Login

Share this Site

Bookmark and Share

Our Products

Products
ArcSight & the PCI Knowledge Base Print E-mail
Press Releases

 

ArcSight, Inc. (NASDAQ: ARST), a leading global provider of compliance and security management solutions that protect enterprises and government agencies, today announced the availability of a new PCI (Payment Card Industry) Knowledge Base and the findings of a recently fielded PCI research report. The PCI Knowledge Base and research program were launched by the PCI Security Vendor Alliance. The Knowledge Base program allows merchants, assessors, bankers, card processors, security vendors and PCI consultants to anonymously share information online on how to become PCI compliant. The findings of the current research report highlight the trends and statistics that have emerged as companies have gone through the process of becoming PCI compliant. ArcSight supported the collection of the data and is a platinum member of the PCI Security Vendor Alliance.

The PCI Knowledge Base contains more than 1,200 separate anonymous comments from merchants, assessors, bankers, card processors, security vendors and PCI consultants, as well as advice from a panel of approximately 30 experts. Visitors to the research program's web site can glean findings that include information regarding best practices, lessons learned, experiences, industry trends and more.

"ArcSight supports the research program as part of our efforts to help companies secure their confidential data and continuously comply with PCI," said Reed Henry, senior vice president of marketing and business development of ArcSight. "The PCI Knowledge Base is a valuable resource for anyone who wants to learn about PCI compliance and understand how companies have successfully achieved compliance."

PCI Alliance Research Director David Taylor identified the three most important findings of the program:

 

--  Many companies have not yet deployed an overarching monitoring and
    management solution to derive the full benefit of PCI compliance. "The
    thing that crops up over and over again is that many companies are buying
    products in order to achieve compliance, but they don't have the time to
    manually review all the logs and data which these tools generate," said
    Taylor. "They're overwhelmed by the volume of security data and they don't
    have the resources to properly review it.  These companies are looking for
    automated solutions to deal with these issues."
--  Most companies pursue a checklist approach to PCI compliance.  The
    requirement to have 100 percent of PCI controls in place tends to promote
    the view that all controls are essentially equal. What differentiates the
    leading-edge companies that are members of the PCI Knowledge Base is that
    they focus on risk and compliance management across all 12 PCI requirements
    and use identity monitoring solutions and SIEM platforms to monitor who is
    doing what and when with which sensitive data.
--  Best-in-class companies have achieved operational compliance vs. paper
    compliance.   Best-in-class companies in the Knowledge Base have made
    complying with PCI, including the automated monitoring of access controls
    and enforcement, part of their day-to-day operations.  The paper checkbox
    approach has left other companies exposed to threats due to failure to keep
    up with the demand to manually review logs.

 

PCI Knowledge Base provides real-world information about PCI compliance

The PCI Knowledge Base shares merchants' knowledge and experience of PCI compliance anonymously with other merchants as well as with assessors, banks and vendors. Visitors to the PCI Knowledge Base can benefit from their experience, finding out what works, best practices, lessons learned and more.

Following is a sample of the real-world information, advice and experience in the PCI Knowledge Base:

 

--  "We found we were opening over 60 trouble tickets per month, and
    closing only five of them. Some of these trouble tickets could be potential
    security breaches. If we don't automate this process or get some help, our
    security management will be come less effective with each passing month."
--  "The best advice I can give others is that they need to reduce the
    number of places they store data, and eliminate the ability of most persons
    to copy the data or distribute it. Merely having a policy against it is a
    small step. Eliminating copies and eliminating the copying functionality
    are the real controls that companies need."

 

To learn more about PCI Compliance, please visit www.knowpci.com to access the PCI Knowledge Base.

For more information on the ArcSight PCI Protection Suite, please visit http://www.arcsight.com/cip_pci.htm.

About ArcSight

ArcSight (NASDAQ: ARST) is a leading global provider of compliance and security management solutions that protect enterprises and government agencies. ArcSight helps customers comply with corporate and regulatory policy, safeguard their assets and processes and control risk. The ArcSight platform collects and correlates user activity and event data across the enterprise so that businesses can rapidly identify, prioritize and respond to compliance violations, policy breaches, cybersecurity attacks and insider threats. For more information, visit www.arcsight.com.

ArcSight and the ArcSight logo are trademarks of ArcSight, Inc.

Add to DiggBookmark with del.icio.usAdd to Newsvine

Copyright 2008 Market Wire