SANTA CLARA, Calif., Aug. 27 /PRNewswire-FirstCall/ - McAfee, Inc. (NYSE: MFE) today announced the Easy PCI Plan, designed to help companies achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS) in advance of government deadlines and the season's biggest online shopping day Black Friday. The New McAfee® Easy PCI Plan specifies a powerful "triple play" of integrated protection and compliance solutions, along with certified PCI consulting and audit services provided by Foundstone Professional Services. The unique "triple play" offering includes products such as McAfee Total Protection™, McAfee Foundstone® and McAfee IntruShield. All three solutions map directly to PCI standard requirements, thereby helping companies pass critical PCI audits and achieve sustainable compliance. McAfee Foundstone Professional Services is a PCI-certified Qualified Security Assessor.
According to Gartner Group, PCI compliance standards are the result of high profile data breaches that cost companies an average of $300 per credit card account. The standards have been in place for years, with companies falling into one of four categories based on the number of transactions they process. As of September 30, Level 2 merchants must comply with twelve categories, covering requirements from process to policy to technology.
"As a CEO, I understand the pain that companies feel as they try to achieve PCI compliance," said Dave DeWalt, chief executive officer at McAfee. "McAfee understands the importance of passing audits and sustaining multiple levels of security, and we understand the potential consequences of this looming deadline. The good news is that McAfee is well positioned to provide a full suite of protection and compliance tools that are designed to help companies not only pass PCI audits, but achieve sustained compliance as well."
At the heart of the McAfee Easy PCI Plan is a powerful "triple play" of integrated Security Risk Management (SRM) solutions that directly map to well over half of the twelve distinct requirements of the latest PCI DSS standard (v1.1). When combined with certified McAfee consulting and audit services, the Easy PCI plan provides a practical and prescriptive approach for addressing the primary PCI pain points facing Level 1, Level 2 and Level 3 merchants. These pain points include: 1) passing the PCI audit and meeting the September 30 deadline, 2) selecting and deploying a layered security model that sustains compliance, 3) proactively protecting sensitive credit card data including the systems that store it - with "good industry practices" for protection and prevention.
The "triple play" combination of McAfee IntruShield, McAfee Foundstone and McAfee Total Protection can help companies meet a total of six of the twelve PCI DSS requirements, including:
Its dedicated security focus and best-of-breed / best-of-suite solutions for network security, system security and risk and compliance allows McAfee to provide full and/or partial coverage for a large set of the PCI Requirements. And, McAfee's comprehensive security risk management strategy provides deep integration, unified management and centralized reporting across security solutions. Combined with Foundstone professional services, this allows companies to easily and efficiently plan and deploy required protection and countermeasures for achieving and maintaining PCI compliance.
When deployed as part of a practical strategy, the McAfee Easy PCI Plan "triple play" solutions and audit services deliver a host of value-added security and compliance benefits:
McAfee IntruShield - provides proactive network intrusion prevention that monitors networks in real-time to prevent attacks and intrusions on unmanaged or vulnerable systems. For example, IntruShield can protect un-patched Point of Sale (PoS) terminals or prevent malicious attempts to steal sensitive PCI data. As well, built-in features like integrated Network Access Control (NAC), anti-spoofing, internal firewall and encrypted threat protection can go a long way to establishing industry best practices.
McAfee Foundstone - provides a network-based vulnerability management appliance that can run regular vulnerability scans on systems and other critical assets, while helping to keep system patch levels up to date. Integration with IntruShield will allow highly vulnerable systems or hosts to be prioritized as high risk so that remediation can be triggered.
McAfee Total Protection Enterprise - provides agent-based software that delivers critical protection, including anti-virus, anti-spyware, personal firewall, host intrusion prevention (HIPS), and NAC. In addition, McAfee Host Data Loss Prevention (DLP) can be a critical element of establishing "good industry practices" for preventing the loss of sensitive credit card data.
Foundstone Professional Services - performs business consulting including health checks and program development. The group also performs technology consulting including software application security and network assessments. Foundstone Professional Services recently received the Qualified Scan Vendor (QSV) and Qualified Security Assessor (QSA) certifications for PCI DSS.
McAfee also works with an extensive network of partners to help its customers achieve PCI compliance and audits. McAfee helps identify the appropriate partner who can help companies determine how McAfee's technology applies to PCI requirements, while providing planning, deployment and audit services.
"With the window to achieve PCI compliance closing in fast," said Jason Pieters, Security Consultant and PCI QSA with Tevora Business Solutions, a McAfee Elite Partner and certified Level 1 PCI Assessor, "we are showing our customers how to implement McAfee products to help pass their PCI assessment and maintain compliance."
For more information on the McAfee Easy PCI Plan, as well as a complete list of McAfee products that map to PCI requirement categories, Visit the McAfee Web site. [http://www.mcafee.com/easypci]
McAfee, Inc., the leading dedicated security technology company, headquartered in Santa Clara, California, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. http://www.mcafee.com.
McAfee, McAfee IntruShield, McAfee Foundstone and McAfee Total Protection are registered trademarks owned by McAfee, Inc. and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2007 McAfee, Inc. All rights reserved.
SOURCE McAfee Inc.