FFIEC News

TriGeo Joins PCI Security Vendor Alliance

(Jan 09,2008)-- TriGeo Network Security, the proactive network defense company, has joined the Payment Card Industry Security Vendor Alliance (PCI SVA), becoming the group’s first security information and event management (SIEM) provider to focus on mid-market compliance needs. TriGeo’s Platinum Level participation helps its deep financial and retail customer base navigate PCI compliance requirements, and extend those security practices to all confidential data in users’ value chains.

TriGeo’s membership helps Level II merchants, banks, credit unions and other organizations (those processing between one million and six million credit card transactions annually) quickly gain compliance to avoid fines for missing the December 31st compliance deadline. According to Visa, as of late October only 43 percent of Level II merchants had validated PCI compliance.

“The mid-market faces the same PCI compliance burdens as large enterprises, but has a fraction
of the staff and budget needed to identify, evaluate and implement a solution,” said Michelle Dickman,
president of TriGeo Network Security. “The PCI Security Vendor Alliance plays a crucial role in providing
education and information that IT managers need to quickly secure their systems, and best protect
customer data.”

The PCI SVA supports and develops solutions to meet the 12 requirements defined by the PCI Security Standards Council that safeguard sensitive credit card information. The criteria include security processes and detection and reaction measures to minimize the risk of fraud and data breaches.Failure to comply not only exposes critical systems and data, but subjects organizations to fines from credit card companies. Collectively, PCI SVA members deliver compliance solutions to thousands of customers.

According to a September report from VeriSign, “Lessons Learned: Top Reasons for PCI Audit Failure and How To Avoid Them,” a majority of audited companies failed nine requirements. TriGeo specifically addresses three of the most problematic:
• Requirement 10: Track and monitor all access to network resources and cardholder data (failed in
71 percent of assessments)
• Requirement 11: Regularly test security systems and processes (failed in 74 percent of
assessments)
• Requirement 12: Maintain a policy that addresses information security (failed in 60 percent of
assessments)

With the industry’s only real-time SIEM solution, TriGeo streamlines PCI compliance of these
requirements through hundreds of pre-built rules and reports for data and network protection, and the
ability to easily create new rules and reports on the fly. Its appliance documents all machine, user and
network activity, along with proactive responses such quarantining, blocking, routing and controlling
services, processes, accounts and privileges.

“PCI requirements are the ‘how to’ guide for data security – and should be implemented for much
more than credit card data,” said David Taylor, president of the PCI Security Vendor Alliance. “With an
innovative out-of-the-box solution, TriGeo is uniquely positioned to solve many PCI needs and implement
security best practices across networks.”

Share or bookmarklet this web page at: