Skybox Security Announces Availability of 4.5 Release for Enhanced PCI Compliance

Easier, More Cost-Effective Path to Maintain Compliance and Reduce the Risk of Data Breaches

San Jose, CA (Vocus) September 10, 2009

Skybox Security, the leader in automated security risk and compliance management, today announced availability of Skybox View release 4.5. This next-generation release of the platform provides unprecedented features that enable enterprises to not only come into compliance with the Payment Card Industry Data Security Standard (PCI DSS) requirements, but to remain continuously compliant. With additional functionality related to authentication and user management, as well as added support for third party products, the 4.5 release helps enterprises visualize and eliminate security issues before they can be exploited.

The PCI DSS standard, endorsed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., was created to help prevent credit card fraud through increased controls around credit card data that is processed, stored or transmitted by organizations. Skybox solutions help organizations ensure compliance through automation, analytics, modeling, and what-if prediction. Enhancing its existing support for PCI v1.2 Requirements 1, 6, 11, and 12, Skybox View version 4.5 adds support for PCI DSS v1.2 Requirement 1 - Access Policy and Reporting, as well as for Requirement 6.1 - Reporting. In addition, the Skybox Firewall Compliance Auditor includes optimization features that allow the organization to keep the firewall configuration tight and under control, so the organization can stay in compliance.

"The world is learning quickly that PCI compliance is not enough," explained Gidi Cohen, CEO of Skybox Security. "Recent data breaches show that companies need more than periodic audits: they need full visibility into risks and vulnerabilities, and the capability to fix them fast. Skybox helps customers go beyond occasional PCI compliance, ensuring that they can inspect their IT environment as often as needed to find and resolve critical IT risks --- keeping valuable data safe at all times."

Customer Experience
"We have been using Skybox Firewall Compliance Auditor 4.5 for several months now and have been impressed with the product's unique ability to help us maintain security and avoid threats to our environment, which is a key part of our PCI compliance initiative," stated Roger Jones, Voice and Data Manager at Ventura, a leading provider of customer management outsourcing services. "We use the product on a daily basis to ensure that we achieve 100% compliance across the entire business as changes are made."

The preparation and audit work to ensure compliance with PCI DSS can often require a significant amount of time and resources. When coupled with today's complex IT environment and the rapid rate of change, it can be extremely difficult to determine if the right controls are in place.

Skybox produces a report of all the PCI DSS Requirement 1 guidelines around routers and firewalls configurations, with pass/fail indications for each sub-section, and a link to the details of the violation. For any violation, the product lets you know immediately what steps you should take to solve the problem.

Additional Features of Release 4.5
The 4.5 release also includes enhancements related to user authentication, support for shadowed firewall rules analysis, and extended third-party product support. For user authentication, Skybox now supports authentication against LDAP and Active Directory 2003. Firewall compliance is enhanced through support for shadowed rules analysis in addition to rule usage analysis; reports identify shadowed and redundant rules found in the firewall, and for each shadowed rule, the source-destination-service can be compared to the shadowing rules. Check Point VPN-1 support has been extended to enable retrieval of routing rules via CPMI for version R65 and higher; Nessus V3 XML is now supported.

The Skybox Security portfolio includes:

•     Skybox Firewall Compliance Auditor     (PCI Compliance, Change Assurance, Configuration Optimization)
•     Skybox Network Compliance Auditor (Network Modeling, Connectivity Troubleshooting)
•     Skybox Risk Exposure Analyzer (Attack Modeling, Risk Assessment, Vulnerability Prioritization, Patch Optimization)
•     Skybox Threat Alert Manager (Threat Correlation, Threat Life Cycle Workflow)                                                    
•     Skybox Security Profile Advisor (Vulnerability and Patch Management Dashboard)

About Skybox Security, Inc.
Skybox Security, Inc. is the leader in automated security risk and compliance management solutions, helping IT organizations pinpoint and prioritize security risks, compliance, and availability exposures within minutes. Our solutions automatically collect and analyze comprehensive data about network topology and systems, configuration settings, threats and vulnerabilities - anticipating the most urgent IT concerns before harm has been done. Medium to large organizations in Financial Services, Telecommunications, Retail, Government, Utilities, and Defense rely on Skybox Security solutions to reduce risk exposure and achieve compliance. For more information visit http://www.skyboxsecurity.com.

###