations for visitors and our team alike!

New connections, new insights, and much more

Here's what Nick had to say about the event - "ONUG was definitely worth attending for the interesting conversations that we were able to have. The opportunity to spread the word on Network Assurance is always valuable, and the chance to build and develop new and existing relationships was reason enough for us to come".

Dan was also pleased with the conversation that was sparked by demonstrating IP Fabric to fellow visitors, and he even noticed a common theme following a lot of demos - Everyone that we demoed the platform for had a similar reaction, and asked the same question that I did when I first joined IP Fabric - "Where has this tool been my whole career?"

In-person and online attendees were also treated to an insightful talk from Justin. Titled "Network Assurance Will Revolutionize Your Network Operations!", Justin discussed how IP Fabric can help to automate the collection and analysis of network data, as well as model end-to-end networks to replace error-prone and inefficient processes. The talk was well received, sparking questions and discussion from an engaged audience.

Aside from getting to discuss all things tech with likeminded individuals, there were also competitions and prizes to be won throughout. The opportunity to spend a couple of days in New York City to take in the sights and unique city atmosphere while spreading the word on Network Assurance was another reason why the IP Fabric team simply couldn't pass up on ONUG Fall 2022!

Follow us on LinkedIn, and on our blog, where we regularly publish new content. Want to find out for yourself how IP Fabric can help you to revolutionize your networking operations and processes? Request a demo here.

This article was co-authored by Dan Kelcher, Solutions Architect at IP Fabric

In part 3 of this series on PCI compliance, we covered how you can satisfy parts of requirements 1 and 12 of the PCI DSS by leveraging IP Fabric to obtain a complete network inventory and to visualize your network with up-to-date topological overviews and network diagrams. So now that you have this inventory (including end-of-life data and vendor-suggested replacements), and a network diagram that can be updated ad-hoc without reliance on manual documentation, you can begin to investigate the dataflow within your network and further protect yourself from any potential issues during your next PCI compliance audit.

Let's dig in and see how IP Fabric's path tracing capabilities can allow you to satisfy some additional requirements set out by the PCI DSS. In this series entry, we will partially cover further sub-requirements within requirement 1, as well as part of requirement 11, as set out by the PCI DSS.

What are the relevant requirements?

Here are the specific requirements within 1 and 11 that can be satisfied using the path tracing function:

As mentioned in part 3 of this series, requirement 1.2.4 touches upon path tracing. The requirement itself states that enterprises possess an accurate dataflow diagram, maintained to meet the following: a) It shows all account data flows across systems and networks, and b) it is updated as needed upon changes to the environment.

1.3.1 specifies that inbound traffic to the card data environment (CDE) be restricted to only necessary traffic, with all other traffic being specifically denied. All unauthorized traffic cannot be able to enter the CDE. This is intended to prevent "malicious individuals" from accessing the network via unauthorized IP addresses.

1.3.2 stipulates that outbound traffic from the CDE be restricted to only necessary traffic, with all other traffic being specifically denied.

1.4.1 mandates that Network Security Controls (NSCs) be implemented between trusted and untrusted networks, so that unauthorized traffic cannot traverse network boundaries between those trusted and untrusted networks. This requires an examination of configuration standards and network diagrams to verify that NSCs are defined (1.4.1.a), and that these are in accordance with documented configuration standards and network diagrams (1.4.1.b).

1.4.2 requires inbound traffic from untrusted networks to trusted networks be restricted to: a) communications with system components that are authorized to provide publicly accessible services, protocols and ports, and b) stateful responses to communications initiated by system components in a trusted network, with all other traffic being denied. Essentially, only authorized traffic or responses to a system component (in the trusted network) can enter from an untrusted network.

1.4.4 requires system components that store cardholder data (CHD) to not be directly accessible from untrusted networks. This requires an examination of the dataflow and network diagram to verify that system components storing CHD are not directly accessible from said untrusted networks (1.4.4.a). Also required is an examination of NSC configurations to verify that controls are properly implemented to ensure that CHD-storing components are not directly accessible from untrusted networks (1.4.4.b).

11.4.5 states that if segmentation is used to isolate the CDE from other networks (see part 2 for more detail on network segmentation and PCI compliance), penetration tests are performed on segmentation controls. This must be performed AT LEAST once every 12 months and after changes to segmentation controls and methods. The CDE must be confirmed as sufficiently isolated from all out-of-scope systems.

How does IP Fabric help with these requirements?

1.2.4 – By providing a source and destination within your network, IP Fabric can show the path that data takes through the network. These can be generated on-demand or configured to run automatically. The ability to generate these on-demand helps to satisfy requirement 1.2.4, as administrators can run these regularly to ensure they are kept current and accurate. This also provides an easy view of all devices that would be in-scope for a PCI compliance audit, meaning any devices within that data flow would need to be PCI compliant.

How does it work? When a snapshot of the network is taken, IP Fabric captures the state of each device, including CDP/LLDP, MAC table, and routing table information. That data is used to determine the relationship between devices. A graphical topology can be built from that relationship information.

.

In the above diagram, the traffic flow starts at the top left, from host 10.33.230.2 in site L33. The router L33R4 has equal-cost load balancing, splitting traffic across two paths. The traffic flows through an MPLS network to the L81 site. The presence of the transit cloud in the lower left indicates the flow traverses through a device (or multiple devices) that IP Fabric does not know (often this would be a service provider’s network). The traffic finally reaches the destination on L81R5.

1.3.1 and 1.3.2 - Using the same path tracing tool allows you to determine whether traffic can enter or exit the CDE. A trace can be performed using specific source and destination IP addresses or using CIDR blocks and can include a defined protocol and port. This also allows for validation of the NSCs in place to ensure that only necessary traffic is flowing through these points. When a path trace is created, an intent rule is generated based on the intended status of that flow, be it pass or fail. Any deviation from what is expected or planned can be remedied by reinforcing the relevant NSCs to prevent any unnecessary traffic from entering, or exiting, where it should not be.

The above table shows the status of the path verification rules. The 5-tuple for each test is listed, along with the expected state (all allowed, or none allowed), the state of the test (all, part, or none of the traffic allowed), and the result which shows why traffic was blocked. The state is also color-coded, with green meaning the state matched expectations, and red signifying a deviation.

1.4.1 – Of particular interest within this requirement are 1.4.1.a and 1.4.1.b - These sub-requirements stipulate that configuration standards and network diagrams are verified (1.4.1.a), and in accordance with the documented standards for configuration standards and diagrams (1.4.1.b). With path tracing, you can determine where these NSCs are located, how they are configured, and whether this is sufficient to segregate trusted and untrusted networks. IP Fabric can also provide you with security assurance - You can standardize the management of your configurations and ensure that these align with your documented configuration standards required under 1.4.1.b. Standardizing the configuration management of NSCs reduces manual effort - Saving you additional time, effort, and brainpower in ensuring your NSCs are configured in accordance with your documented configuration standards before your next PCI compliance audit.

IP Fabric allows you to drill down to a packet-level to find decision information. In this example, the traffic was denied because it matched an inbound deny rule named [email protected] 124 on the firewall interface ge0/0/4.200.

1.4.2 – Similarly to the requirements in 1.4.1, path tracing of the network and dataflow diagrams can be used to determine the flow of traffic between trusted and untrusted networks. As this requirement also stipulates that NSC configurations (and vendor documentation) be verified to determine if inbound traffic from untrusted to trusted networks is sufficiently restricted, IP Fabric’s security assurance can once again be used to standardize configuration management and ensure that these are sufficiently hardened against unwanted accesses.

1.4.4 – This requirement is also quite similar with regards to how IP Fabric can help. Using the network diagram that you have already built, you can verify if system components that store CHD are directly accessible from untrusted networks. Under 1.4.4.a, this means you have to verify your network and dataflow diagrams to ensure there is documentation that system components storing CHD is not directly accessible. Under 1.4.4.b, NSC configurations must be verified to ensure controls are in place to ensure CHD components are not accessible from untrusted networks. Again, with path tracing, and the ability to standardize configurations, you can ensure that these components are sufficiently protected and hardened against access from untrusted networks.

11.4.5 - As discussed in part 2, using your dataflow and network diagrams established by IP Fabric, you can verify whether you have sufficient segmentation in place. By locating the appropriate environments, you can verify whether segmentation is effective, prior to the investigation by an independent auditor.

Get IP Fabric

Request a demo and discover how to increase 
your networks visibility & get better time efficiency.
Free Demo | Zero Obligation
Request a Demo

In Action

Here's how simple IP Fabric makes this process:

Creating a path check

  1. Log into IP Fabric and navigate to Diagrams > End-to-end path
  2. Enter the source and destination IP/CIDR (expand "More Details" to specify protocol and port)
  3. Click submit
  4. The path lookup will display on the right, and a set of options to define a path check will now appear at the bottom of the input column.
  5. Select the option for Pass or Fail and click Save

Evaluating the status of path checks

  1. Log into IP Fabric and navigate to Technology > Routing > Path Verifications
  2. Locate the intent rule to be verified (this list can be filtered and/or sorted, and clicking the result boxes in the Intent Verification Rules section will automatically apply the corresponding filter)
  3. Click the Eye icon in the Actions column to open that path check
  4. The devices are color-coded to indicate ACL status - Green meaning the traffic was allowed, and red meaning it was denied.
  5. Right-clicking on the red firewall gives the ability to view the flow details for that device.
  6. In this case, there is equal-cost load balancing happening, which created two inbound flows. Both inbound flows are allowed. The traffic is then hair pinned through the L66JFW10 firewall and returned to the L66JFW9 firewall. The traffic coming in is now blocked.
  7. Clicking on the blocked flow shows the detailed decision table used to determine why the traffic is blocked.
  8. There is a rule named [email protected] that is denying traffic
  9. Clicking on the rule shows the details of that rule

This process can also leverage the API and webhook capabilities of IP Fabric. New path checks can be added programmatically and included in automation workflows. Webhooks can be configured to push information on failed intent checks into other platforms.

Conclusion

IP Fabric uses network configuration and state data to build out a representation of the network topology and can then determine how traffic would flow through the network, giving you all of the information that you need before your next PCI compliance audit. Adding intent rules to these path checks quickly and easily allows teams to identify problem areas. This visibility extends from a global topology view, down through a device level and into the detailed decisions made by network devices. That level of visibility simplifies both the environments' compliance state, as well as the process of gathering evidence to support either confirmation of compliance or the need for changes to achieve PCI compliance.

Follow us on LinkedIn and our blog, where we publish new content on a regular basis. For more information on how IP Fabric can help you to get to know your entire network inside and out, please request a demo here.

This article was co-authored by Dan Kelcher, Solutions Architect at IP Fabric

This article was co-authored by Dan Kelcher, Solutions Architect at IP Fabric.

Congratulations, you've made it this far. You know what PCI compliance is, and why it is essential that your enterprise pass its compliance audit (covered in part 1). You now also know how to limit the scope of your upcoming audit to save you time, effort and a nasty headache thanks to the benefit of properly implemented network segmentation, aided by IP Fabric (covered in part 2). Surely it should be plain sailing now? Think again! Now you have to ensure that your enterprise network actually satisfies the 12 requirements set out by the PCI Security Standards Council (PCI SSC) in their Data Security Standards (PCI DSS).

As we have previously stated, IP Fabric can NOT help with all 12 requirements listed in the PCI DSS. What IP Fabric can do, however, is give you peace of mind and help you be sure that certain requirements are met. IP Fabric is a very useful tool that can help you at least partially cover some of these requirements. When utilized together with other means, you can be sure that you aren't left in the dark about your own network.

In this piece, we will begin to dive into how IP Fabric can be leveraged to cover some of the PCI DSS requirements by providing you with a complete network inventory, and an up-to-date visual representation of your network estate. Let's get into it!

Inventory

What are the relevant requirements?

The PCI DSS requirements relating to inventory are covered in point 12. It does seem odd to start with the last of the 12 requirements for PCI compliance, but ensuring you have the relevant, up-to-date documentation of your network inventory and end of life plans is essential to consider first. Doing so allows you to avoid any nasty surprises down the line. It's kind of like owning a house and trying to keep it secure from intruders. You need to know all of the access points in the house, and you can't lock a door that you don't know that you have.

Requirement 12.3.4 requires enterprises to review their in-use hardware and software technologies once every 12 months. This includes ensuring that the technologies receive security fixes from vendors, whilst continuing to support PCI DSS compliance, and that end of life (EoL) plans for technologies are in place. These plans also need to be documented and approved by senior management.

Requirement 12.5.1 obliges enterprises to have an inventory of system components that are in scope for PCI DSS, (including descriptions of their function/use), which is maintained and kept current. System components are defined as network devices, servers, computing device, virtual components (virtual machines, switches, routers etc.) as well as cloud components and software.

How does IP Fabric help with these requirements?

12.3.4 - During the discovery process, IP Fabric connects to supported network devices (there are hundreds of supported models across dozens of vendors) to collect configuration and state data, including make, model, and serial number. This is then compared against published EoL data from the hardware manufacturer.

An example of the inventory information IP Fabric can provide enterprises with

Published end of life data from several hardware manufacturers is included and updated quarterly to show the EoL status across the environment. With the information made readily available, you can begin to plan lifecycle management for your hardware. IP Fabric can help you formulate your plans by giving you the necessary information that you need.

Our platform can even help you take your lifecycle management planning to the next level. Wherever possible, the data presented in our platform will include vendor suggested replacements, meaning that you not only know when system components will reach end of life, but you also have the necessary information to ensure replacing them is as seamless as possible, and doesn't leave any gaps in your network.

End of life information captured by IP Fabric - Including suggestions for replacements

In addition to hardware information, software data is also collected. One of the most crucial features of IP Fabric is the ability to create intent rules. Intent rules can check to identify potential outliers or problematic areas within your network. An example of this would be to find what percentage of devices are running the same OS version. This could identify if OS updates aren’t being consistently applied, or if a device is running a version that hasn’t been validated. The intent rules feature will be covered in more detail in a future entry in this series!

IP Fabric also captures and presents data on current software versions within your inventory

12.5.1 - This one seems a little obvious given the nature of our platform. The snapshots that you can take using IP Fabric can be configured with granular scheduling, which might be at the start and end of standard maintenance windows, or at any other interval required. If a change occurs outside of a normal maintenance period, a snapshot can be manually created. The result is your diagrams are accurate at all times, ensuring that the inventory is "maintained and kept current', as stipulated by the PCI DSS.

Topology

Once you have taken a complete inventory of your network with IP Fabric, you can then move on to building a topology of your network. To accomplish this, IP Fabric uses state information learned from each device to build out the topology diagrams dynamically. The data can be used to path trace through your network to identify potential issues regarding your card data environment (CDE) - We will cover IP Fabric's path tracing capabilities and how they relate to PCI compliance in a future entry in this series. For now, the PCI DSS requirements relating to topology are contained in requirement 1.

What are the relevant requirements?

Requirement 1.2.3 states that enterprises must maintain an "accurate network diagram" that shows all of the connections between the CDE and other networks, including wireless networks. 1.2.3.b also requires enterprises to verify that documentation and network diagrams are accurate and updated when there are changes to the environment.

Requirement 1.2.4 posits that enterprises possess an accurate data-flow diagram, maintained to meet the following: a) It shows all account data flows across systems and networks, and b) it is updated as needed upon changes to the environment.

How does IP Fabric help with these requirements?

1.2.3 - The snapshot process of IP Fabric discovers your network, then allows you to visualize your network in topological diagrams. Leveraging data from both Layer 2 (CDP, LLDP and MAC address tables) and Layer 3 (routing and ARP tables) protocols, IP Fabric builds a full view of the network. The output of this is a dynamic logical diagram that shows not only Layer 1 connectivity, but also Layer 2 and Layer 3 topology.

Example of a topological overview that IP Fabric can build out, which you can leverage to satisfy 1.2.3 and 1.2.3.b of the PCI DSS

1.2.3.b - Here is another requirement that documentation and network diagrams be accurate. The dynamic nature of IP Fabric’s snapshot-based system ensures that network diagrams are regularly updated. This can be as often as the snapshots are scheduled to occur, or if a more current update is needed, a new manual snapshot can be performed, or individual devices can be refreshed in an existing snapshot. Additionally, a comparison can be performed to identify any topology changes that may have occurred between two snapshots.

1.2.4 – Provide the platform with a source and a destination, and IP Fabric can show the path taken through the network. These can be generated on-demand, or they can be configured to run automatically when new snapshots are created. We will cover this in more detail in a future entry in this series, but it is also worth noting here.

Conclusion

IP Fabric’s discovery and snapshot feature can be used to ensure that some of the essential PCI DSS requirements are satisfied before your next audit, by arming you with the essential information you need regarding your network inventory and topology. Whilst these capabilities only touch on some of the PCI DSS requirements, the ability to visualize your network estate is something we consider invaluable, especially with a PCI compliance audit on the horizon!

Check back soon for part 4 of our in-depth analysis on IP Fabric and PCI compliance, where we will cover how IP Fabric’s path tracing capabilities can be leveraged to cover more PCI DSS requirements. Feel free to follow us on LinkedIn, or on our blog, where new content will be emerging regularly. To find out more about how IP Fabric can help you take your network operations to the next level, request a demo here.

This article was co-authored by Dan Kelcher, Solutions Architect at IP Fabric.

Co-authored by Solution Architect Dan Kelcher and content specialist Alex Bonehill

So, you have a PCI compliance audit looming in the near future - You know what the requirements are, as set out by the PCI DSS, and you are aware of the multitude of potential penalties if you can't prove that your system is compliant. So you should have all the information you need to pass this audit, right? Not exactly. When a PCI compliance audit is performed, every single part of your network which touches, stores, or processes sensitive cardholder data (CHD) and/or sensitive authentication data (SAD) needs to be audited. This includes any areas of your network that may impact the security of the environment storing CHD/SAD.

To be more precise, PCI DSS requirements apply to system components, people, and processes that store, process, and transmit CHD/SAD, as well as system components that might not store, process, or transmit CHD/SAD, but that have "unrestricted connectivity" to the components that do. System components, as defined by the PCI SSC, include network devices, servers, computing devices, virtual components (virtual machines, switches, routers etc.), as well as cloud components and software.

Sorting through your digitally documented network can leave you feeling like you're under a mountain of paperwork

Therefore, knowing the 12 requirements and the litany of sub-requirements essential for PCI compliance is not necessarily enough - You need to know exactly what in your network is considered in-scope for the audit. But your network may contain tens of thousands of interconnected devices, paths and configurations. It could also span across multiple international locations being maintained by different teams, and there may be a massive group of people with access to segments housing CHD, some unnecessarily so. Sorting through all of this manually will surely result in a stress-induced migraine, and massive costs for your next audit.

It is essential that you know exactly how much of your network is subject to audit before it starts - It could be a lot more, or a lot less than you think. IP Fabric can help you to limit the scope of your next PCI compliance audit, thus limiting the complexity, time and cost of your upcoming assessment. Let us explain how.

The importance of network segmentation

When preparing for an audit, we have already established that knowing your network is essential, as it allows you to determine how much of your estate actually needs to be audited. To this end, there is one particular best practice to consider here, which is even included by the PCI SSC in its document on Security Standards - Network segmentation. Network segmentation is the practice of using device rules or ACLs to restrict connections and access between specific devices and services within the internal network.

By controlling how traffic flows through the paths of your network, you can achieve granular-level control and insight regarding your network. The uses of network segmentation include limiting the flow within your network by source, destination, or by traffic type. When dealing with the CHD environment in your network, using segmentation means a reduction in the number of users and devices that would have access to segments on which CHD is stored.

Where does IP Fabric fit in?

IP Fabric's comprehensive discovery feature allows you to visualize your entire network estate through topological diagrams, which can be viewed on different protocol levels. The feature utilizes snapshots, either scheduled, or on-demand, to discover the devices and applications within your network and how they are connected to each other. This feature can also be used to simulate entire end-to-end paths.

During the discovery process, IP Fabric connects to switchers, routers and firewalls and, based on state information, understands how devices are connected. Additionally, IP Fabric is able to interpret the rules applied to these connections, allowing for end-to-end simulation of traffic flows through the network.

Having access to the state information, topology and rulesets of your network, you can specify any network or device in the environment and identify if it is capable of accessing a destination which stores CHD/SAD. This allows you to validate whether the CHD environment is sufficiently isolated from the rest of your network. If so, these isolated areas do not needs to be audited. If the areas of your network that do house CHD are not sufficiently isolated from your other network components, then you have all the information you need to implement proper network segmentation, thanks to IP Fabric.

This last point, that is, the ability to validate the effectiveness of your network segmentation and adjust it accordingly, is particularly helpful when considering that a PCI compliance audit includes an examination of the segmentation implemented in a network. Using IP Fabric, you can not only limit the scope of your assessment, but also validate that you really are covered with effective segmentation, avoiding any nasty surprises come auditing time.

How else can IP Fabric help to limit audit scope?

Identifying the network segments that store CHD also limits the number of people within an organization that need to be audited - The process of limiting the number of people subject to a PCI compliance audit is sometimes referred to as "descoping". Without IP Fabric, the cost of a compliance audit could be astronomical, given that you may not have a way of proving who has access to which parts of your network. If you can't say with certainty that a particular person DOESN'T have access, then they will be included in the audit for the sake of avoiding a potential, unnecessary data breach or running an incomplete assessment.

Get IP Fabric

Request a demo and discover how to increase 
your networks visibility & get better time efficiency.
Free Demo | Zero Obligation
Request a Demo

Unsure of whether your access restrictions are sufficiently configured or deployed correctly? The data collected from your network by IP Fabric includes the behavior of interconnection points between network segments and the deployed policy - The data collected can be viewed in tabular form or path lookup simulation to ensure data is flowing through these enforcement points as planned. The data is also accessible via API, which can be integrate into other tools.

Leveraging single sign-on (SSO) and role-based access control (RBAC), granular permissions to view this data can be applied to anyone in an organization, opening the door for data democratization. You can ensure that the relevant people are able to keep up to date on whether your network is correctly segmented with the appropriate level of security, ensuring that you can be certain regarding what is in, or out, of scope for your next audit.

Check back soon for part 3 of our in-depth analysis on IP Fabric and PCI Compliance, where we will cover the PCI DSS requirements that IP Fabric can lend a helping hand to.

Follow us on LinkedIn or on our blog, where new content is emerging regularly. To find out more about how IP Fabric can give you and your business peace of mind, request a demo here.

Co-authored by Solution Architect Dan Kelcher and content specialist Alex Bonehill

PCI compliance is a hot topic that has to be addressed by any organization that accepts, transmits, or stores private cardholder data (CHD). To this end, the PCI Security Standard Council (PCI SSC) has set out twelve key requirements, referred to as the PCI Data Security Standards (PCI DSS). Organizations must be able to prove that they abide by these standards in order to be deemed PCI compliant. But what do they have to prove exactly?

What does PCI compliance entail?

The requirements consist of technical and operational standards that businesses must follow to secure and protect card data transmitted through card processing transactions. The requirements listed by the PCI SSC are as follows:

Ensuring compliance with these twelve requirements is essential for businesses - whilst there is not currently a specific legal mandate in place that requires organizations to prove PCI compliance, it is regarded as mandatory through both previous court precedent, and organizational requirements to maintain a secure environment for sensitive CHD. Failure to meet these requirements can result in fines of $5,000 per month and can even extend to having the ability to accept credit cards being revoked. This is without even mentioning the possibility of having a lawsuit levied against an organization in case of any data breaches involving CHD. Aside from these ramifications for failure to ensure compliance, it is also a good business practice for ensuring customer trust and maintaining a favorable brand reputation that emphasizes data security.

So now that we know what the 12 requirements are, and what could happen if these are not satisfied, it should be plain sailing towards PCI compliance, right? Not necessarily.

12 requirements...for now?

Ensuring compliance can be a daunting task, as the list of technical requirements, coupled with the often-complex nature of enterprise-level networks in this modern age, can lead some to rightly worry about whether they are fully covered in the face of an upcoming PCI compliance audit. Even those organizations that are currently PCI compliant should not rest on their laurels, with the new PCI DSS 4.0 release on the horizon. From March 31st, 2024, release version 3.2.1 will be retired, with the new 4.0 standard due to be released in its place. Consisting of 360 pages, complete with a change document comprising 20 pages of changes, the 4.0 release is bound to feature a number of curveballs for organizations – from new requirements being introduced, to some previous recommendations becoming binding requirements. A compliant system today, may not be so come 2024.

In order to determine whether some of these compliance requirements are met, and in the face of these upcoming changes in 2024 with the PCI DSS 4.0 release, it is essential that businesses first know their network. This in itself could be considered an essential pre-requisite to determining compliance for many organizations, and this is where IP Fabric can help.

In this short series of blog pieces, we will dive into how IP Fabric’s Automated Network Assurance Platform can help you gain full visibility of your network and can give you the insight you need when determining the scope of your next PCI compliance audit.

Get IP Fabric

Request a demo and discover how to increase 
your networks visibility & get better time efficiency.
Free Demo | Zero Obligation
Request a Demo

Where we fit in

IP Fabric is not a one-sized-fits-all tool that will help you conquer PCI compliance, meaning that not all of the 12 PCI DSS requirements will be covered in this short blog series.

Instead, our platform is able to assist you by providing a detailed visualization and overview of your network at a point-in-time, which can be used to verify some of the essential requirements set out by the PCI DSS, and also help you to limit the scope of your next audit to only the necessary components of your network, saving you both time and additional cost. Think of IP Fabric as part of your toolkit for ensuring PCI compliance - It can't do everything, but if used correctly, it can greatly relieve the burden of ensuring PCI compliance and make matters simpler.

Check back soon for the first part of our in-depth analysis on how IP Fabric can help provide you with the assurance you need before your next PCI compliance audit.

Please follow our LinkedIn or blog, where we are sharing new content regularly. If you are interested in seeing what IP Fabric can do to help you gain visibility in the darkest corners of your network, please request a demo.

The 2022 KTS Conference hosted by our partner, Vector Solutions, took place in Gdynia, Poland on the 21st and 22nd June 2022, and IP Fabric was in attendance for the first time! The 19th edition of the 2-day broadband technology conference saw 300 participants and 80 companies descend upon the coastal town of Gdynia to discuss a wide range of topics, including artificial intelligence, distributed network architectures and the automation of network management.

The event included a variety of fascinating talks on the latest technologies and trends and proved to be a great opportunity to introduce IP Fabric to a new audience. We were represented at the conference by Solutions Architects, Milan Zapletal, and Vitězslav Savel, one of our Senior Channel Development Managers.

Showcasing the utility of IP Fabric

Both Milan and Vitězslav had the chance to speak at the conference. On day one, Vitězslav held an informative talk titled “What Do You Need to Start Automating Your Network”. The talk focused on how enterprises can begin the process of automating their network, and what potential organizational barriers currently exist that are holding them back from doing so.

Vitězslav discussing barriers to Network Automation on day one of the 2022 KTS Conference

On day 2, Milan followed up with a talk on “How to Increase Cybersecurity with Data Models”. Both talks were well received and introduced the audience to the possibilities that IP Fabric has to offer!

A chance to make new connections

In between talk sessions, visitors gathered in the main event room, where both Milan and Vitězslav were on hand at IP Fabric’s stand to network with visitors from other companies and further explore the wide range of benefits that IP Fabric has to offer.

Both Milan and Vitězslav viewed the event as a success - “The 2022 KTS Conference was a great opportunity for us to introduce IP Fabric to a new audience and raise brand awareness, particularly in a new country. We also greatly appreciated the chance to strengthen our partnership with Vector Solutions and make new connections with some of our partner’s affiliates.” 

Some healthy competition on the Gdynia waterfront

The conference also gave visitors the chance to unwind and take part in some interesting downtime activities and work on their teamwork skills. A boat building competition was held on the Gdynia waterfront and guests also had the exciting opportunity to ride in a speedboat. The conference was punctuated by a beach party, which allowed people to network with each other in a casual setting and unwind after a long day of discussing the latest in technological trends.

Please follow our company’s LinkedIn or Blog, where we are generating new content regularly. If you are interested in seeing what IP Fabric can do to help get you on the path to automating your network operations, please request a demo.


IP Fabric understands the critical importance of informational security in enterprise-level organizations. Whether this concerns the availability, integrity, or confidentiality of data, we understand that risks simply cannot be taken when it comes to information and the assets they represent.

Which is why we are delighted to announce that IP Fabric has passed the required audit and has an ISO/IEC 27001 certified Information Security Management System (ISMS)!

ISO 27001 is an internationally recognized security standard with a focus on risk management concerning sensitive information. The basic aim of this standard is to ensure the availability, integrity and confidentiality of information, whether sensitive or not. A thorough risk assessment means that potential problems can be identified, and measures can be implemented to prevent these from occurring, thus guaranteeing that essential security principles are always being upheld.

From the proper handling of assets to information classification and encryption, the standard is designed to ensure that there are no knowledge gaps within an organization about how sensitive data should be processed or disposed of.

Even though the assessment and certification for this standard is completely voluntary, IP Fabric wanted to ensure that we have an ISMS that places the basic aims of information security at the forefront of our practices and demonstrate our unwavering commitment to the safeguarding of data, regardless of its classification.

With this certification and a thorough understanding of the relevant policies and procedures, you can rest assured knowing that we always have everyone’s best interests around information security firmly in our sights!

Learn more about IP Fabric’s security-committed approach to imaging and safeguarding your network here.

Follow us on LinkedIn or check out our blog, where more content will be emerging. If you are interested in seeing what IP Fabric can do for your network, please request a demo with us.

Our very own Riccardo Guglielmi had the exciting opportunity to attend the annual Cyber Resilience Forum by Richmond Italia from 15th to 17th May in Rimini, Italy. Alongside Giampiero Moscato from our partner, Kirey Group, Riccardo connected with industry experts and key players to discuss all things Cyber Resilience and Network Assurance!  

Riccardo alongside Giampiero Moscato of Kirey Group

Spreading the word on Network Assurance

The 2-day forum at the picturesque Rimini Grand Hotel was organized so that everyone could make the most of their time and have as many insightful conversations and meetings as possible. To make this possible, the event was formatted to mimic a “speed dating” format, with each participant having 12, 30-minute chats with different people to connect and exchange ideas.  

With market leaders from a range of sectors, including Automotive, Manufacturing and Publishing in attendance, this format allowed Riccardo to make the most of his time and discuss how Network Assurance can help take their network operations to new heights and revolutionize their current processes whilst maintaining security and network resilience as a top priority. 

Here is what Riccardo had to say about his experience: “The forum was a great opportunity to bring brand awareness to the Italian market, discuss new challenges, understand real-world applicable situations, and explore the potential of resolving existing gaps in tooling strategies and workflows.”  

Riccardo and Giampiero utilizing the unique format at the Cyber Resilience Forum

Opportunities to learn

Another highlight was the Colors Business Show, a workshop on the diverse types of personalities one might encounter in a business environment, and how best to adapt communication styles to ensure that everyone is on the same page and deriving value from conversations. As a part of IP Fabric’s dedicated sales teams, this is something that Riccardo relished the chance to reflect on and he has already incorporated some of the tips and tricks that he picked up into his daily work. 

The event offered much more than just an opportunity to exchange ideas around Network Assurance. Downtime activities such as yoga were also included in the program to help attendees unwind after a long day of making new connections and discussing all things Network Assurance and security.

If you would like to learn more about how IP Fabric can make your network more resilient and give you that peace of mind, please follow our company’s LinkedIn or Blog, where we are always sharing ideas to put you on the path to a Self-Driving Network. 

Read more on the topic of Network Security with IP Fabric: Network Infrastructure Security - IP Fabric. If you're interested in seeing what network assurance can do for your network in particular, please request a demo.

We're Hiring!
Join the Team and be part of the Future of Network Automation
Available Positions
IP Fabric, Inc.
115 BROADWAY, 5th Floor
NEW YORK NY, 10006
United States
This is a block of text. Double-click this text to edit it.
Phone : +1 (914) 752-2991
Email : [email protected]
IP Fabric s.r.o.
Kateřinská 466/40
Praha 2 - Nové Město, 120 00
Czech Republic
This is a block of text. Double-click this text to edit it.
Phone : +420 720 022 997
Email : [email protected]
IP Fabric, Inc. © 2022 All Rights Reserved