mValent adds PCI security to monitoring tool
By Robert Mullins
July 30, 2008 —
Recognizing that hackers are still pursuing credit card numbers, mValent has added assessment of industry standards to its application configuration management software offering.
MValent introduced Monday its Payment Card Industry (PCI) Compliance Automation Module as a supplement to its mValent Integrity configuration management software, which monitors ongoing configuration changes to an application.
The module monitors compliance across a company’s IT network with the specifications set by the PCI Security Standards Council. It automates the task of maintaining that compliance, said James Hickey, chief marketing officer of mValent.
Hackers can break into a system and change “permissions” that determine who has access to sensitive data, Hickey explained. The compliance module continually monitors the system to make sure the security standards the company sets remain in place and aren’t replaced by a hacker's. “It’s about monitoring systems for changes in permissions or changes in access controls or password strength,” he added.
The PCI council, a global industry group, sets the Data Security Standard (DSS) as a benchmark for data security measures. DSS version 1.2 is scheduled for release in October, the council stated; version 1.1 has been in place since September 2006.
The security standards were created in the wake of much-publicized breaches in which payment card databases were breached and financial records exposed. In 2007, retailer TJ Maxx disclosed that 45.7 million of its customer credit card numbers were stolen in 2005 and 2006.
“That’s the most famous example, but examples abound,” Hickey said.
Although companies handling credit card transactions and storing such data are required to adhere to the DSS, the rules aren’t specific as to how they should do it, Hickey added, because threats and defensive measures frequently change.
The mandate is: “Secure the data,” Hickey said. “Secure the cardholder data so it’s not subject to being stolen by anyone, by a hacker. I don’t think it’s any more specific than that. IT organizations don’t have a clear road map for what it means to be in compliance.
The mValent PCI compliance module is intended to make sure that security features continue to adhere to company standards across multiple IT systems, ensure that any software “backdoors” are closed and alert IT management to changes in access controls, permissions or system services so as to avert a breach.
The compliance module works like the configuration management software that mValent offers to monitor overall application performance, Hickey noted. After a software application is deployed, minute changes can constantly affect the configuration, a process that must be carefully managed to make sure the application continues to perform as it should.
“[IT managers] are fond of saying, ‘You provision software a couple times a year, but you change configuration data hour-by-hour,’ ” he said.
Related Search Term(s): PCI, security, mValent
Share this link: http://sdt.bz/32644
Most Read Latest News Blog Resources
Zeichick’s Take: Radio moves from analog waveforms to digital packets
Streaming radio highlights the need for streaming applications to be designed to take up as little bandwidth as possible
|
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Appcelerator Acquires Cocoafish to Add Instant Mobile Cloud Capabilities to its Industry Leading Titanium Platform
Appcelerator Offers Messaging, Social, Location and Storage Mobile Cloud Services to All Mobile App Publishers
|
|
ComponentOne Releases a Collection of 40+ UI Widgets Powered by HTML5 and jQuery
ComponentOne has announced the 2012 release of Wijmo: a kit of UI widgets for HTML5 and jQuery development
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
|
Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles
|
|
Xceed releases UX-focused suite for Microsoft’s WPF
"Blendables" helps match user experiences to developer visions
|
Are you at risk for burnout?
Burnout is a severe problem and it can strike at any time. Here's how to tell if you are nearing the edge.
|
|
Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
|
|
RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
|
|
GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
|
The Hidden Costs of Software Licensing
Moving beyond paper-based software licensing to more flexible, software-based licensing is a business decision. There is a growing trend tow...
|
|
Case Study: You May Need a Development Mechanic
As a contractor for a major financial player in Germany, SOBEGE, a German-based consultancy specializing in embedded IT and web services, wa...
|
|
Ensuring Software Quality at a Major International Bank
One of the world’s leading international banks has adopted AgitarOne technology for delivering generated unit tests for their Java software...
|
|
Load Testing Adobe Flex Applications
Adobe Flex applications may be different from applications you’ve worked with before. For classic HTML web applications, the server does all...
|