PCI DSS Audit Passed. Data Exfiltration Stopped.
How a regional bank protected legacy core banking systems, passed their PCI DSS audit, and blocked multiple data theft attempts with FileSure.
Regional Banking Corporation — Southwestern US
The Situation
A regional banking corporation with 40+ branches and $3 billion in assets faced a common dilemma in financial services: their core banking platform — the system that processed every transaction, held every customer record, and ran every critical operation — was locked to a legacy Windows infrastructure.
The platform worked flawlessly. It had been customized over two decades to handle their specific workflows. Replacing it would cost millions and take years. But modern endpoint security tools wouldn't install on the systems that ran it.
With PCI DSS audits approaching and ransomware attacks against financial institutions making headlines weekly, the IT leadership needed a solution that would work with what they had — not require them to replace everything first.
The Problem
What They Were Trying to Protect
Core banking databases containing customer account information, transaction records, cardholder data, wire transfer systems, and loan processing applications — the crown jewels of any financial institution.
Compliance Requirements
PCI DSS requirements including access controls (Requirement 7), logging and monitoring (Requirement 10), file integrity monitoring (Requirement 11), and documented security policies (Requirement 12).
What Existing Security Couldn't Do
Enterprise antivirus couldn't install on legacy systems. Existing DLP was too complex to deploy and maintain. Native Windows auditing generated unusable log volumes without the access control capabilities PCI auditors wanted to see.
Why Legacy Systems Made It Harder
Core banking software was certified for specific Windows versions. Upgrading would require expensive recertification, extensive testing, and carried significant operational risk. The business couldn't justify the cost or accept the risk.
Why FileSure
FileSure addressed every requirement they couldn't solve with other tools:
- Installs on all Windows versions — protected core banking systems regardless of OS version
- Application-level access controls — only authorized programs can access cardholder data files
- Complete audit trails — every file access logged with the detail PCI auditors require
- Data exfiltration prevention — block file copies to USB, webmail, and cloud storage
- Simple deployment — operational in weeks, not months
What sealed the deal: FileSure had been protecting Federal Reserve Banks for over a decade. If it was good enough for the Fed, it was good enough for a regional bank.
The Implementation
Assessment & Planning
Installed management server. Identified all systems containing cardholder data. Mapped authorized applications and user groups. Designed PCI-focused rule set with emphasis on access control and audit logging.
Pilot Deployment
Deployed to test environment mirroring production. Validated rules against core banking application workflows. Tested report generation for PCI compliance evidence. Refined data exfiltration rules.
Full Deployment
Rolled out to all production systems including legacy core banking infrastructure. Enabled USB blocking and webmail restrictions. Configured automated compliance reporting. Trained IT staff on alert response.
The Results
FileSure logs provided primary evidence of access controls and monitoring
Detected and stopped before any customer data left the organization
Core banking infrastructure secured without requiring OS upgrades
"Our next PCI audit went smoothly. FileSure's logs gave the auditors exactly what they needed."
— VP of Technology, Regional Bank
Compliance Requirements Addressed
See what FileSure can do for your organization
Start your free 21-day trial. 1 server, 10 workstations, fully functional. No credit card required.
Details in this case study have been anonymized to protect customer confidentiality.