Stone

Stone Pagamentos, based in Sao Paulo, is the fourth largest payment processor in Brazil. VISA and MasterCard are some well-known brands under Stone’s payment system. Founded in 2012 by global-minded entrepreneurs, Stone is authorized and regulated by Brazil’s Central Bank, which provides payment solutions for all types of businesses across the country.

Stone’s mission centers on providing customers with digital payment capabilities that enable them to deliver enhanced performance and a simplified user experience to their ecommerce and brick-and-mortar customers. Core goals include changing the Brazilian payment service market by focusing on customers and helping businesses control cash flow and sell more products and services. From a risk management perspective, Stone customers pay only for approved transactions, receive customized protection, and are entitled to manual investigation of high-risk claims. Stone payment services allow customers to focus less on payment processing and more on growing their businesses.

Challenges

Credit cards drive commerce. The organizations that process cardholder data must continuously maintain customer trust, the foundation of their success. This isn’t easy since payment card processors are attractive targets for hackers, given the prized information they store and transmit on behalf of consumers. Gaining access to confidential personal and financial information offers enticing rewards for criminal actors. When cardholder data is the target of any malicious activity or theft, it impacts every stakeholder in the credit card processing ecosystem, including merchants, service providers, financial institutions, point-of-sale vendors, hardware/software developers, and customers.

As ecommerce and mobile payment technologies evolve, so does the modern attack surface, and vulnerability management becomes more complex. When new technologies like cloud services and mobile and IoT devices designed to enhance consumer experience are added to the mix, the attack surface expands, making data breaches more likely and harder to detect. The credit card industry’s ongoing reliance on a wide variety of computing platforms further complicates the challenge. Gaining visibility into all assets is critical to mounting a resilient cyber defense.

In addition, all credit card brands require companies like Stone, which process, store and transmit payment card data, to demonstrate continuous compliance with multiple stringent regulatory standards, including ISO 27001 and the Payment Card Industry Data Security Standard (PCI DSS).

Stone required a Cyber Exposure solution that would enable the company to reduce the chance of a data breach, protect cardholder data, and maintain integrity of operations. The company was looking for a scalable platform precisely aligned with compliance frameworks, which could be implemented quickly and easily into existing security infrastructure. Stone sought a strategic partner with a solid foundation in traditional vulnerability management as well as the insight and commitment to continuously innovate via emerging technology solutions designed to address evolving requirements.

Solution

After evaluating multiple enterprise-class solutions, Stone selected Tenable.io, the world’s first Cyber Exposure platform to see and secure any digital asset on any computing platform. The strategic partnership with Tenable empowers Stone to:

• Gain Visibility into Cyber Risks:
  Stone relies on Tenable.io to dynamically discover digital assets everywhere and quickly detect vulnerabilities and misconfigurations. Now Stone can effectively prioritize remediation activities for all identified vulnerabilities for greater staff productivity.
• Scale Across Multiple Environments:
  The platform enables Stone teams across the organization to assess and manage current and emerging vulnerabilities associated with servers, web applications and containers spanning all computing environments (on-premises/point of sale, mobile, virtual, cloud, and hybrid). Stone plans to deploy Tenable.io to cover laptops and IoT devices in the future.
• Simplify User Experience:
  Stone teams now have transparent visibility into all assets via a single dashboard and can continuously monitor and accurately report on the organization’s cyber exposure. In lieu of tedious audit processes, Tenable.io automates internal and external vulnerability scans required for ISO and PCI compliance.
• Report Cyber Exposure to all Stakeholders:
  Security teams can rapidly digest vulnerability assessment data via intuitive, purpose-built dashboards and reports. The platform transforms raw vulnerability data into actionable insights that can be communicated to senior management and other stakeholders for cohesive cyber risk management.

Benefits

Since partnering with Tenable and implementing Tenable.io, Stone has expedited the discovery of vulnerabilities across all computing environments and streamlined compliance efforts.

Solution benefits include:

• Faster Cyber Exposure Detection and Improved Prioritization
  Stone now runs more frequent scans, allowing them to improve their new vulnerability detection SLA to less than 12 hours. In addition to maintaining continuous compliance and comprehensive visibility into all digital assets and vulnerabilities, Stone now has the critical context required to rapidly prioritize and proactively remediate the most significant security weaknesses. A clearer understanding of metrics and reporting helps teams focus on and address what matters most.
• Clear Measurement and Communication
  Modern and flexible reporting capabilities in Tenable.io also allow cybersecurity teams to measure the effectiveness of security mechanisms and document ROI for the CSO, facilitating informed decision-making for Stone’s technology roadmap.
• Cost Savings
  The company has seen a tremendous savings in server hardware and maintenance costs as a result of the Tenable.io deployment. Confident in its ability to reliably secure credit card transactions and protect consumer data, Stone is positioned to further reduce costs and increase revenues by enhancing brand loyalty and consumer confidence to stay a step ahead of competitors in the payment market.

With Tenable as its cybersecurity partner, Stone plans to continue leveraging the latest Cyber Exposure technologies, consistently follow industry best practices, proactively discover vulnerabilities, and manage and reduce cyber risk across the modern attack surface.