Tufin Technologies Introduces New Payment Card Industry (PCI-DSS) Compliance Solution

Security Operations Management Product Ensures Compliance with PCI-DSS for Network Security, Data Safety, Access Control, and Accountability Requirements

Ramat Gan, Israel, June 3, 2008 - Tufin Technologies, the market leader for Security Lifecycle Management solutions, today announced a new PCI Compliance solution as part of SecureTrackTM, Tufin’s security operations management product. SecureTrack provides the industry’s most comprehensive PCI-DSS Audit Report for security devices, helping IT security teams meet the standard’s requirements in various control areas from network security and data safety all the way to access control and accountability. General availability of SecureTrack’s PCI-DSS Audit Report is scheduled for June 30th.

The Payment Card Industry (PCI) Data Security Standard (DSS) was drafted by leading credit card companies, including Visa, MasterCard, American Express, Discover Financial Services and JCB International.  PCI-DSS covers most aspects of an organization’s security operations - from business processes such as maintenance of an information security policy, to the configuration of infrastructure and the maintenance of a secure network.  This creates an urgent need for an automated management solution to help security teams streamline auditing and compliance processes.  SecureTrack’s PCI Audit Report, based on the Payment Card Industry Data Security Standard v 1.1, helps meet PCI-DSS requirements and serves as a powerful automation solution to strengthen security controls while reducing overall cost of compliance.

“PCI-DSS has become the most prominent security industry regulation due to the level of detail in its technical requirements, which means that PCI audit results are very easily quantifiable. In addition, the major credit card companies are diligently enforcing compliance and issuing penalties for non-compliant organizations”, said Ruvi Kitov, CEO of Tufin Technologies. “IT Security teams are struggling to comply with the PCI standard’s stringent levels of accuracy, accountability and transparency. In addition, IT security teams often do not have the time required to perform PCI audits manually. SecureTrack’s PCI Audit Report offers a comprehensive, automated solution that allows significant acceleration, higher accuracy and adherence to the major technical requirements of the PCI Data Security Standard.”

Key SecureTrack Benefits for PCI-DSS Compliance:

•   Continuous change tracking and analysis - ensuring all aspects of network and data security is inherent to the PCI standard.  SecureTrack monitors firewall policy changes, reports them in real-time and maintains a comprehensive, accurate audit trail for full accountability.

•   Powerful security policy simulation and risk analysis - policy simulation is a key part of the PCI requirement to test security systems and processes regularly. SecureTrack enables managers to query complex rule bases and simulate a broad range of scenarios. With SecureTrack’s Policy Analysis, managers can identify potential threats to cardholder data security and eliminate them before any damage can occur.

•   Configurable security alerts - combined with continuous change tracking and analysis, compliance alerts are part of a comprehensive approach to payment card data security that ensures both prompt response and thorough follow-up. SecureTrack alerts designated managers whenever any change that could affect cardholder data security takes place.

•   Periodic Auditing and Reports - intuitive, packaged reports for PCI-DSS compliance can be quickly customized to meet the specific requirements of every organization.

•   Multi-vendor best practices - best practices are proven methods of assuring the network and data security requirements of PCI-DSS. SecureTrack provides the ability to compare current configuration with best practice recommendations derived from extensive industry experience.