|
ArcSight Debuts
Industry Leading Comprehensive,
Scalable and Cost-Effective PCI
Protection Solution
AirTran Airways, BFS Retail and
Commercial Operations, LLC,
OfficeMax and Princess Cruises
Select ArcSight PCI Protection Suite
to Safeguard Cardholder Data and
Enforce PCI Compliance
CUPERTINO, Calif. - September
24, 2007 - ArcSight, Inc., a
leader in enterprise security and
compliance management solutions,
today announced the ArcSight PCI
Protection Suite, an integrated,
solution that empowers merchants and
processors to safeguard their
organizations from cardholder or
customer data breaches, insider
threats and non-compliance risks
across the breadth of PCI DSS
requirements, thereby protecting
their brand and customer trust. The
ArcSight PCI Protection solution
comprehensively monitors compliance
with the Payment Card Industry (PCI)
Data Security Standard (DSS) and is
built on the award-winning ArcSight
platform, which provides a
foundation for compliance efforts
across industry standards and
government regulations. The ArcSight
PCI Protection Suite is a
comprehensive, scalable and
cost-effective solution for
protecting cardholder data and
monitoring ongoing PCI compliance.
Level 1 and 2 merchants across the
retail, transportation,
telecommunications, medical and
financial markets have already
selected the ArcSight PCI Protection
Suite to secure their customers
against the growing global threats
to cardholder identity and data
privacy.
The ArcSight PCI Protection Suite
proactively protects cardholder data
against breaches, insider threats
and non-compliance risks across all
12 PCI requirements through:
- Real-time monitoring and
early-warning breach detection
across all users, applications,
databases and other PCI-impacted
IT infrastructure.
- Automatic and continuous
capture, storage and analysis of
all events across distributed
locations.
- Efficient compliance-posture
validation and visibility.
Announced customers include
AirTran Airways, a subsidiary of
AirTran Holdings, Inc., one of
America's largest low-fare airlines;
BFS Retail and Commercial
Operations, LLC, the world's
largest chain of company-owned car
care centers;
OfficeMax, a leading provider of
office equipment and services; and
Princess Cruises, one of the
most recognized cruise lines in the
world.
"AirTran Airways operates over
700 flights daily to over 55
destinations, and passengers
primarily use major credit cards to
purchase tickets," said Michelle
Stewart, manager of data security,
AirTran Airways. "Our customers
place a high degree of trust in us
to ensure that their credit card
information is protected to the
utmost level. We have been proactive
with this objective and have
selected ArcSight's PCI solution
toolset to provide the most reliable
protection available today."
Merchants Challenged by
Compliance as Risks of Customer Data
Breaches Increase
Data breach incidents have become
more prevalent and sophisticated in
the last few years, with more than
165 million breaches recorded since
2005 (source: Privacy Rights
Clearinghouse). In 2006, the average
cost per breach was $182 per
customer record, including direct
incremental costs and lost
productivity, as well as negative
impact to a corporate brand (source:
Ponemon Institute).
"Ensuring customer trust and
protecting customer privacy are
mission critical to our business at
Princess Cruises," said Claude
Gigoux, manager, networks and
telecommunications, Princess
Cruises. "We chose ArcSight
initially to help us with other
business process and compliance
issues. Now we are expanding our
deployment to protect customer data
on mainframe applications against
both internal and external threats
and to provide compliance in an
automated way to SOX, PCI and other
regulations."
Even though upcoming September 30
and December 31 penalty deadlines
focus the spotlight on PCI,
merchants are challenged to comply
in time for a variety of reasons.
The 12 PCI guidelines span not only
point-of-sale (POS) systems that
actually handle the credit card data
directly, but the entire underlying
infrastructure that interconnects a
payment system. Customer and
cardholder data can be strewn
throughout a merchant's
infrastructure, with
brick-and-mortar retail outlets
often the most vulnerable to risk
(based on existing data breach
cases) and where the biggest
technical challenges of deployment
exist. In many cases, merchants are
saddled with an infrastructure that
has reached its technical limits and
cannot provide all the functionality
mandated by PCI. Required audits and
audit preparation cycles are
expensive in both technology and
labor to implement, support and
test. PCI itself is a moving target,
as requirements are expected to
continue to evolve over time; and
furthermore, being PCI compliant
does not ensure an organization
against damaging cardholder
breaches, which prominent retailers
can attest to.
The ArcSight PCI Protection Suite
helps merchants cost-effectively
address these challenges, providing
the following clear benefits:
- Comprehensive automated
monitoring across PCI-affected
assets to reduce workload and to
eliminate human error associated
with manual monitoring.
- Centralized monitoring and
distributed data collection at
remote sites, with support for
hundreds of devices and
applications, including legacy
systems, to provide
organizations overall visibility
into their distributed
cardholder infrastructure and
networks.
- Continuous oversight of PCI
controls and automated test
procedures to meet fiduciary
responsibility efficiently.
- Support for current and
evolving compliance and
governance initiatives for
continued life-cycle value.
"With the September 30 and
December 31 deadlines just around
the corner, companies are actively
working to address their data
security deficiencies, but many of
them simply cannot implement all the
PCI requirements overnight," said
Robert Shaw, CEO, ArcSight. "Over
the last 6 months we've seen an
increase in the number of customers
looking for an automated PCI
monitoring solution that provides
continuous real-time protection
against data breaches in
out-of-PCI-compliance networks while
also reducing costly and
labor-intensive manual compliance
efforts. ArcSight's PCI Protection
Suite enables these customers to
address PCI compliance throughout
their distributed retail
infrastructure with complete and
ongoing visibility into their
security and compliance posture."
"The GAO recently reported that
the average cost of a data breach is
approximately $1.4 million; and most
organizations, including BFS Retail
and Commercial Operations, LLC, are
doing their best to avoid that extra
cost," said Robert C. Warner,
executive director, retail
information systems, BFS Retail and
Commercial Operations, LLC. "A lot
of merchants today aren't PCI
compliant, and they're taking a big
risk. Our customers are the core of
our business, and we do everything
in our power to make sure they're
satisfied and feel secure doing
business with us. This is why we
selected ArcSight for PCI
compliance; we needed a vendor that
would help ensure that our
customers' data is secure."
Details of the ArcSight PCI
Protection Suite
ArcSight's PCI Protection Suite
builds upon the award-winning
ArcSight product family and is
designed to provide automated,
real-time event capture,
cost-effective long-term storage and
sophisticated analytics across a
merchant's card data-flow
infrastructure.
The ArcSight PCI Protection Suite
is designed for ease of deployment,
flexibility and cost-effective
life-cycle support of remote sites.
ArcSight's unique support for highly
distributed environments provides a
secure foundation that is centrally
managed but easily deployed across a
massively dispersed network with
large numbers of diverse IT elements
and business applications. Merchants
can install low-cost, plug-and-play
collector appliances at branches or
retail locations, or can implement
remote collection capabilities in
software. Administrators can
centrally control, manage and
maintain configurations across 100s
or 1000s of remote sites. To support
remote retail locations that are
constrained by low-speed WAN
connections, the ArcSight solution
provides built-in bandwidth controls
so that POS transactional data is
not adversely affected by log
collection traffic. The solution
automatically reprioritizes high
severity events for early detection
of breaches. Local caching at remote
sites provides added protection in
the event of extended connectivity
loss between remote sites and data
centers. The system encrypts logs
before forwarding them to a
centralized log repository.
ArcSight's PCI Protection Suite
automates the collection and
monitoring of events from more than
185 different devices and
applications, including firewalls,
IDSs, switches/routers, network
appliances, web servers, databases,
applications, application servers,
mail servers, authentication
servers, kiosks, POS systems and
card scanners. The ArcSight solution
can collect data for PCI events at
rates ranging from 100s of events
per second to 100s of 1000s of
events per second and can correlate
events from 100s of 1000s of
sources.
Once enterprise wide event data
is collected, prepackaged analytics
in the form of PCI-specific rules,
dashboards and reports give
merchants the "big picture" view of
the state of protection across
PCI-impacted assets and the 12 PCI
requirements. As a result,
merchants, service providers and
processors that store, process or
transmit cardholder data are better
equipped to run efficient and
effective PCI compliance programs to
truly protect their cardholder
data.
ArcSight's PCI insider threat
early-warning system watches users
that interact with PCI-impacted
assets to get an overall view of
activity and to detect suspicious
behavior before an actual breach
occurs. Should a violation or
potential threat arise, ArcSight's
response management system provides
notification, quarantine and
remediation options, enabling
intelligent identification,
prioritization and response.
The ArcSight PCI Protection Suite
also delivers strong configuration
management capabilities for security
and network devices including
routers, switches, VPN devices,
firewalls and wireless access
points. Through a combination of
automated device discovery, network
topology visualization, and
configuration change detection,
auditing and workflow, organizations
can easily and cost effectively
enforce configuration best
practices.
Pricing and Availability
The ArcSight PCI Protection
Suite is currently available in a
variety of configuration and pricing
packages designed to best fit
customer needs and deployment
environments; packages start at
$20,000 (US list). Beyond the
comprehensive suite that monitors
and protects against breaches and
non-compliance across all 12 PCI
requirements, options exist for
requirement 10 only, and for
requirements 1 and 2 only.
Components include:
- ArcSight ESM: Delivers
continuous and thorough
cardholder data breach
detection, monitoring and PCI
compliance assessment through
centralized event analysis via a
powerful cross-device
correlation engine and
sophisticated analysis tools
that use rules, dashboards and
reports.
- ArcSight Logger: Delivers
advanced high performance log
collection, cost effective
archival and analysis of
PCI-related log data.
- ArcSight Connectors:
Delivers the industry's broadest
and deepest event collection
support spanning the
PCI-impacted IT infrastructure,
including custom sources,
in-house applications and
physical access points, and can
be deployed as software or in
Connector Appliances.
- ArcSight Threat Response
Manager (TRM): Delivers PCI
breach remediation workflow
through threat isolation, impact
analysis, notification and
quarantining options.
- ArcSight Network
Configuration Manager (NCM):
Delivers sophisticated network
configuration, monitoring and
audit controls to enforce PCI
audit requirements and monitor
regulatory compliance across
heterogeneous networks.
- ArcSight PCI Insider Threat
Protection Package: Delivers a
sophisticated early warning
system that detects insider
threats to PCI-impacted assets
before breaches occur.
- ArcSight Compliance Insight
Package for PCI: Delivers
prepackaged rules, dashboards
and reports that satisfy PCI
compliance reporting and
auditing requirements.
For sales information, contact
info@arcsight.com or call (408)
864 2600.
About ArcSight
ArcSight is a leading provider of
security and compliance solutions
that intelligently identify and
mitigate business risk and deliver a
centralized view of enterprise-wide
events across heterogeneous
infrastructures. This real time and
historic view into external attacks,
insider threats and regulatory
compliance provides enterprises,
MSSPs and government agencies with
the intelligence and response
capabilities required to effectively
protect and manage their networks
and their businesses. For more
information, see
www.arcsight.com. ArcSight, The
ArcSight logo, ArcSight Logger,
ArcSight TRM and ArcSight NCM are
trademarks of ArcSight, Inc.
# # #
Contact Information:
Kristin Kiltz
Engage PR for ArcSight
510-748-8200, x204
kristin@engagepr.com
|
