SOURCE: ArcSight

January 22, 2008 08:00 ET

ArcSight Joins the PCI Security Standards Council and PCI Security Vendor Alliance

ArcSight Brings Industry-Leading PCI Compliance Perspective to Data Security Standard That Protects Cardholder Data

CUPERTINO, CA--(Marketwire - January 22, 2008) - ArcSight, Inc., a leader in enterprise security and compliance management solutions, announced today that it has joined the PCI Security Standards Council (PCI SSC) as a Participating Organization and the PCI Security Vendor Alliance (PCI SVA) as a platinum member. Through its role on the Standards Council, ArcSight will help to evolve payment card data protection standards including the PCI Data Security Standard (PCI DSS). As a member of the Vendor Alliance, ArcSight combines its knowledge and PCI-specific experiences with that of other technology vendors to support PCI DSS. These memberships highlight ArcSight's commitment to support the payment card industry as it addresses new challenges of protecting cardholder data.

The PCI Security Standards Council was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International as an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The PCI Security Standards Council's mission is to enhance payment account data security by fostering broad adoption of the PCI Security Standards.

As a Participating Organization on the PCI SSC, ArcSight has the opportunity to access and influence the industry's latest payment card security standards. ArcSight joins a community of nearly 350 organizations working on improving cardholder data protection.

The PCI SVA is a coalition of vendors that provide solutions and expertise in securing cardholder data. PCI SVA assists members of the payment card industry -- composed of merchants, banks, and point-of-sale vendors -- in educating the business community on the requirements and business value of the PCI DSS, a global benchmark intended to improve security throughout the entire payment-card transaction process. The PCI DSS is applicable to any enterprise that transmits, processes, or stores cardholder data including retail, hospitality, healthcare, entertainment, and others.

As a member of the PCI SVA, ArcSight will be able to share its unique understanding of customer business challenges as they relate to PCI compliance and provide insights into how it has met these challenges. The company will also gain knowledge from other members that will help it optimize its approach to managing PCI initiatives to its customers. Alliance members also have the opportunity to influence and advise on the growth of the PCI Data Security Standard.

"With the next deadline for complying with the PCI Data Security Standard arriving at the end of this month, we are receiving more questions from merchants looking to learn how to best secure their customers' data and meet all of the Standard's requirements," said David Taylor, board president of the PCI SVA. "Now that ArcSight is a member of the Alliance, we can leverage the company's valuable input to build awareness of just what is required to deliver a comprehensive PCI DSS solution."

"Through our memberships in the PCI SSC and PCI SVA, ArcSight will be able to share knowledge about customer needs while also increasing collaboration across many participating organizations," said Reed Henry, senior vice president of marketing and business development at ArcSight. "This will help the industry evolve standards that better address customer challenges today and in the future."

With the recent spotlight on PCI, merchants are challenged to comply for a variety of reasons. The 12 PCI guidelines span not only point-of-sale (POS) systems that actually handle the credit card data directly, but the entire underlying infrastructure that interconnects a payment system. Customer and cardholder data can be strewn throughout a merchant's infrastructure, with brick-and-mortar retail outlets often the most vulnerable to risk (based on existing data breach cases) and where the biggest technical challenges of deployment exist. In many cases, merchants are saddled with an infrastructure that has reached its technical limits and cannot provide all the functionality mandated by PCI. Required audits and audit preparation cycles are expensive in both technology and labor to implement, support and test. PCI itself is a moving target, as requirements are expected to continue to evolve over time; and furthermore, being PCI compliant does not ensure an organization against damaging cardholder breaches, which prominent retailers can attest to.

The ArcSight PCI Protection Suite helps merchants cost-effectively address these challenges, providing the following clear benefits:

--  Comprehensive automated monitoring across PCI-affected assets to
    reduce workload and to eliminate human error associated with manual
    monitoring.
--  Centralized monitoring and distributed data collection at remote
    sites, with support for hundreds of devices and applications, including
    legacy systems, to provide organizations overall visibility into their
    distributed cardholder infrastructure and networks.
--  Continuous oversight of PCI controls and automated test procedures to
    meet fiduciary responsibility efficiently.
--  Support for current and evolving compliance and governance initiatives
    for continued life-cycle value.
    

For more information on the ArcSight PCI Protection Suite, please visit: http://www.arcsight.com/pci-protection-suite.htm

About ArcSight

ArcSight is a leading provider of security and compliance solutions that intelligently identify and mitigate business risk and deliver a centralized view of enterprise-wide events across heterogeneous infrastructures. This real time and historic view into external attacks, insider threats and regulatory compliance provides enterprises, MSSPs and government agencies with the intelligence and response capabilities required to effectively protect and manage their networks and their businesses. For more information, see www.arcsight.com.

ArcSight and the ArcSight logo are trademarks of ArcSight, Inc.

About the PCI Data Security Standard

The PCI Data Security Standard is a set of comprehensive requirements for enhancing payment account data security to help facilitate the broad adoption of consistent data security measures on a global basis.

For more information on the PCI DSS, please visit: www.pcisecuritystandards.org.

About the PCI Security Standards Council

The mission of the PCI Security Standards Council is to enhance payment account security by fostering broad adoption of PCI security standards.

For more information on the PCI Security Standards Council, please visit: www.pcisecuritystandards.org.

About the PCI Software Vendor Alliance

To learn more about the PCI SVA, please visit: http://www.pcialliance.org.