ArcSight releases PCI compliance management package

The addition of this package underscores ArcSight's commitment to providing customers compliance without compromise, meaningful security solutions in a compliance context.

Historically, merchants have had difficultly addressing the PCI standard and, as a result, face penalties including stiff fines and loss of their ability to process credit card transactions. The ability to gain visibility into processes and systems and gauge whether or not they meet this extensive standard, has always been a challenge. With this solution, merchants now have the ability to effectively perform ongoing management of PCI requirements, prepare for PCI audits and demonstrate PCI compliance to auditors in an efficient manner. Unlike "reporting only" products, ArcSight Compliance Insight Package for PCI is the only regulation specific package to automatically leverage the powerful capabilities of security management to address PCI requirements and identify specific PCI violations via a closed loop, reportable process.

"As the premiere world-wide luxury cruise line, we take the security of our customer's data and our regulatory compliance obligations very seriously. The ArcSight Compliance Insight Package for PCI provides us with an automated means of being able to achieve a large portion of this task," said Claude Gigoux, Manager, Networks and Telecommunications of Princess Cruises. "Now, instead of manually piecing together information, we have the ability to automatically manage, validate and demonstrate compliance status."

The ArcSight Compliance Insight Package for PCI enables organizations to efficiently and effectively address every phase of PCI management:

Ongoing Management of PCI Security Measures:

Analyzes data from existing infrastructure to immediately identify validated and potential compliance violations through a combination of technical analysis and business process monitoring. These real-time checks are backed up by a closed loop, auditable workflow so that PCI violations are appropriately addressed.

Preparation for Upcoming PCI Audits:

Helps merchants prepare for audits by providing a comprehensive set of reports that depict PCI compliance status throughout the enterprise. With this information, enterprises can easily pinpoint out of compliance systems, broken processes and unresolved issues prior to the auditor's arrival.

Demonstration of PCI Compliance to Auditors

During an audit, assists organizations in demonstrating PCI specific controls through a direct mapping of PCI requirements to active rules, scheduled reports, real-time dashboards and automated actions. During audits, these elements provide easy answers to often difficult questions about how the organization is addressing PCI.

"The need to demonstrate compliance with the PCI standard has created numerous challenges for already overburdened IT departments," said Steve Sommer, senior vice president of marketing and business development for ArcSight. "The depth and breadth of the ArcSight Compliance Insight Package for PCI offering further demonstrates ArcSight's commitment to directly address the complex compliance, security and insider threat needs of the enterprise."

ArcSight Compliance Insight Package for PCI features:

• Business and technical dashboards to provide immediate status of PCI compliance and unique dashboards for individual PCI requirements. These dashboards enable organizations to continuously evaluate the status of PCI compliance.
• Over 25 automated business and technical checks to directly audit PCI requirements and minimize exhaustive report review.
• Over 100 business, technical and procedural reports to demonstrate compliance related tasks.
• Automated risk based actions, including priority escalation, case creation and notification.