Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Fortify products for retail PCI compliance.

Fortify : 28 June, 2007  (New Product)
Retails can now address crucial payment card industry compliance issues with the use of Fortify's SCA and Defender products.
Fortify Software has announced its PCI solution, a bundle of Fortify's award-winning application security products designed to help retailers meet requirements within the Payment Card Industry Data Security Standard (PCI DSS) 1.1. Fortify products help with a number of PCI requirements, most notably section six, which states that all retailers must 'develop and maintain secure systems and applications.'

While a June 30 deadline for UK online merchants has recently been softened, the major credit card brands are still demanding that merchants put strategies mitigating risk in place in order to protect their most sensitive data. Fortify's PCI Solution provides one of the industry's most powerful solutions for retailers to secure their most sensitive data quickly, as well as maintain compliance going forward.

Fortify Software, which has more application security experience related to PCI compliance than any other vendor in the industry, also announced that it has joined the PCI Security Standards Council, the global forum for the ongoing development and implementation of the Data Security Standards.

'For an industry that depends on Web-based applications for much of its business, requirement six of the PCI DSS 1.1 is one of the most difficult for retailers to achieve given that the vast majority of software was never developed with security in mind,' stated John M. Jack, Fortify's President and CEO. 'Fortify's approach to application security gives retailers the means to secure their applications to achieve compliance now, while ensuring their new Web 2.0 applications are developed securely.'

By the end of June, all UK organisations that store, process or transmit credit card payments are required to put in place strategies to ensure they are protecting their most sensitive data. Companies that do not comply may be subject to increased processing fees, be barred from processing credit card transactions and be fined up to £250,000 for each instance of non-compliance in the event of a serious security breach. For retailers, this is an important mandate that requires significant efforts, as well as a longer term strategy towards reaching full compliance.

Fortify Software's PCI Solution, which consists of Fortify SCA, a source code analysis tool that eliminates vulnerabilities in an application's code base; Fortify Defender, an application-layer firewall; and Fortify's Professional Services, offers an immediate solution to secure sensitive data now, as well as a longer-term strategy to ensure new applications are developed securely. This bundle of award-winning software and services enables retailers to:

Secure Applications Now - Fortify Defender is a contextual Web-application firewall that protects and monitors Web applications from the inside. This unique 'internal firewall' approach offers critical insight into attacks as well as an unparalleled level of security. Fortify Defender addresses PCI standards for an application-layer firewall. Section 6.6 of the PCI Data Security Standards currently recommends as a best practice the use of an application-layer firewall or a professional code review. All merchants and service providers that store, process or transmit cardholder data must comply with these standards when it becomes a requirement next year. Fortify Defender offers the most effective, accurate and easy-to-use solution for fulfilling this PCI standard. Fortify Defender not only addresses PCI Data Security Standards but also key software security compliance requirements, including OWASP Top Ten and HIPAA.

Secure Applications Before They're Deployed - Fortify SCA is the world's most proven and widely used source code security analysis solution. Its advanced features enable security professionals to review more code and prioritize issues in less time, while helping development teams identify and fix issues early and with less effort. Fortify SCA supports a wide variety of languages, frameworks and operating systems and delivers depth and accuracy in its results. It can be tuned to be comprehensive when completeness is needed or extremely targeted for day-to-day use in development. It makes triage, full-scale audits and remediation fast and effective.

'In requirement six, the PCI standards mandate measures for ensuring appropriate security at the application level,' stated Diana Kelly, a vice president and service director for the Burton Group. 'Application and software security tools, such as source code analysis and application layer firewalls, can help companies achieve these goals.'

Fortify Software has more experience with PCI-compliant application security than any vendor in the industry. Already, the company has secured the applications for:.

- Two of the most visited Websites in the world.
- Major online media companies.
- One of the largest online computer resellers.
- A major global car rental company.
- Multiple Tier-1 online retailers.

Fortify's inclusion in the PCI Security Standards Council is a reflection of its deep involvement with the PCI DSS. Fortify is also a member of the ICSA Labs Web Application Firewall Product Developer's Consortium, which has helped develop certification criteria for Web application firewalls.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo