Reducing the Scope of your PCI Audit: Innovative Network Segmentation Using Host Intrusion Defense
Ottawa, ON and Reston, VA (PRWEB) January 29, 2008
Third Brigade (http://www.thirdbrigade.com)], a security software company specializing in host intrusion detection and prevention systems (IDS/IPS), today announced that it has joined the PCI Security Standards Council as a new participating organization. As a Participating Organization, Third Brigade will work with the Council to evolve the PCI Data Security Standard (DSS) and other payment card data protection standards. This participation reinforces Third Brigade’s efforts to help organizations reduce the overall cost of adopting payment card security standards and guidelines impacting their businesses.
The PCI DSS, endorsed by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc., requires merchants and service providers that store, process or transmit customer payment card data to adhere to information security controls and processes that ensure data integrity. More information on the council and the standard can be found at http://www.pcisecuritystandards.org.
Research conducted on behalf of Third Brigade by ReymannGroup looked at more than 13 rules, guidelines and regulations, including PCI, to identify 15 common security compliance threads. Understanding these common compliance threads enables organizations to adopt a more proactive and cost-effective compliance initiative -- continuously managing information security and technology risk. A ReymannGroup white paper is available on the Third Brigade website outlining several of the key information security and IT risk management laws, regulations, and best practice guidelines across multiple industries.
As a Participating Organization, Third Brigade will now have access to the latest payment card security standards from the Council, be able to provide feedback on the standards and become part of a growing community that now includes more than 400 organizations. In an era of increasingly sophisticated attacks on systems, adhering to the PCI DSS represents an entity’s best protection against data criminals. By joining as a Participating Organization, Third Brigade, is adding its voice to the process.
“The PCI Security Standards Council is committed to helping everyone involved in the payment chain protect consumer payment data,” said Bob Russo, General Manager of the PCI Security Standards Council. “By participating in the standards setting process, Third Brigade demonstrates they are playing an active part in this important end goal.”
“The PCI DSS has helped raise the bar of security faster and higher than many other initiatives,” said Wael Mohamed, president and CEO, Third Brigade. “Selecting and adopting technologies -- like host intrusion defense -- that can address a broad range of these common security mandates helps organizations meet the increasing pressure to ensure compliance while reducing costs.”
Third Brigade Deep Security is an advanced, host-based intrusion defense system that brings proven network security approaches -- including firewall, intrusion detection and prevention, and application firewall capabilities -- down to individual computers and devices. Deep Security can accelerate and simplify a PCI audit and help achieve PCI compliance by:
- Enabling firewall network segmentation to reduce the scope of the PCI audit.
- “Virtual Patching” as a compensating control to comply with requirements for vendor security patches to be applied within one month of release.
- Detecting and preventing attacks that target cardholder data, and alerting staff the moment an attack has been attempted.
- Providing application firewall capabilities to complement secure coding initiatives and to protect web applications from attacks like SQL injection and cross-site scripting (XSS).
- Ensuring standard security configurations are consistently and automatically applied to all appropriate systems, thus reducing the risk of an attack.
- Providing detailed log information on who attacked, when they attacked and what they attempted to exploit, and by providing an auditable report of the security posture of a system.
More information, including a white paper titled “Reducing the Scope of your PCI Audit: Innovative Network Segmentation Using Host Intrusion Defense,” is available at http://www.thirdbrigade.com.
About PCI Security Standards Council:
The mission of the PCI Security Standards Council is to enhance payment account security by fostering broad adoption of PCI security standards. For more information, please visit http://www.pcisecuritystandards.org.
About Third Brigade:
Third Brigade (http://www.thirdbrigade.com) specializes in providing host intrusion defense systems to organizations that need to detect and prevent attacks that exploit vulnerabilities in mission critical systems. Third Brigade Deep Security allows businesses to apply comprehensive security profiles to hosts that protect against known and zero-day attacks using deep packet inspection. It helps ensure compliance and the 24-7 availability of critical systems, provides a virtual patch for software vulnerabilities, and allows organizations to deliver Internet-based services with greater security and confidence. Unlike other host intrusion detection and prevention systems, Third Brigade Deep Security provides broader, faster and simpler protection. Third Brigade. That’s control.
(T) 613-599-4505 x2238
PCI Security Standards Council
Glenn R. Boyet
Note: “Third Brigade”, “Deep Security Solutions”, and the Third Brigade logo are trademarks of Third Brigade, Inc. and may be registered in certain jurisdictions. All other company and product names are trademarks or registered trademarks of their respective owners.