LOGIN | REGISTER NOW | SUBSCRIBE
 
print Printable version 
Most Read Latest News Blog Resources
Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

Does Windows cost Microsoft opportunities?
Microsoft's decision to focus .NET on Windows is stifling innovation due to the specter of...

Scrum Planning Board adds automation to Axosoft OnTime
Illustrations are also included to assist Scrum-using developers a better view of what the...

Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter

mValent adds PCI security to monitoring tool


By Robert Mullins
July 30, 2008 — 
Recognizing that hackers are still pursuing credit card numbers, mValent has added assessment of industry standards to its application configuration management software offering.

MValent introduced Monday its Payment Card Industry (PCI) Compliance Automation Module as a supplement to its mValent Integrity configuration management software, which monitors ongoing configuration changes to an application.

The module monitors compliance across a company’s IT network with the specifications set by the PCI Security Standards Council. It automates the task of maintaining that compliance, said James Hickey, chief marketing officer of mValent.

Hackers can break into a system and change “permissions” that determine who has access to sensitive data, Hickey explained. The compliance module continually monitors the system to make sure the security standards the company sets remain in place and aren’t replaced by a hacker's. “It’s about monitoring systems for changes in permissions or changes in access controls or password strength,” he added.

The PCI council, a global industry group, sets the Data Security Standard (DSS) as a benchmark for data security measures. DSS version 1.2 is scheduled for release in October, the council stated; version 1.1 has been in place since September 2006.

The security standards were created in the wake of much-publicized breaches in which payment card databases were breached and financial records exposed. In 2007, retailer TJ Maxx disclosed that 45.7 million of its customer credit card numbers were stolen in 2005 and 2006.

“That’s the most famous example, but examples abound,” Hickey said.

Although companies handling credit card transactions and storing such data are required to adhere to the DSS, the rules aren’t specific as to how they should do it, Hickey added, because threats and defensive measures frequently change.

The mandate is: “Secure the data,” Hickey said. “Secure the cardholder data so it’s not subject to being stolen by anyone, by a hacker. I don’t think it’s any more specific than that. IT organizations don’t have a clear road map for what it means to be in compliance.

The mValent PCI compliance module is intended to make sure that security features continue to adhere to company standards across multiple IT systems, ensure that any software “backdoors” are closed and alert IT management to changes in access controls, permissions or system services so as to avert a breach.

The compliance module works like the configuration management software that mValent offers to monitor overall application performance, Hickey noted. After a software application is deployed, minute changes can constantly affect the configuration, a process that must be carefully managed to make sure the application continues to perform as it should.

“[IT managers] are fond of saying, ‘You provision software a couple times a year, but you change configuration data hour-by-hour,’ ” he said.


Related Search Term(s): PCIsecuritymValent


Share this link: http://www.sdtimes.com/link/32644
 

Add comment


Name*
Email*  
Country     


  • Comment
  • Preview
Loading



 
 
 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 
Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?


 
blogs tab
Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST

 

Events calendar tab
EclipseCon
3/22/2010 to 3/25/2010
Santa Clara, Calif.
The Eclipse Foundation

DevConnections
4/12/2010 to 4/14/2010
Las Vegas
Penton Media

MySQL Conf. and Expo
4/12/2010 to 4/15/2010
Santa Clara, Calif.
O'Reilly Media

High Performance Computing Linux Financial Markets
4/19/2010
New York City
Flagg Management

Informix User Conf.
4/25/2010 to 4/28/2010
Overland Park, Kans.
IIUG