Sarbanes Oxley : Technology : PCI
Meeting The PCI DSS Requirements
March 18, 2008 12:00 PM
Vice President of Marketing
SenSage, Inc., the leader in Event Data Warehousing solutions, has announced that it has joined the Payment Card Industry Security Vendor Alliance (PCI SVA). The PCI standard requires the collection, retention and analysis of massive amounts of log data. SenSage’s Event Data Warehouse (EDW) solution provides functionality for Security Information and Event Management (SIEM), including out-of-box correlation alerts, log analysis, and trending information required to address the growing challenges of protecting consumer credit card data.
The PCI SVA is comprised of vendors that provide solutions and expertise in securing cardholder data and addressing PCI DSS compliance. The Alliance’s objective is to provide valuable subject matter expertise to those organizations that must comply with the PCI DSS such as merchants, banks and point-of-sale vendors. The PCI DSS is applicable to any enterprise that transmits, processes or stores cardholder data, including those in the retail, hospitality, healthcare and entertainment sectors.
“SenSage’s software is a great solution for organizations seeking to better their responsiveness in meeting the PCI DSS requirements,” said David Taylor, board president of the PCI SVA. “The PCI SVA welcomes SenSage as another strong voice in our efforts to keep consumer credit card data safe through every step of the transaction process.”
Ed Chopskie, vice president of marketing for SenSage, added, “SenSage is a strong supporter of the PCI Security Vendor Alliance’s objective to assist the industry in adopting best practices and providing customers with recommendations for improving security across their networks. We look forward to working with the team to further educate the marketplace about the practical solutions available to safeguard credit card data.”
SenSage’s EDW solution uses agent-less technology to collect data from any source where cardholder data exists or may be accessed. This includes network infrastructure devices, servers, applications, mainframes and the databases that store cardholder data. SenSage effectively stores the data in its patented columnar database, and provides real-time alerts and transforms this data into actionable intelligence through built-in log data analysis, at much lower costs than traditional data warehousing and security products. The SenSage for PCI DSS Compliance analytics package provides organizations with this actionable intelligence mapped to the specific PCI DSS requirements, addressing not only Requirement 10 but providing numerous reports aimed at addressing other PCI requirements. SenSage’s approach blends a high degree of performance with an array of administrative, management, analytics and reporting capabilities to meet the most stringent of compliance and regulatory requirements.
There are multiple log viewing and collection tools on the market that claim to help credit card accepters meet the PCI DSS compliance requirements. SenSage’s solution supports the breadth of log data sources where cardholder data exists and has the ability to store the data online for years. This provides the analytics and SQL precision analysis of the log data. For more information on SenSage’s Event Data Warehouse software for PCI, please visit www.sensage.com/English/Solutions/Compliance_PCI_DSS.html.
SenSage, Inc. offers the only patented event data warehousing solution for log management and compliance auditing applications. Over 300 customers have deployed SenSage solutions to reduce the risks associated with insider threats, system downtime and failed audits by providing faster, more granular analysis of privileged user behavior and analyzing anomalies across network, system and application activity. Based in San Francisco, the company markets its solutions directly and through partners, including Cerner, EMC, HP, HDS, IBM, Intec Billing Systems, Lockheed Martin, Network Appliance, Sendmail, Symantec and Tokyo Electron Device.
For more information go to www.sensage.com
The PCI Data Security Standard is a set of comprehensive requirements for enhancing payment account data security to help facilitate the broad adoption of consistent data security measures on a global basis.
For more information on the PCI DSS, please visit: www.pcisecuritystandards.org.