Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Comprehensive payment card protection systems from ArcSight.

ArcSight : 26 September, 2007  (New Product)
Payment card industry compliance, insider threat early warning capability, real time monitoring and strong authentication are some of the features offered by ArcSight's PCI Protection Suite for the protection of card payments and retail users brand integrity.
ArcSight has announced the ArcSight PCI Protection Suite, an integrated, solution that empowers merchants and processors to safeguard their organisations from cardholder or customer data breaches, insider threats and non-compliance risks across the breadth of PCI DSS requirements, thereby protecting their brand and customer trust.

The ArcSight PCI Protection solution comprehensively monitors compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) and is built on the award-winning ArcSight platform, which provides a foundation for compliance efforts across industry standards and government regulations. The ArcSight PCI Protection Suite is a comprehensive, scalable and cost-effective solution for protecting cardholder data and monitoring ongoing PCI compliance. Level one and two merchants across the retail, transportation, telecommunications, medical and financial markets have already selected the ArcSight PCI Protection Suite to secure their customers against the growing global threats to cardholder identity and data privacy.

The ArcSight PCI Protection Suite proactively protects cardholder data against breaches, insider threats and non-compliance risks across all 12 PCI requirements through:.

- Real-time monitoring and early-warning breach detection across all users, applications, databases and other PCI-impacted IT infrastructure.
- Automatic and continuous capture, storage and analysis of all events across distributed locations.
- Efficient compliance-posture validation and visibility.

Announced customers include AirTran Airways, a subsidiary of AirTran Holdings, one of America's largest low-fare airlines; BFS Retail and Commercial Operations, the world's largest chain of company-owned car care centres; OfficeMax, a leading provider of office equipment and services; and Princess Cruises, one of the most recognised
cruise lines in the world.

'AirTran Airways operates over 700 flights daily to over 55 destinations, and passengers primarily use major credit cards to purchase tickets,' said Michelle Stewart, manager of data security, AirTran Airways. 'Our customers place a high degree of trust in us to ensure that their credit card information is protected to the utmost level. We have been proactive with this objective and have selected ArcSight's PCI solution toolset to provide the most reliable protection available today.'

Data breach incidents have become more prevalent and sophisticated in the last few years, with more than 165 million breaches recorded since 2005 (source: Privacy Rights Clearinghouse). In 2006, the average cost per breach was $182 per customer record, including direct incremental costs and lost productivity, as well as negative impact to a corporate brand (source: Ponemon Institute).

'Ensuring customer trust and protecting customer privacy are mission critical to our business at Princess Cruises,' said Claude Gigoux, manager, networks and telecommunications, Princess Cruises. 'We chose ArcSight initially to help us with other business process and compliance issues. Now we are expanding our deployment to protect customer data on mainframe applications against both internal and external threats and to provide compliance in an automated way to SOX, PCI and other regulations'

Even though upcoming 30th September and 31st December penalty deadlines focus the spotlight on PCI, merchants are challenged to comply in time for a variety of reasons. The 12 PCI guidelines span not only point-of-sale (POS) systems that actually handle the credit card data directly, but the entire underlying infrastructure that interconnects a payment system. Customer and cardholder data can be strewn throughout a merchant's infrastructure, with brick-and-mortar retail outlets often the most vulnerable to risk (based on existing data breach cases) and where the biggest technical challenges of deployment exist. In many cases, merchants are saddled with an infrastructure that has reached its technical limits and cannot provide all the functionality mandated by PCI. Required audits and audit preparation cycles are expensive in both technology and labour to implement, support and test. PCI itself is a moving target, as requirements are expected to continue to evolve over time; and furthermore, being PCI compliant does not ensure an organisation against damaging cardholder breaches, which prominent retailers can attest to.

The ArcSight PCI Protection Suite helps merchants cost-effectively address these challenges, providing the following clear benefits:.

- Comprehensive automated monitoring across PCI-affected assets to reduce workload and to eliminate human error associated with manual monitoring.
- Centralised monitoring and distributed data collection at remote sites, with support for hundreds of devices and applications, including legacy systems, to provide organisations with overall visibility into their distributed cardholder infrastructure and networks.
- Continuous oversight of PCI controls and automated test procedures to meet fiduciary responsibility efficiently.
- Support for current and evolving compliance and governance initiatives for continued lifecycle value.

'With the 30th September and 31st December deadlines just around the corner, companies are actively working to address their data security deficiencies, but many of them simply cannot implement all the PCI requirements overnight,' said Robert Shaw, CEO, ArcSight. 'Over the last six months we've seen an increase in the number of customers looking for an automated PCI monitoring solution that provides continuous real-time protection against data breaches in out-of-PCI-compliance networks while also reducing costly and labor-intensive manual compliance efforts. ArcSight's PCI Protection Suite enables these customers to address PCI compliance throughout their distributed retail infrastructure with complete and ongoing visibility into their security and compliance posture.'

'The GAO recently reported that the average cost of a data breach is approximately $1.4 million; and most organisations, including BFS Retail and Commercial Operations are doing their best to avoid that extra cost,' said Robert Warner, executive director, retail information systems, BFS Retail and Commercial Operations. 'A lot of merchants today aren't PCI compliant, and they're taking a big risk. Our customers are the core of our business, and we do everything in our power to make sure they're satisfied and feel secure doing business with us. This is why we selected ArcSight for PCI compliance; we needed a vendor that would help ensure that our customers' data is secure.'

ArcSight's PCI Protection Suite builds upon the award-winning ArcSight product family and is designed to provide automated, real-time event capture, cost-effective long-term storage and sophisticated analytics across a merchant's card data-flow infrastructure.

The ArcSight PCI Protection Suite is designed for ease of deployment, flexibility and cost-effective lifecycle support of remote sites. ArcSight's unique support for highly distributed environments provides a secure foundation that is centrally managed but easily deployed across a massively dispersed network with large numbers of diverse IT elements and business applications. Merchants can install low-cost, plug-and-play collector appliances at branches or retail locations, or can implement remote collection capabilities in software. Administrators can centrally
control, manage and maintain configurations across 100s or 1,000s of remote sites. To support remote retail locations that are constrained by low-speed WAN connections, the ArcSight solution provides built-in bandwidth controls so that POS transactional data is not adversely affected by log collection traffic. The solution automatically reprioritises high severity events for early detection of breaches. Local caching at remote sites provides added protection in the event of extended connectivity loss between remote sites and data centres. The system encrypts logs before forwarding them to a centralised log repository.

ArcSight's PCI Protection Suite automates the collection and monitoring of events from more than 185 different devices and applications, including firewalls, IDSs, switches/routers, network appliances, web servers, databases, applications, application servers, mail servers, authentication servers, kiosks, POS systems and card scanners. The ArcSight solution can collect data for PCI events at rates ranging from 100s of events per second to 100s of 1,000s of events per second and can correlate events from 100s of 1,000s of sources.

Once enterprise wide event data is collected, pre-packaged analytics in the form of PCI-specific rules, dashboards and reports give merchants the 'big picture' view of the state of protection across PCI-impacted assets and the 12 PCI requirements. As a result, merchants, service providers and processors that store, process or transmit cardholder data are better equipped to run efficient and effective PCI compliance programs to truly protect their cardholder data.

ArcSight's PCI insider threat early-warning system watches users that interact with PCI-impacted assets to get an overall view of activity and to detect suspicious behaviour before an actual breach occurs. Should a violation or potential threat arise, ArcSight's response management system provides notification, quarantine and remediation options, enabling intelligent identification, prioritisation and response.

The ArcSight PCI Protection Suite also delivers strong configuration management capabilities for security and network devices including routers, switches, VPN devices, firewalls and wireless access points. Through a combination of automated device discovery, network topology visualisation, and configuration change detection, auditing and workflow, organisations can easily and cost effectively enforce configuration best practices.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo