McLean, Virginia (PRWEB) September 01, 2011
ControlCase, a leading supplier of IT Governance, Risk and Compliance (GRC) software solutions and managed compliance services, announced that it has enhanced ControlCase Data Discovery (CDD) to include regular expression search of any type of data and false positive management. Users will now have the ability to define their own regular expressions to scan for, further delivering the benefit of lower compliance costs by reducing the organizational effort required to maintain PCI compliance.
Through the deployment of CDD, clients can quickly and accurately identify where they have unprotected cardholder data within their environment, enabling them to proactively mitigate risk. With the addition of regular expression search, users now have access to a distributed and agentless centralized search platform which can be used to look for information that may be specific to an enterprise such as bank account numbers, expiration dates, social security numbers and phone numbers.
Ashwani Kaul, President at ControlCase Technologies, said: “One of the most important aspects of providing a successful PCI compliance solution is to listen to customer and industry feedback. As the PCI data standard evolves, then so should solutions which have been developed to meet this mandatory requirement. At ControlCase, we are committed to providing a quality, accurate service, which enables our clients to concentrate on their core business rather than spending time chasing, for example, false positives; a common problem with software-based vulnerability scanners.”
CDD finds unencrypted data in any type of file across the whole network from one central location. This includes databases, PDF and other standard file formats. Specifically, the software will search the network and find unique PANs (primary account numbers), TRACK1 and TRACK2 (magnetic strip data on payment cards which enables cybercriminals to clone cards), CVV (card verification value) and PINs (personal identification numbers). Once data and associated IT assets have been identified, the compliance team works with the client to determine if appropriate controls have been implemented.
Data discovery scanning can be performed as a one-time project or can be scheduled to occur on a regular basis. The service can be run remotely or locally and its scalability makes it easy for both small and large businesses to identify and monitor for rogue data. ControlCase has developed two versions of the software; desktop and enterprise. Key features of the enterprise version include:
a. No file type constraints, CDD searches the entire hard disk for credit and debit card data;
b. Finds credit card data in network shares;
c. Searches the entire network and active directory for credit card data from one location;
d. Finds credit card data in most popular commercial and open source databases; and
e. Extremely fast and uses very few network or CPU resources.
Ashwani Kaul concluded: “If a merchant is not PCI DSS compliant they are putting their brand and reputation in jeopardy and are risking fines and penalties. Our data discovery tool assists businesses to identify where unprotected legacy cardholder data resides, and through regular monitoring, provides them with assurance that they are not exposed to unnecessary risk. At ControlCase we are constantly looking to improve our offering and the input of our customers is invaluable. This is why we have introduced these latest enhancements.”