Research Director From PCI Knowledge Base Will Discuss Findings From Its Research Study on PCI Compliance at AirTight Booth at RSA on 4/9 and 4/10

David Taylor Discusses PCI Compliance - Beyond the Checkmark; How Industry Leaders Operationalize Compliance

SAN FRANCISCO, CA--(Marketwire - April 8, 2008) - AirTight Networks, the global leader for wireless vulnerability management, announced today that David Taylor, Research Director of the PCI Knowledge Base, will reveal additional findings and answer questions about the recent PCI Compliance Study conducted by the Knowledge Base, a research program designed to help merchants, assessors, banks, processors and vendors anonymously share PCI knowledge and experience.

When:   Wednesday, April 9 and Thursday, April 10, 3 PM

Where:  RSA 2008, AirTight Booth #445

Please join us for this intimate conversation and gain important insights into best practices for PCI compliance.

The PCI Knowledge Base is the research arm of the Payment Card Industry Security Vendor Alliance (PCI SVA), a member organization that offers institutions and card processors products and services to achieve PCI DSS compliance.

"PCI compliance is a complex and often daunting task," said David Taylor, Research Director of the PCI Alliance. "We wanted to find out how so many companies became compliant so quickly and share that information with other merchants affected by PCI DSS. We wanted to find out how the leaders in PCI compliance succeed, what tools they use and what differentiates them and keeps them ahead of the curve. In other words how and why those leaders take PCI Compliance beyond the checkmark."

Some key findings in the PCI Knowledge Base Report include:

--  More than 65 percent of merchants and more than 80 percent of
    assessors reported that PCI compliance choices are driven by the PCI
    checklist, and not by a risk management analysis, since a perfect score is
    required to be PCI compliant.
--  PCI has caused a major shift in the security priorities of more than
    60 percent of companies to implement data at rest encryption and network
    segmentation, but away from security management tools, such as security
    information management.
--  More than 40 percent of security managers report that PCI is an
    excellent standard because it mandates specific IT controls and helps them
    justify needed security purchases.
--  More than 70 percent of security managers have had substantial
    additional burdens placed on them by PCI, primarily the requirement to
    regularly review log files and access controls. In most cases this must be
    done manually because there is no requirement or budget to automate the
    review process.
--  More than 75 percent of merchants are focused on achieving "Paper
    Compliance" - or just getting a "Green ROC" in order to avoid fines, but
    there is a group of leading merchants focused on ongoing or "Operational
    Compliance."
--  The leading 10 percent of merchants are managing PCI compliance as
    part of an enterprise compliance plan, but nearly 30 percent of merchants
    are planning to apply the PCI standards to protect other confidential data,
    such as SSNs.
--  Another differentiator of leading merchants is that they undertake due
    diligence investigations of the security of their service providers, rather
    than assume that a legal agreement that mentions PCI is sufficient to limit
    their liability.

About The PCI Knowledge Base:

The PCI Knowledge Base contains more than 1,200 best practices, lessons-learned, vendor experiences, PCI assessor experiences, and industry trends, based on more than 75 hours of interviews with merchants, banks, card processors and security vendors. It delivers advice from a panel of experts, consisting of more than 30 PCI assessors, chief technology officers, chief information and security officers, and security consultants.

The Knowledge Base's panel of experts includes luminaries from many of the leading companies in the PCI sector -- including Citigroup, U.S. Bank, AT&T, Convergys, Accenture, Ernst & Young, Tripwire, IBM, ArcSight, Citrix, Ipswitch, AirTight Networks, Configuresoft, Centrify and SafeNet, Inc. -- as part of their efforts to help companies secure their confidential data and manage their compliance with security standards and laws.

About AirTight Networks

AirTight Networks, the industry standard for wireless vulnerability management, is the only company that offers customers a flexible, end-to-end solution that gives them visibility into their wireless security posture and a choice in how to manage it. AirTight provides full wireless intrusion prevention systems (WIPS) and the world's first on demand wireless vulnerability management service. AirTight's patented technology delivers the key elements of an effective WIPS to eliminate false alarms, block wireless threats immediately and automatically and locate wireless devices and events with pinpoint precision. AirTight's customers include global retail, financial services, corporate, education and government organizations. AirTight Networks is a privately held company based in Mountain View, CA. For more information please visit www.AirTightnetworks.com.

AirTight Networks and the AirTight Networks logo are trademarks; AirTight and SpectraGuard are registered trademarks of AirTight Networks, Inc. All other trademarks are the property of their respective owners.