RedSeal Systems Introduces First Fully Automated Assessment Solution for Requirement 1 of the Payment Card Industry's Data Security Standard
Posted on: Wednesday, 20 August 2008, 09:00 CDT
RedSeal Systems, Inc., a leading developer of proactive security risk management software, today announced the general availability of version 3.0 of its flagship product, RedSeal Security Risk Manager (SRM). The new release enables users to automate their assessment of Requirement 1 within the Payment Card Industry's Data Security Standard (PCI-DSS). Using RedSeal SRM 3.0, enterprises no longer have to take a manual, network device by network device approach to assessing their compliance with Requirement 1. RedSeal SRM provides enterprises with the ability to automatically implement Requirement 1 as a best practice and immediately detect drift or deviation from the regulation.
From Manual to Automated: Responding to PCI-DSS Requirement 1
"Requirement 1 of PCI-DSS is one of the most difficult requirements for an enterprise to enforce," said Branden Williams, Director, PCI Practice, VeriSign. "The complexity and size of enterprises today makes it extremely difficult to manually and accurately determine the application traffic that is allowed into the cardholder data network. RedSeal SRM's ability to automate the assessment may not only reduce the effort necessary, but also increase accuracy. This can enable enterprises to understand their compliance stance on a daily basis so that they can treat PCI-DSS as a best practice rather than an annual assessment."
RedSeal SRM 3.0 can identify all network traffic that is allowed between untrusted networks, the DMZ and the cardholder data network as required by PCI-DSS Requirement 1. While enterprises have traditionally focused on manually reviewing their firewall policies, RedSeal SRM 3.0 goes beyond these measures and determines all traffic allowed between any two points. Enterprises no longer have to attempt to manually determine the effects of their firewall policies, and can instead focus their efforts on understanding exactly where they stand in addressing PCI-DSS Requirement 1. Additionally, a PCI-DSS Requirement 1 compliance report can be generated and used for sharing the results of the assessment with the enterprise's Qualified Security Assessor (QSA).
RedSeal SRM 3.0 features include:
-- Complete Lifecycle Management to track defects such as exposed vulnerabilities, misconfigurations and policy violations from identification through remediation. Alerts are generated if a defect is not remediated within a certain amount of time, based on internal policies, and reports can be delivered via e-mail based on a schedule or immediately after analysis completes.
-- Custom Network Device Configuration Policies provide users with the ability to define a "golden configuration" standard for their network devices. Enterprises can ensure that their network devices are configured based on their own internal requirements.
-- Enhanced Asset Management allows for the organization of the network topology to be based on an enterprise's specific requirements such as location, business unit, or services. RedSeal SRM 3.0 supports dynamic criteria based policies which allow for the automatic organization of assets based on a variety of options including metric values, software, IP address, host/device name and primary service.
"RedSeal continues to raise the network security bar and allow enterprises to understand how a network is designed, built and operated," said Tom Arthur, CEO, RedSeal Systems. "By including PCI DSS capabilities in SRM 3.0 means we can continue to deliver on the promise of bringing fully automated solutions to the enterprise, making it easier and more cost-efficient to operate the network while allowing organizations to prove their compliance with standards such as PCI."
About RedSeal Systems, Inc.
RedSeal Systems develops innovative, proactive, security risk management (SRM) software designed to streamline and automate vulnerability management, compliance audits. RedSeal SRM creates a virtual operational model of the entire infrastructure providing valuable intelligence about how and where defects and vulnerabilities create 'holes' that expose business assets to threats. When armed with this knowledge, individuals and teams can quickly assess the impact of exposures and evaluate corrective actions by focusing on defensive/security strategies that eliminate the greatest risk. Security-aware businesses trust RedSeal to efficiently manage the protection of their business assets and to effectively strengthen their network security posture. More information can be found at www.redseal.net.
Source: Business Wire
Related Articles
- The PCI Security Standards Council Recertifies Fortrex Technologies' PCI Scanning Services as an Approved Scanning Vendor
- Alcatel-Lucent and Jeskell Team Up to Deliver Unique User-Centric Security Solutions for Enterprises
- Mazu Networks Joins PCI Security Standards Council
- Bivio Networks and NFR Security to Host Webinar on Policy-Centric Network Security
- JBoss Enhances JBoss Operations Network to Increase Operational Efficiency; JBoss ON 1.2 Adds Software and Security Advisories to Enterprise Management Platform
- FaceTime Announces Greynet Enterprise Manager, Industry's First Gateway-to- Endpoint Management Platform for Securing Instant Messaging, P2P and Spyware
- Top Layer Networks and LURHQ Announce Managed Intrusion Prevention System Security Service for Enterprise Customers
- Vector Networks Announces Release of PC-Duo Enterprise Remote Control V9.10
- Social Enterprise Management: Transforming Government Service Delivery
- Nakina Systems Acquires iPine Networks to Enter IP Service and Enterprise Management Market
 |
 |
User Comments (0)
RSS Feeds