Elemental Security, Inc., an award-winning pioneer of new technology in enterprise information security, today introduced a new comprehensive policy framework to help customers measurably improve their compliance with the new Payment Card Industry (PCI) Data Security Standard.
Elemental’s new policy framework enables enterprises to adhere to PCI best practice security standards for network access control, host security configuration management, and systems and software inventory. It delivers the visibility necessary to continuously monitor systems that contain cardholder information and computers that have access to these critical machines. Elemental’s unique integration of host configuration, inventory management, and network access policies into a unified policy management solution enables organizations to enforce policies that apply access controls to assure non-compliant or unauthorized machines are not granted access to critical systems and applications. Ongoing monitoring of the PCI policies provides continuously updated compliance metrics that support security practices improvement and enhance audit activities.
“Protecting financial account and transaction information is critical at Marshall BankFirst, especially concerning the dynamic Stored Value solutions we offer to our customers,” said Tyler Brenden, Director of IT Infrastructure at Marshall BankFirst. “A product such as the one provided by Elemental, especially with its continuous visibility into systems containing customer financial information and their compliance against PCI policy baselines, is an interesting solution for implementing security processes to assure that PCI policy goals are being addressed. With a solution such as this, we see how the security posture of individual machines, as well as the overall network, can be continuously monitored, which would allow us to address any factors leading to non-compliance before they turn into incidents affecting our customers.”
“Protecting customer data is always a more cost effective strategy than reacting to loss or exposure of sensitive information,” said John Pescatore, Gartner VP and Distinguished Analyst. “PCI compliance is a starting point but businesses that are serious about protecting customer data (and avoiding the costs of incidents) should not stop at the minimum level mandated by the PCI. By having more detailed audits more often, and performing continuous vulnerability scans to monitor security controls and key internal servers, enterprises would detect deficiencies (in controls and processes) more quickly and be prepared for fixes that would prevent attacks.”
The rising incidence of stolen credit card data is a major concern for the payment card industry (PCI). In a collaborative effort to ensure the protection of customers’ personal information and the integrity of the payment system, major credit card companies established security requirements for companies that use cardholder data. Beginning June 30, 2005, credit card companies began mandating that their customers meet the new security standards, or be subject to fines, restrictions or permanent expulsion from card acceptance programs.
Addressing industry needs and customer response, Elemental’s new policy provides a framework for deploying and enforcing policies to computing resources that store and process private financial information. Elemental helps enterprises comply with the PCI policy with host-level security, protecting data where it resides, and with policy-based access controls that adapt to changes in the compliance or security posture of machines on the network. Continuous visibility into systems allows for enforcement of policies and access controls, as well as audit reporting of status at any time. Elemental also protects against unauthorized use of removable and writeable media, such as USB flash memory sticks and CD/DVD, as well unauthorized printing of secured documents, further protecting customers’ personal and transaction data.
“With a PCI policy framework assuring rigorous protections affecting host-level security, authorized transfer of private information across the network, and protection from removable media, Elemental has developed one of the most comprehensive policy frameworks helping customers meet the PCI requirements of the major credit card companies,” said Elemental CEO Peter Watkins. “Customers recognize the power and flexibility of the Elemental Compliance System, and have come to us requesting a PCI policy set to protect their customers’ sensitive data. We are pleased to deliver to help meet their needs.”
Elemental’s award-winning product is the world’s first solution that unifies policy management, host configuration and network access control in one seamlessly integrated offering. For the first time, enterprises can easily express cross-platform security policies that affect individual computers and their behavior on the network, gather meaningful up-to-date information to compare to established metrics, and selectively enforce policies across a diverse, dynamic environment. Security compliance has become a top priority for enterprises due to the pressures from increasing frequency and severity of security breaches, and from regulations such as Sarbanes-Oxley (SOX), the PCI Data Security Standard, and the Health Insurance Portability and Accountability Act (HIPAA).
Sold directly and through leading channel partners, Elemental’s new PCI policy will be available early next quarter. Contact the company at elementalsecurity.com for more, including sales and pricing information.
The Elemental Compliance System
The award-winning Elemental Compliance System is an enterprise security software solution that enables organizations to express, monitor, and enforce security policies for any computer connecting to the network. It is a client-server security system that provides broad visibility into all hosts in the enterprise and the means to control or contain them through auto-deployed security policies. The system consists of the Elemental server and Elemental agents running on workstations and server hosts throughout a network. Elemental’s architecture is unique in its ability to detect, monitor and control hosts with or without Elemental agents running on them.