FFIEC News

mValent Adds Support to Automate PCI Compliance

(July 30, 2008)-- mValent, provider of application configuration management solutions, announced today the availability of its PCI Compliance Automation Module, an extension of its award-winning mValent Integrity™ application configuration management software designed specifically to help IT teams comply with the Payment Card Industry’s (PCI) Data Security Standard without adding to the tasks involved in meeting the requirements of this standard.

Identity theft and the tools to prevent it are among the hottest topics for companies which accept credit card transactions online. For the IT teams at these companies, that means insuring that cardholder data is secured at all times, both to protect their customers and to safeguard against damage to their own brand equity and public reputations. Many independent industry pundits have reported that damage to a company’s brand and reputation is the number one business driver that compelled those companies to act on PCI Compliance.

mValent’s new PCI Compliance Automation Module allows IT teams to preempt breaches by insuring that all systems where cardholder data are stored are configured according to precise company security standards for system access, service permissions, password strength and other key variables. mValent’s new offering for PCI Compliance augments the core mValent Integrity™ product which enables IT teams to capture the current state of code and configuration settings for application environments, monitor them for authorized and rogue changes, and automate processes for configuration provisioning, remediation and IT compliance.

With the release of the PCI Compliance Automation Module, customers can use mValent Integrity to:

* Insure that security controls adhere to company standards at a fine level, comprehensively across all systems.
* Safeguard against rogue access to systems by limiting access to authorized personnel and insuring that all ‘back doors’ are closed.
* Monitor changes to system services so that any insecure protocols or services are always disabled.
* Alert IT management to changes in access controls, permissions, and system services so that IT teams can spot potential risk areas before a breach occurs.

“Configuration auditing offers IT organizations a way to gain insight into (and, in some cases, the ability to remediate) the degree to which systems and applications across an IT infrastructure are meeting compliance for security, application and system integrity, and regulatory requirements, as well as improve availability,” according to the April 7 2008 Gartner report entitled “Answering Some Frequently Asked Questions About Configuration Auditing” by Ronni Colville . The report continues, “Although some tools require a certain level of standardization and process maturity as a prerequisite, the discovery capabilities of configuration auditing tools provide a means to support more-complete and proactive analysis of overall system change activity.”

“Our work in the field with customers has shone a light on some huge gaps in the various efforts to provide PCI Compliance solutions.” said James Tauber, mValent’s Chief Technology Officer and Co-Founder. “There are just so many areas where one tiny security crack enables a determined hacker to steal the digital identity of thousands. It’s exactly this kind of ‘needle in the haystack’ problem that we architected mValent Integrity to solve. Our new PCI Compliance Automation Module enables customer to find and fix these flaws automatically.”

For more details visit, www.mvalent.com

Share or bookmarklet this web page at: