Elemental Announces Comprehensive PCI Security Policy For Customers Handling Personal Financial Information

SAN MATEO, Calif. – Nov. 7, 2005 – Elemental Security, Inc., an award-winning pioneer of new technology in enterprise information security, today introduced a new comprehensive policy framework to help customers measurably improve their compliance with the new Payment Card Industry (PCI) Data Security Standard.

Elemental’s new policy framework enables enterprises to adhere to PCI best practice security standards for network access control, host security configuration management, and systems and software inventory. It delivers the visibility necessary to continuously monitor systems that contain cardholder information and computers that have access to these critical machines. Elemental’s unique integration of host configuration, inventory management, and network access policies into a unified policy management solution enables organizations to enforce policies that apply access controls to assure non-compliant or unauthorized machines are not granted access to critical systems and applications. Ongoing monitoring of the PCI policies provides continuously updated compliance metrics that support security practices improvement and enhance audit activities.

“Protecting financial account and transaction information is critical at Marshall BankFirst, especially concerning the dynamic Stored Value solutions we offer to our customers,” said Tyler Brenden, Director of IT Infrastructure at Marshall BankFirst. “A product such as the one provided by Elemental, especially with its continuous visibility into systems containing customer financial information and their compliance against PCI policy baselines, is an interesting solution for implementing security processes to assure that PCI policy goals are being addressed. With a solution such as this, we see how the security posture of individual machines, as well as the overall network, can be continuously monitored, which would allow us to address any factors leading to non-compliance before they turn into incidents affecting our customers.”

“Protecting customer data is always a more cost effective strategy than reacting to loss or exposure of sensitive information,” said John Pescatore, Gartner VP and Distinguished Analyst. “PCI compliance is a starting point but businesses that are serious about protecting customer data (and avoiding the costs of incidents) should not stop at the minimum level mandated by the PCI. By having more detailed audits more often, and performing continuous vulnerability scans to monitor security controls and key internal servers, enterprises would detect deficiencies (in controls and processes) more quickly and be prepared for fixes that would prevent attacks.”

The rising incidence of stolen credit card data is a major concern for the payment card industry (PCI). In a collaborative effort to ensure the protection of customers’ personal information and the integrity of the payment system, major credit card companies established security requirements for companies that use cardholder data. Beginning June 30, 2005, credit card companies began mandating that their customers meet the new security standards, or be subject to fines, restrictions or permanent expulsion from card acceptance programs.

Addressing industry needs and customer response, Elemental’s new policy provides a framework for deploying and enforcing policies to computing resources that store and process private financial information. Elemental helps enterprises comply with the PCI policy with host-level security, protecting data where it resides, and with policy-based access controls that adapt to changes in the compliance or security posture of machines on the network. Continuous visibility into systems allows for enforcement of policies and access controls, as well as audit reporting of status at any time. Elemental also protects against unauthorized use of removable and writeable media, such as USB flash memory sticks and CD/DVD, as well unauthorized printing of secured documents, further protecting customers’ personal and transaction data.

“With a PCI policy framework assuring rigorous protections affecting host-level security, authorized transfer of private information across the network, and protection from removable media, Elemental has developed one of the most comprehensive policy frameworks helping customers meet the PCI requirements of the major credit card companies,” said Elemental CEO Peter Watkins. “Customers recognize the power and flexibility of the Elemental Compliance System, and have come to us requesting a PCI policy set to protect their customers’ sensitive data. We are pleased to deliver to help meet their needs.”

Elemental’s award-winning product is the world’s first solution that unifies policy management, host configuration and network access control in one seamlessly integrated offering. For the first time, enterprises can easily express cross-platform security policies that affect individual computers and their behavior on the network, gather meaningful up-to-date information to compare to established metrics, and selectively enforce policies across a diverse, dynamic environment. Security compliance has become a top priority for enterprises due to the pressures from increasing frequency and severity of security breaches, and from regulations such as Sarbanes-Oxley (SOX), the PCI Data Security Standard, and the Health Insurance Portability and Accountability Act (HIPAA).

About PCI

The Payment Card Industry (PCI) Data Security Standard is a set of 12 security requirements established by the major credit card companies for governing the safekeeping of customers’ personal information and ensuring the integrity of the payment system. The standard applies to all members, merchants, and vendors who process, transmit, or store cardholder data. Beginning June 30, 2005, card companies began mandating that their customers and the companies that use cardholder data meet the new security standards, including completing quarterly network scans and annual audits to help ensure compliance. Failure to comply with these security standards may result in fines, restrictions or permanent expulsion from card acceptance programs.


Sold directly and through leading channel partners, Elemental’s new ,,PCddddPPPCI policy will be available early next quarter. Contact the company at www.elementalsecurity.com for more, including sales and pricing information.

The Elemental Compliance System

The award-winning Elemental Compliance System is an enterprise security software solution that enables organizations to express, monitor, and enforce security policies for any computer connecting to the network. It is a client-server security system that provides broad visibility into all hosts in the enterprise and the means to control or contain them through auto-deployed security policies. The system consists of the Elemental server and Elemental agents running on workstations and server hosts throughout a network. Elemental’s architecture is unique in its ability to detect, monitor and control hosts with or without Elemental agents running on them. The Elemental Compliance System earned a 9.3 score and an “Excellent” rating from the InfoWorld Test Center earlier this year, and was also named a “Hot Pick” by Information Security magazine, as a result of its performance in a technical product review.

About Elemental

Elemental is an award-winning pioneer in the Security Compliance Management market. Elemental’s products address enterprises’ need to centrally manage the security compliance of all computers in their environments. Elemental provides unified visibility and control to manage dynamic computing environments, enabling enterprises to satisfy compliance requirements and measurably improve their security. Founded in December 2002, Elemental is a privately held company backed by Bessemer Venture Partners, Mayfield, Sequoia Capital and Lehman Brothers Venture Partners. Red Herring and AlwaysOn awarded the company their Red Herring 100 and AlwaysOn 100 awards, respectively, which honor the top private companies of 2005. The company is headquartered in San Mateo, Calif., and has offices throughout the U.S. Go to http://www.elementalsecurity.com for more information.

Don't miss