Protegrity's PCI SolutionPac™
A Comprehensive Solution, Accelerating Compliance.

For organizations looking for a comprehensive solution to accelerate compliance with the Payment Card Industry (PCI) Data Security Standards (FAQ), Protegrity offers its PCI SolutionPac™; a cost-effective combination of software and services specifically aimed at helping companies achieve PCI compliance.  Our PCI SolutionPac™ includes a combination of our web application protection software and our database security software, as well as evaluation and assessment by our Services group.

There are three core elements to our solution:

(1) Services, delivered by certified Protegrity security consultants, to identify gaps, guide planning and install technologies to ensure compliance in the most efficient and timely manner.

Strategic Services– A group of professionals with extensive technology consulting experience that look beyond systems vulnerabilities to focus on meeting the PCI security procedural requirements. They analyze security processes, identify gaps with PCI requirements, prioritize areas to address based on risk and ROI, and implement changes.

Technical Services– A group of security technologists with deep experience with network and data security tools and products.  These consultants evaluate current security systems, with specific attention to the protection of sensitive data in applications and databases.  In addition, this team implements, configures and integrates multiple data security products to achieve PCI compliance.

(2) Secure.Data™is a database encryption software product that provides organizations with a security solution that protects credit card information from all reasonable threats – internal and external.  With Secure.Data, companies can meet PCI compliance by defining, monitoring, and managing security policies across the enterprise; by defining and monitoring levels of data access; and by protecting data from ‘super user’ access.  Secure.Data is superior to other data encryption offerings based on these key criteria:                                         

• Comprehensiveness –  Secure.Data handles database encryption more efficiently than other available solutions.  But just as importantly, it is the only solution that also gives your company the critical functionality required to establish and manage centralized security policies, to protect and manage encryption keys, and to meet auditing requirements.
•  Performance and Scalability –  Secure.Data has the fastest throughput in the industry.  Leveraging the power of the existing infrastructure, it utilizes the processing power of each server it protects.  It is multi-threaded and has load-balancing capabilities, maximizing the efficiency and scaling with the computing power available.  The result: your data is tightly protected with minimal impact on existing systems.
• Focused Security – With  Secure.Data, you can focus security on only the most sensitive data.
• Full Audit –  Secure.Data gives your organization unmatched insight into who is accessing, or attempting to access, your most sensitive information.
• Enterprise-wide deployment –  Secure.Data is the only solution available that gives your company centralized management of policies and market-leading support for all databases and operating systems (including mainframe systems).
• Transparent to existing applications –  Secure.Data is implemented at the database level with no programming required. This allows for quick installation and deployment and minimizes the cost, impact, and risk to current applications. 

(3) Defiance™ TMSis a web application security product that is specifically designed to protect web and web services applications that credit card processors use to collect and display customer credit card information.  In combination with Secure.Data, this is the most comprehensive application and database security offering specifically targeting PCI compliance requirements.  Defiance TMS exceeds the protection and performance of other web application security products based on the following criteria:

• Enterprise data protection and threat management – Defiance TMS provides protection for all major homegrown and packaged web applications, and works in complex network and application environments.
• Simple management interface -- Defiance TMS delivers role-based administration, which is critical for maintaining the integrity of the credit card data, as well as operations dashboards and flexible management reporting to enable integration with enterprise security management (IBM, CA, etc.) and common reporting formats (Crystal Reports, SysLog, etc.).
• Intelligent Escalation of Threat Protection – Defiance TMS has a learning mode that is fully customizable by the administrator.  The increasing levels of protection are based on real-time threat policies.
• Multiple Modes of Threat Detection – Defiance TMS includes three detection modes, including Bypass, Passive and Active – which are customizable.
• Performance and scalability – Defiance TMS has patent pending application layer security technology which provides linear scalability behind industry standard load balancers.  This technology delivers optimal scalability and performance for enterprise applications.  Defiance TMS also delivers Monitoring that can also be deployed to provide security detection out of band with zero latency. 

--------------------------------------------------------------------------------

This offering defines a sound Data Security Management policy that provides the foundation for complying with all data security regulations, now and into the future.

For more information on how Protegrity can help your organization comply, please contact us.

Other Resources:

• Compliance Series: Payment Card Industry (PCI) Data Security Standards
• FAQ: PCI Frequently Asked Questions