|  |
Guardium Introduces Solutions for Identity Theft Protection
Guardium, Inc., provider of database security and compliance solutions, expanded its SQL Guard(TM) platform with the introduction of the SQL Guard PCI Accelerator(TM). This new, targeted solution is composed of an integrated set of software modules specifically designed to help organizations within the payment card industry to accelerate compliance of the newly adopted Payment Card Industry (PCI) Data Security standard, jointly developed by Visa and Mastercard, by safeguarding databases against network-based credit card information breaches and identity theft.
"The Payment Card Industry (PCI) standard incorporates sound and necessary security practices, such as continuous data access monitoring and control; assessments; and auditing," said John Shaughnessy, Senior Vice President of Visa. "PCI compliance is required of all merchants and service providers that store, process, or transmit cardholder data. The program applies to all payment channels including retail, mail/telephone order, and e-commerce. Technologies that automate key PCI requirements help simplify compliance and deliver best practices for credit card and identity theft prevention."
The SQL Guard PCI Accelerator module is delivered on Guardium's SQL Guard Platform, a non-intrusive database security platform. The PCI Accelerator module delivers specific solutions for key requirements outlined in the standard. These include security modules for planning/organizing, tracking/monitoring, ongoing assessment/validation, and monitoring policy violations. Core PCI Accelerator capabilities include:
* Cardholder Database Access Mapping: Automatically maps inventory of application to database access and lets users view the who, what, when, and how of database access. Additionally identifies generic and shared IDs.
* PCI Compliance Report Card: Continuously assesses key metrics for determining the level of database security health and generates a high-level, automated "report card" for instant feedback on security health.
* Comprehensive Database Monitoring and Auditing: Delivers continuous, real-time monitoring of all database access activities, as well as automated auditing with the ability to archive and retrieve extensive audit trails for forensic analysis.
* Automated Workflow Scheduling: Automates workflow accountability throughout the data access auditing cycle; identifies personnel, provides visibility to signoffs, real-time alerting/notification, and maps deliverables to owners.
* PCI Policy Violation Monitoring: Provides automated baselining of access policies and allows for intelligent database access control and enforcement.
"The surge of identity theft incidents specifically related to credit card data has driven the rapid development and adoption of the PCI Data Security Standard by the Payment Card community," said Ram Metser, CEO, Guardium. "We continue to work closely with our customers to deliver application specific solutions, such as our new PCI Accelerator, to help them more easily meet their critical data-centric security and compliance requirements."
The Federal Trade Commission has recently published a report that declares identity theft as the leading consumer complaint, accounting for 39% of all fraud complaints nationwide last year. In addition, a recent breach at a third party payment processor exposed personal information on 44 million Visa and Mastercard credit card holders.
About the PCI Standard
In response to the rising crescendo of identity theft attacks, Visa and MasterCard published the PCI Data Security Standard in January 2005, which required adoption by the end of June 2005 by all members, merchants, and service providers that store, process, or transmit cardholder data. The standard requires that companies establish and maintain adequate internal control structures and procedures for cardholder information reporting. Some key requirements of the PCI Standard are that companies provide strong data access control, ongoing monitoring/testing of components, and the maintenance of best practice information security policies.
As Forrester Research noted in a June, 2005 report, in order to safeguard their databases, organizations must "tighten up data security infrastructure and processes. For help, companies can turn to IT security specialists like Guardium...who can recommend database security best practices and manage implementation." 16.08.2005, Guardium, Inc.
Subscribe to the newsletter | | |
| | | |
