Archive for the "PCI" Category

Announcing ThreatSim – Stratum’s Spear Phishing and Data Exfiltration SaaS Offering


We are finally able to share something exciting that Stratum has been working on for the past several months.

If you look at recent data breaches– the kind where the attackers are inside the network hanging out and shipping sensitive data out of the network– you will find two things in common: spear phishing is how they got in and some form of data exfiltration is how they got out. Read Mandiant’s M-Trends report or the Verizon Data Breach Reports; it’s all discussed in-depth. Attackers are exploiting user endpoints to get right to the heart of the network. Why mess around with finding a perimeter vulnerability (sure they still exist) when you can own something in the soft chewy center of a network with access to almost everything? While this represents a major, actively exploited attack vector, the industry does not have a comprehensive, repeatable and scaleable solution to test organizations’ susceptibility to these attacks. Until now.

Today we are announcing our new Security-as-a-Service (SaaS) offering:



ThreatSim allows customers to easily run their own advanced attacker simulation campaigns that tests users, user end point devices, network security controls, 3rd party security solutions and incident response plans. ThreatSim answers three critical questions that all organizations should be asking right now:

  1. How can attackers get in?
  2. How do attackers get my data out?
  3. What can we do to prevent it?

The ThreatSim website,, has more details on our new service, including how to sign up to be a beta customer. We will provide more updates here on our blog and via our ThreatSim twitter account, @threatsim. For inquires please email us at or fill out the Request A Demo page on the ThreatSim website.

Solving the PCI Level Puzzle with What Level am I?


Starting with my first ever foray into PCI compliance, I have consistently encountered many clients (and even more potential clients) who have struggled with understanding their PCI requirements. While this may seem like a relatively easy task based on the information provided by the card brands, it is my experience that to those who’ve never dealt with PCI before (and even those who deal with it on a casual basis), it can be a daunting task.

Flashback to a couple of months back: Trevor and I were discussing a prospective client with this exact issue when we came up with the idea of developing a website that asked simple questions and provided clear answers. Many discussions followed, a majority of which were with current and prospective PCI clients. We found that even seasoned PCI compliance professionals thought this was a “no-brainer.”

What Level am I?Today Stratum is happy to announce the culmination of all of our talking, skype-ing, and coding with the launch of – a site that aims to be a quick online tool aimed at helping visitors easily and quickly identify their PCI requirements. While the site doesn’t cover every potential entity involved in PCI, it covers PCI Merchants and Service Providers. We’ve tried to make the site as simple as possible, using JavaScript and CSS to do most of the work. We’ve even gone as far as providing definitions for terms unfamiliar to those outside PCI (they’re underlined…simply mouse-over them and the definition will appear).

We would love to hear your feedback on the site, and would of course appreciate you spreading the word about its existence. Enjoy!

Stratum Security now offers extensive PCI services


Some exciting developments here at Stratum Security. We now offer a suite of PCI services that help our customers tackle the DSS challenge. These services are delivered by a team of PCI experts with extensive knowledge of the standard and the process. Our suite of services now include:

  • PCI DSS GAP Analysis
  • PCI DSS Remediation Consulting
  • PCI DSS Remediation Project Management
  • PCI DSS Policy & Procedure Development
  • PCI DSS Training

Learn more about our new offering on our web site here. A white paper is available for download here.

Also, Stratum Security is on track to receive our PCI QSA certification in late July. Stay tuned…