With automatic configuration to meet all PCI network requirements, Lavawall™ secures your systems for PCI compliance as soon as you plug it in.
If you need help or want to use the additional features, just press the Help button (yes, there's even a help button) to get an email with quick fixes and access to the simple and secure web console. Your IT department, Managed Service Provider, or IT company can also receive automatic notifications to provide hands-on support.
Like most companies, you don't you have time to set up all of the PCI requirements. Good news! Lavawall™ does it automatically! Some of the automatic features include:
In short, it's instant cyber security and PCI compliance that you can plug in and forget about.
If your business relies on cloud services and can't handle an Internet outage, just plug in a cellular USB modem into the Lavawall ™ and it will automatically use cell service if your main Internet connection goes down.*
*Requires additional purchase of cellular modem or hardware upgrade in addition to data plan or add-on from LavaWall™. Not available for all models.
Every merchant that accepts credit cards needs to comply with up to 331 cybersecurity requirements. If your credit card terminal or CRM are connected to your network, every machine must be compliant.
Consumer firewalls and routers aren't PCI-compliant and don't meet modern security needs. The Lavawall™ limits the PCI requirements to your terminal and includes required PCI documentation, monitoring, and updates to meet all of your internal PCI requirements.
|Hardware:||C$130 to C$250|
|PCI SAQ C & D requirements|
|AC Pro Upgrade:||C$15/mo.|
|Additional PCI requirements|
|CC Number Scan:||C$8.75/machine/mo.|
|Package includes unlimited PCI phone consultation, online PCI SAQ form, ASV External vulnerability scan (for 1 IP), compliance reporting, credit card scanning for Windows (Linux and Mac are an extra $10/mo), PCI training (1 user), and up to US$100,000 breach protection reimbursement.|
The Pro AC line adds gigabit ethernet with 2.4Ghz and 5Ghz 802.11ac scanning. Organizations that use cloud-based Point of Sale terminals or require PCI SAQ C or SAQ D compliance typically prefer this option. In addition to the Lavawall™ V3 features, the Lavawall™ Pro 3AC includes:
3 Gigabit Ports: Many merchants have 2 cash registers connected to cloud-based systems. If you need additional speed or want to avoid setting up a switch, the Pro 3AC has you covered. The 3AC is also ideal for dentist offices and sites that need streaming video over 100Gb. The 10/100/1000 network supports the fastest high-speed Internet available in most areas.
802.11ac scanning: The Lavawall™ Pro AC includes 5Ghz and 2.4Ghz wireless scanning to detect unauthorized wireless access points as required by PCI SAQ C and SAQ D. Like all Lavawall™ models, the Pro 3AC also scans the wired network for new network devices, network vulnerabilities, and unauthorized wireless devices using 2.4Ghz radios like 802.11b, g, and n.
Version 3 of the Lavawall™ places the same trusted technology in a tiny 5.8cm square package. It includes:
Credit card mode: restricts network traffic between your credit card processor and your credit card terminal or POS for PCI compliance.
Server mode: automatically restricts server connections to authorized workstations and cloud providers. It also prevents unusual data downloads and proactively sends approval requests to easily add new workstations.*
Help Button: sends diagnostic information to ThreeShield, triggers a help email to you with easy links for frequent requests, and a tech support call.*
4G cell backup: with an optional cell modem and SIM card, you can keep working through an Internet outage.*
Network monitoring: optionally get notified when a new machine gets plugged into your secured or external network.**
Anomaly detection: changes in network traffic patterns could indicate a breach or an employee stealing data. We'll actively let you know.**
Ransomware, worm, and hacking detection: if something on your network is checking for vulnerabilities to infect or hack, the Lavawall&trade v3 will detect it and let you know.**
LavaScanner™ Support: provides segmentation testing to make sure that your secure (or credit card data environment) network can't be reached from the rest of your network as required by PCI SAQ A-EP, B-IP, C, C-VT, and D requirement 11.3.4b.
If you already have two or more Lavawall™ devices on the same network, they will automatically recognize eachother and record these test results in your Lavawall™ console. If you only need one full Lavawall™ we can provide an additional device for $10/month to perform this function for you.
Vulnerability Scanning: scans all devices on your secured network for missing patches, open unsecured ports, and other vulnerabilities. If you have two or more Lavawall™ or LavaScanner™ devices, you can request optional vulnerability scans of your unsecured network as well.
ASV Scans: provides external addresses to our integrated ASV scanning system.
Automatic updates: don't worry about missing security updates.
Automatic configuration changes: when encryption standards evolve, we automatically update the Lavawall™ v3 to meet them.
Automatic documentation: Lavawall™ comes with PCI-compliant policies and procedures. It also generates and updates network documentation.
Two-plug design: For v3, we've done away with the admin port and provide a foolproof solution with only 2 ports: one for the secured device(s) and one for the rest of your network.*
Multifactor authentication: Reports and changes use more than just a vulnerable password to keep your systems safe and comply with PCI and other regulations.*
Easy Power: The Lavawall™ v3 went away with the bulky power adapter from v1 and v2. This device now uses 5V/1A USB power (note: cellular support requires 2A) consuming less than 2W!*
Silent: The Lavawall™ v3 continues our tradition of silent, fanless hardware that you won't even notice while it quietly does its job.
Learn what makes the ThreeShield PCI firewall special and why small businesses and large enterprises use it to save time and money while ensuring PCI compliance.
Calgary Foothills Primary Care Network (CFPCN)
Public health network of over 450 member physicians, 250 administrative staff, and 5 directly-managed health clinics
Payment Card Industry (PCI) Compliance to accept credit cards
Lavawall™ devices and managed security service for SAQ B-IP Compliance
Lavawall™ devices were “painless, easy, and unnoticeable”
CFPCN has an efficient IT department that manages its modern, enterprise-grade networking equipment. After a proactive cybersecurity and compliance review showed that credit card machines were on networks that didn't fully meet PCI requirements, CFPCN had three options:
Configure every device on its network to meet compliance requirements.
Configure and regularly update the modern enterprise-grade network equipment to meet credit card compliance requirements and isolate the credit card machines.
Plug in Lavawall™ devices to isolate credit card machines and instantly meet the PCI network compliance requirements without worrying about future update and configuration requirements.
After a comprehensive cost-benefit analysis, CFPCN found that the instant compliance, built-in monitoring, upgrades, and configuration of Lavawall™ devices for its 5 clinics would be more cost-effective than paying internal resources to implement a laundry list of required changes followed by required maintenance.
CFPCN's IT staff plugged in the well-labelled devices during routine clinic visits while the clinics continued to operate as usual. This solution works equally well for large primary care networks with IT staff as it does for small clinics.
Single-location escape room startup with no employees other than the founder (at the time)
Payment Card Industry (PCI) Compliance to accept credit cards
Lavawall™ compliance package for SAQ B-IP Compliance
Lavawall™ devices are “like Magic in a box!”
EscapeOps is a custom-built immersive escape room with one location in Calgary. Like all merchants with a credit card terminal, Escape Ops agreed to comply with PCI requirements when they opened their merchant account. While still under construction, EscapeOps’ founder contacted ThreeShield Information Security Corporation for support completing the PCI Self-Assessment Questionnaire (SAQ) that their new payment processing company requested as part of their PCI compliance requirements.
When we arrived, EscapeOps was like most other small businesses: there weren’t any PCI policies or procedures, and the computer network consisted of a laptop and its Internet Service Provider’s (ISP) integrated high-speed modem and wireless access point. The founder also provided an old router from home that we had hoped to use to isolate the credit card machine so EscapeOps didn’t have to configure all of their computers to comply with credit card rules. This would also allow us to significantly limit the number of PCI compliance requirements down to what is known as SAQ B-IP. Unfortunately, we found a backdoor in the Internet Service Provider’s router and neither the ISP’s wireless router or the router that the founder provided could meet PCI encryption, multi-factor login, monitoring, or other requirements that most home users don’t need.
Our goal was to minimize EscapeOps’ PCI burden and provide a comprehensive solution that wouldn’t require any further thought for Escape Ops so they could focus on their incredible escape room. ThreeShield integrated custom software and configurations into a low-cost router. This fulfilled all of the internal PCI network compliance requirements. This was the birth of ThreeShield’s Lavawall™ version 1. We also developed custom policies, procedures, network documentation, and testing documentation packaged with training, external vulnerability assessments, and updates to provide a comprehensive — and repeatable — solution for PCI SAQ B-IP compliance. This meant that instead of having 331 PCI requirements that applied to every computer and network device, Escape Ops only had 88 and they were all instantly met.
The Lavawall™ and PCI compliance package ended up saving so much time that we were able to cut our PCI SAQ consulting fee in half for Escape Ops. By chance, we had also developed an amazing tool to provide enterprise-grade security to small businesses that need to isolate and secure sensitive systems like a credit card terminal.
EscapeOps’ founder’s description of the service as being “magic in a box” cemented our desire to spread Lavawall™ to other companies. Small businesses shouldn’t have to bother with complicated security configurations that most IT consultants without significant security experience don’t even understand. They should be able to put a magic box behind systems they care about and know that it works while ThreeShield’s Certified Information Systems Security Professionals™ and certified PCI Professionals™ take care of the configurations, updates, and monitoring behind the scenes.
As the Chief Compliance Officer of a payments entity, I have relied on ThreeShield Information Security to provide risk-based solutions that have satisfied regulators and business partners alike. While our Money Services Business is unique in that it supports commerce within virtual worlds and video game environments, the security standards that we have to meet are the same as they would be for any regulated financial institution.
ThreeShield has employed a dynamic, risk-based approach to information security that is specific to our business needs but also provides comfort to our external stakeholders.
I recommend their services.
-Scott Butler, CCO of Tilia Inc.