McAfee Launches Easy PCI Plan to Help Companies Achieve Compliance Ahead of Looming Deadlines  
  SEARCH: Sign In | Register | Contact Us | Site Map | Home  

FFIEC News

McAfee Launches Easy PCI Plan to Help Companies Achieve Compliance Ahead of Looming Deadlines

McAfee, announced the Easy PCI Plan, designed to help companies achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS) in advance of government deadlines and the season's biggest online shopping day -- Black Friday. The New McAfee Easy PCI Plan specifies a powerful "triple play" of integrated protection and compliance solutions, along with certified PCI consulting and audit services provided by Foundstone Professional Services. The unique "triple play" offering includes products such as McAfee Total Protection, McAfee Foundstone and McAfee IntruShield. All three solutions map directly to PCI standard requirements, thereby helping companies pass critical PCI audits and achieve sustainable compliance. McAfee Foundstone Professional Services is a PCI-certified Qualified Security Assessor.

According to Gartner Group, PCI compliance standards are the result of high profile data breaches that cost companies an average of $300 per credit card account. The standards have been in place for years, with companies falling into one of four categories based on the number of transactions they process. As of September 30, Level 2 merchants must comply with twelve categories, covering requirements from process to policy to technology.

McAfee Easy PCI Plan Eases the Burden of PCI Compliance

At the heart of the McAfee Easy PCI Plan is a powerful "triple play" of integrated Security Risk Management (SRM) solutions that directly map to well over half of the twelve distinct requirements of the latest PCI DSS standard (v1.1). When combined with certified McAfee consulting and audit services, the Easy PCI plan provides a practical and prescriptive approach for addressing the primary PCI pain points facing Level 1, Level 2 and Level 3 merchants. These pain points include: 1) passing the PCI audit and meeting the September 30 deadline, 2) selecting and deploying a layered security model that sustains compliance, 3) proactively protecting sensitive credit card data -- including the systems that store it -- with "good industry practices" for protection and prevention.

The "triple play" combination of McAfee IntruShield, McAfee Foundstone and McAfee Total Protection can help companies meet a total of six of the twelve PCI DSS requirements, including:

-- Requirement 2: Covering system passwords and other security parameters
-- Requirement 5: Covering the use of anti-virus software or programs
-- Requirement 6: Covering secure systems and applications
-- Requirement 8: Covering use of unique IDs for persons with computer access
-- Requirement 10: Covering access to network resources and cardholder data
-- Requirement 11: Covering regularly testing of security systems and processes

Its dedicated security focus and best-of-breed / best-of-suite solutions for network security, system security and risk and compliance allows McAfee to provide full and/or partial coverage for a large set of the PCI Requirements. And, McAfee's comprehensive security risk management strategy provides deep integration, unified management and centralized reporting across security solutions. Combined with Foundstone professional services, this allows companies to easily and efficiently plan and deploy required protection and countermeasures for achieving and maintaining PCI compliance.

When deployed as part of a practical strategy, the McAfee Easy PCI Plan "triple play" solutions and audit services deliver a host of value-added security and compliance benefits:

McAfee IntruShield -- provides proactive network intrusion prevention that monitors networks in real-time to prevent attacks and intrusions on unmanaged or vulnerable systems. For example, IntruShield can protect
un-patched Point of Sale (PoS) terminals or prevent malicious attempts to steal sensitive PCI data. As well, built-in features like integrated Network Access Control (NAC), anti-spoofing, internal firewall and
encrypted threat protection can go a long way to establishing industry best practices.

McAfee Foundstone -- provides a network-based vulnerability management appliance that can run regular vulnerability scans on systems and other critical assets, while helping to keep system patch levels up to date.
Integration with IntruShield will allow highly vulnerable systems or hosts to be prioritized as high risk so that remediation can be triggered.

McAfee Total Protection Enterprise -- provides agent-based software that delivers critical protection, including anti-virus, anti-spyware, personal firewall, host intrusion prevention (HIPS), and NAC. In addition, McAfee
Host Data Loss Prevention (DLP) can be a critical element of establishing "good industry practices" for preventing the loss of sensitive credit card data.

Foundstone Professional Services -- performs business consulting including health checks and program development. The group also performs technology consulting including software application security and network assessments. Foundstone Professional Services recently received the Qualified Scan Vendor (QSV) and Qualified Security Assessor (QSA) certifications for PCI DSS.



Share or bookmarklet this web page at:



Google
Privacy Policy | Terms & Conditions | Support | Directory Links | Contact Us | Site Map | Home
Copyright © 2007-2008 ComplianceHome.com. A SUPREMUS GROUP venture. All rights reserved.