Fortify Defender Offer Retailers Critical Solutions to Address Key PCI Compliance Requirements

(02/07/2007)

By the end of June, all UK organisations that store, process or transmit credit card payments were required to put in place strategies to ensure they are protecting their most sensitive data. Companies that do not comply may be subject to increased processing fees, be barred from processing credit card transactions and be fined up to £250,000 for each instance of non-compliance in the event of a serious security breach. For retailers, this is an important mandate that requires significant efforts, as well as a longer term strategy towards reaching full compliance.

While the June 30 deadline for UK online merchants has recently been softened, the major credit card brands are still demanding that merchants put strategies mitigating risk in place in order to protect their most sensitive data.

Fortify Software Inc. has has announced its PCI solution, a bundle of Fortify's application security products designed to help retailers meet requirements within the Payment Card Industry Data Security Standard (PCI DSS) 1.1.

Fortify's PCI Solution provides a powerful solution for retailers to secure their most sensitive data quickly, as well as maintain compliance going forward. Fortify products help with a number of PCI requirements, most notably section six, which states that all retailers must "develop and maintain secure systems and applications."

Fortify Software also announced that it has joined the PCI Security Standards Council, the global forum for the ongoing development and implementation of the Data Security Standards.

"For an industry that depends on Web-based applications for much of its business, requirement six of the PCI DSS 1.1 is one of the most difficult for retailers to achieve given that the vast majority of software was never developed with security in mind," stated John M. Jack, Fortify's President and CEO. "Fortify's approach to application security gives retailers the means to secure their applications to achieve compliance now, while ensuring their new Web 2.0 applications are developed securely."

Fortify Software's PCI Solution, which consists of Fortify SCA, a source code analysis tool that eliminates vulnerabilities in an application's code base; Fortify Defender, an application-layer firewall; and Fortify's Professional Services, offers an immediate solution to secure sensitive data now, as well as a longer-term strategy to ensure new applications are developed securely.

This bundle of software and services enables retailers to secure applications now. Fortify Defender is a contextual Web-application firewall that protects and monitors Web applications from the inside. This unique 'internal firewall' approach offers critical insight into attacks as well as an unparalleled level of security.

Fortify Defender addresses PCI standards for an application-layer firewall. Section 6.6 of the PCI Data Security Standards currently recommends as a best practice the use of an application-layer firewall or a professional code review. All merchants and service providers that store, process or transmit cardholder data must comply with these standards when it becomes a requirement next year. Fortify Defender not only addresses PCI Data Security Standards but also key software security compliance requirements, including OWASP Top Ten and HIPAA.

Fortify also enablers retailers to secure applications before they're deployed. Fortify SCA's advanced features enable security professionals to review more code and prioritize issues in less time, while helping development teams identify and fix issues early and with less effort. Fortify SCA supports a wide variety of languages, frameworks and operating systems and delivers depth and accuracy in its results. It can be tuned to be comprehensive when completeness is needed or extremely targeted for day-to-day use in development. It makes triage, full-scale audits and remediation fast and effective.

"In requirement six, the PCI standards mandate measures for ensuring appropriate security at the application level," stated Diana Kelly, a vice president and service director for the Burton Group. "Application and software security tools, such as source code analysis and application layer firewalls, can help companies achieve these goals."

Fortify Software has already secured the applications for:
- Two of the most visited Websites in the world
- Major online media companies
- One of the largest online computer resellers
- A major global car rental company
- Multiple Tier-1 online retailers.

Fortify's inclusion in the PCI Security Standards Council is a reflection of its deep involvement with the PCI DSS. Fortify is also a member of the ICSA Labs Web Application Firewall Product Developer's Consortium, which has helped develop certification criteria for Web application firewalls.

Related topics:  Application and software security   Data management and data security   Firewall   Internet and Web security 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources