AppSecInc First to Offer Comprehensive Best-Practice Database
Security Policies for Payment Card Industry (PCI) Standard
VISA Alliance Partner AppSecInc Facilitates Compliance for All
PCI Security Guidelines Covering the Protection of Stored Credit Data
In the Wake of Most Serious Credit Card Exposure to Date
NEW YORK - June 28, 2005 - Application Security, Inc. (AppSecInc)
(www.appsecinc.com) today announced
immediate availability of the most comprehensive set of database-specific
best-practice policies to help organizations meet the requirements
of the Payment Card Industry (PCI) data security standard.
Underscoring a proactive security stance on behalf of their customers
and partners, credit card brands united disparate security guidelines
under the PCI data security standard to strengthen the protection
of payment information with a common set of guidelines. The new standard
requires organizations to be in compliance no later than June 30,
In the aftermath of the largest reported breach of computerized
personal data - 40 million credit cards exposed at a processing center
- initiatives such as PCI are imperative to protect personal information
better. Doing so involves the use of technology as well as the definition
and implementation of business process for the collection, maintenance,
and security of sensitive personal data.
Organizations can bolster PCI compliance initiatives with AppSecInc's
customizable best-practice policies thus making their efforts more
granular, demonstrable, and repeatable. The breadth and depth of AppSecInc's
portfolio enables the company to address compliance within all of
the guidelines set by PCI that relate to the defense of data at rest.
A VISA Alliance Partner, AppSecInc received a minority investment
from the company in October 2004 as part of VISA's initiatives to
provide financial institutions and merchants with access to the latest
advancements in information security technology. With more than 350
customers worldwide, AppSecInc is the leading provider of database
security solutions; widely acknowledged as providing the most comprehensive
solutions for corporate and government applications.
"From social security numbers to private health information, the
data stored in databases and traveling across networks must remain
protected. Ensuring trust in the appropriate use and protection of
cardholder and payment information is a critical part of this security,"
said Bill Tomlinson, National Security Practice Director for DynTek,
Inc. "We offer professional technology services to the payment card
industry, and solutions like Application Security, Inc.'s PCI policies
are a valuable tool, which helps us to ensure that our customer's
most critical data is secure."
The PCI effort highlights the critical need for application-specific
security controls and best practices. With databases representing
the infrastructure component in which data is at the height of its
value, yet where it is often most vulnerable, the market for database
security tools is expected to more than double during the next two
"As recent news reports have shown, application and database security
are no longer a 'nice to have,' they are a must have for an effective
defense-in-depth security architecture. Organizations need to address
critical system protection with an end-to-end lifecycle process that
identifies assets, fixes vulnerabilities, detects attacks and provides
robust information for reporting - all of which Application Security,
Inc. already provides its customers," said Jon Oltsik, Senior Analyst
at Enterprise Strategy Group. "With the PCI compliance deadline looming,
Application Security, Inc. is again ahead of the game by providing
its customers with the only compliance specific checks of its kind."
AppSecInc PCI Policies: Best Practices Approach to Compliance
AppSecInc's PCI best-practice policy templates are available for the
company's complete vulnerability management portfolio including its
application-level vulnerability assessment scanner, AppDetective™,
and its real-time database intrusion detection and security auditing
By using these policies, organizations can easily tune their application
security to the protections that are most relevant to PCI compliance.
PCI defines a set of common information security requirements comprising
12 top level security guidelines. Seven requirements pertain to protecting
stored payment data, all of which are addressed by AppSecInc's products:
- Do not use vendor-supplied defaults for system passwords and
other security parameters
- Protect stored data
- Develop and maintain secure systems and applications
- Restrict access to data by business need-to-know
- Assign a unique ID to each person with computer access
- Track and monitor all access to network resources and cardholder
- Regularly test security systems and processes
AppDetective's discovery, penetration testing and auditing/reporting
functions enable organizations to discover and inventory all database
instances; assess their configuration strength and level of vulnerability;
and provide detailed reports to track audits and maintain compliance
with the latest patches.
AppRadar's intrusion detection and security auditing capabilities
enable organizations to track and monitor all access to cardholder
data by unique ID; centralize management of auditing, tracking and
logging all transactions; and provide real-time notification of anomalous
system events or known attacks.
As the only encryption solution on the market to allow column-level
data encryption on production databases, DbEncrypt™
allows organizations an unmatched ability to protect stored cardholder
data with robust key management, strong encryption algorithms and
an easy-to-deploy, point and click interface.
"Adherence to PCI requirements would go a long way toward ensuring
personal data is thoroughly protected," said Ted
Julian, Vice President of Strategy for AppSecInc. "But compliance
can be challenging in terms of time and resources. By leveraging best-practice
policies to help with this effort, customers can more easily achieve
and maintain compliance with a minimum of effort and resources, allowing
them to focus on driving customer value."
Intuitive and easy-to-use, the PCI policy templates for AppDetective
are available for download from the AppSecInc website at http://www.appsecinc.com/solutions/pci/.
Policies for AppRadar will be available in July. These templates augment
AppSecInc's extensive range of best-practice policies that address
the Sarbanes-Oxley Act (SOX), Federal Information Security Management
Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA).
About Application Security, Inc. (AppSecInc)
AppSecInc is the leading provider of application security solutions
for the enterprise. AppSecInc's products - the industry's only complete
vulnerability management solution for the application tier - proactively
secure enterprise applications at more than 350 organizations around
the world. By securing data at its source, we enable organizations
to more confidently extend their business with customers, partners
and suppliers while meeting regulatory compliance requirements. Our
security experts, combined with our strong support team, deliver up-to-date
application safeguards that minimize risk and eliminate its impact
on business. Please contact us at 1-866-927-7732 to learn more, or
visit us on the web at www.appsecinc.com.
AppSecInc, AppDetective, AppRadar and DbEncrypt are trademarks
of Application Security, Inc. All other company and product names are
trademarks of their respective companies.
Application Security, Inc.
CHEN PR, Inc.
(781) 466-8282, ext. 39