Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Fortify 360 users gain PCI compliance assistance

Fortify : 25 June, 2008  (New Product)
Vulnerabilities for Payment Card Industry compliance identified by Fortify 360 enabling problem remediation for users
Fortify Software is making Payment Card Industry Data Security Standard (PCI DSS) 6.6 compliance easier for its customers with the addition of a project template that gives developers, auditors and managers a PCI-centric view into the security of their software systems. Beginning June 30, customers using Fortify's cornerstone software security solution, Fortify 360, will be able to immediately identify and remediate code level vulnerabilities that violate PCI DSS standards.

'Enterprises can reduce the costs of protecting customer and business data if they have processes in place that assure applications are as secure as possible' said John Pescatore, VP Distinguished Analyst at Gartner. "By focusing on strengthening applications at the basic code level, businesses can greatly reduce the chances of major security incidents while also demonstrating compliance to requirements such as PCI.'

Currently, Fortify 360 integrates the results from three analyzers into a central repository where they are separated into folders that correspond to their priority. Fortify 360 offers users the ability to test applications using source code analysis and dynamic security testing, as well as deploy real-time protection in the form of a software-based application firewall. Fortify is the only company to offer all three solutions. Used together, the analyzers correlate results, eliminate false positives, verify the exploitability of specific issues and prioritize related findings.

"We find that Fortify products greatly accelerate security analysis," said Rick Dakin, QSA and Cofounder of Coalfire, a leader in IT security, governance and regulatory compliance services. "We are very pleased with our decision to integrate Fortify products into our source code review and applications security audit processes."

On June 30, when section 6.6 of the PCI DSS becomes mandatory, all merchants will be required to implement source code analysis solutions or install a web application firewall. This is in response to the increase in attacks directed against applications. Coalfire, who has completed over 1,500 audits or assessments nationwide, has also seen this trend. "Our forensic analysis teams have identified application vulnerabilities as one of the leading causes for a data breach," said Dakin.

In response to the major milestone of section 6.6, Fortify's Security Research Group, working closely with Fortify customers, has created an environment for Fortify 360 that both draws attention to critical security flaws and specifically highlights issues that violate the PCI DSS. This new capability for Fortify products will be available to customers beginning June 30 via download from the Fortify Customer Portal.

"Our goal is to not only make PCI compliance an easier, more effective process, but to also provide our customers with the solutions they need to implement a proactive application security program through which they can achieve business software assurance," noted Barmak Meftah, Senior Vice President of Products and Services at Fortify.

Companies face a significant challenge with securing their applications and passing section 6.6 of the PCI DSS. With the right mix of technology and consulting services, they will be able to tackle these challenges effectively.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo