FFIEC News

Harvard Medical School Deploys Third Brigade for PCI Security

(August 04, 2008)-- Third Brigade, a security software company specializing in host intrusion defense systems announced that Harvard Medical School has deployed the Third Brigade Deep Security host intrusion detection and prevention systems (IDS/IPS) to help protect its web applications and servers from targeted attacks against cardholder data. The protection will help Harvard Medical School to meet the data security standards set out by the Payment Card Industry (PCI).

“Security is a journey. We want to implement all the technology tools needed to ensure our data is protected,” said John Halamka, Chief Information Officer and Dean for Technology, Harvard Medical School.

The PCI Data Security Standards, endorsed by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc., requires merchants and service providers that store, process or transmit customer payment card data to adhere to information security controls and processes that ensure data integrity.

Third Brigade Deep Security is an advanced, host-based intrusion defense system that brings proven network security approaches — including firewall, intrusion detection and prevention, and application firewall capabilities — down to individual computers and devices. Deep Security can accelerate and simplify a PCI audit and help achieve PCI compliance by:

• Enabling firewall network segmentation to reduce the scope of the PCI audit.
• “Virtual Patching” as a compensating control to comply with requirements for vendor security patches to be applied within one month of release, based upon QSA approval.
• Detecting and preventing attacks that target cardholder data, and alerting staff the moment an attack has been attempted.
• Providing application firewall capabilities to complement secure coding initiatives and to protect web applications from attacks like SQL injection and cross-site scripting (XSS).
• Ensuring standard security configurations are consistently and automatically applied to all appropriate systems, thus reducing the risk of an attack.
• Providing detailed log information on who attacked, when they attacked and what they attempted to exploit, and by providing an auditable report of the security posture of a system.

For more information, please visit www.thirdbrigade.com.

Share or bookmarklet this web page at: