AppSecInc First to Offer Comprehensive Best-Practice Database Security Policies for Payment Card Industry (PCI) Standard

NEW YORK – June 28, 2005 – Application Security, Inc. (AppSecInc) (www.appsecinc.com) today announced immediate availability of the most comprehensive set of database-specific best-practice policies to help organizations meet the requirements of the Payment Card Industry (PCI) data security standard.

Underscoring a proactive security stance on behalf of their customers and partners, credit card brands united disparate security guidelines under the PCI data security standard to strengthen the protection of payment information with a common set of guidelines. The new standard requires organizations to be in compliance no later than June 30, 2005.

In the aftermath of the largest reported breach of computerized personal data – 40 million credit cards exposed at a processing center – initiatives such as PCI are imperative to protect personal information better. Doing so involves the use of technology as well as the definition and implementation of business process for the collection, maintenance, and security of sensitive personal data.

Organizations can bolster PCI compliance initiatives with AppSecInc’s customizable best-practice policies thus making their efforts more granular, demonstrable, and repeatable. The breadth and depth of AppSecInc’s portfolio enables the company to address compliance within all of the guidelines set by PCI that relate to the defense of data at rest.

A VISA Alliance Partner, AppSecInc received a minority investment from the company in October 2004 as part of VISA’s initiatives to provide financial institutions and merchants with access to the latest advancements in information security technology. With more than 350 customers worldwide, AppSecInc is the leading provider of database security solutions; widely acknowledged as providing the most comprehensive solutions for corporate and government applications.

“From social security numbers to private health information, the data stored in databases and traveling across networks must remain protected. Ensuring trust in the appropriate use and protection of cardholder and payment information is a critical part of this security,” said Bill Tomlinson, National Security Practice Director for DynTek, Inc. “We offer professional technology services to the payment card industry, and solutions like Application Security, Inc.’s PCI policies are a valuable tool, which helps us to ensure that our customer’s most critical data is secure.”
The PCI effort highlights the critical need for application-specific security controls and best practices. With databases representing the infrastructure component in which data is at the height of its value, yet where it is often most vulnerable, the market for database security tools is expected to more than double during the next two years.

“As recent news reports have shown, application and database security are no longer a ‘nice to have,’ they are a must have for an effective defense-in-depth security architecture. Organizations need to address critical system protection with an end-to-end lifecycle process that identifies assets, fixes vulnerabilities, detects attacks and provides robust information for reporting – all of which Application Security, Inc. already provides its customers,” said Jon Oltsik, Senior Analyst at Enterprise Strategy Group. “With the PCI compliance deadline looming, Application Security, Inc. is again ahead of the game by providing its customers with the only compliance specific checks of its kind.”

AppSecInc PCI Policies: Best Practices Approach to Compliance

AppSecInc’s PCI best-practice policy templates are available for the company’s complete vulnerability management portfolio including its application-level vulnerability assessment scanner, AppDetectiveâ„?, and its real-time database intrusion detection and security auditing solution, AppRadarâ„?. By using these policies, organizations can easily tune their application security to the protections that are most relevant to PCI compliance.

PCI defines a set of common information security requirements comprising 12 top level security guidelines. Seven requirements pertain to protecting stored payment data, all of which are addressed by AppSecInc’s products:

1. Do not use vendor-supplied defaults for system passwords and other security parameters
2. Protect stored data
3. Develop and maintain secure systems and applications
4. Restrict access to data by business need-to-know
5. Assign a unique ID to each person with computer access
6. Track and monitor all access to network resources and cardholder data
7. Regularly test security systems and processes

AppDetective’s discovery, penetration testing and auditing/reporting functions enable organizations to discover and inventory all database instances; assess their configuration strength and level of vulnerability; and provide detailed reports to track audits and maintain compliance with the latest patches.

AppRadar’s intrusion detection and security auditing capabilities enable organizations to track and monitor all access to cardholder data by unique ID; centralize management of auditing, tracking and logging all transactions; and provide real-time notification of anomalous system events or known attacks.

As the only encryption solution on the market to allow column-level data encryption on production databases, DbEncryptâ„? allows organizations an unmatched ability to protect stored cardholder data with robust key management, strong encryption algorithms and an easy-to-deploy, point and click interface.

“Adherence to PCI requirements would go a long way toward ensuring personal data is thoroughly protected,” said Ted Julian Vice President of Strategy for AppSecInc. “But compliance can be challenging in terms of time and resources. By leveraging best-practice policies to help with this effort, customers can more easily achieve and maintain compliance with a minimum of effort and resources, allowing them to focus on driving customer value.”

Availability
Intuitive and easy-to-use, the PCI policy templates for AppDetective are available for download from the AppSecInc website at http://www.appsecinc.com/solutions/pci/. Policies for AppRadar will be available in July. These templates augment AppSecInc’s extensive range of best-practice policies that address the Sarbanes-Oxley Act (SOX), Federal Information Security Management Act (FISMA) and Health Insurance Portability and Accountability Act (HIPAA).

About Application Security, Inc. (AppSecInc)
AppSecInc is the leading provider of application security solutions for the enterprise. AppSecInc’s products – the industry’s only complete vulnerability management solution for the application tier – proactively secure enterprise applications at more than 350 organizations around the world. By securing data at its source, we enable organizations to more confidently extend their business with customers, partners and suppliers while meeting regulatory compliance requirements. Our security experts, combined with our strong support team, deliver up-to-date application safeguards that minimize risk and eliminate its impact on business. Please contact us at 1-866-927-7732 to learn more, or visit us on the web at www.appsecinc.com.