Welcome!

Cognitive Computing Authors: Pat Romanski, Zakia Bouachraoui, Yeshim Deniz, Liz McMillan, Elizabeth White

News Feed Item

Qualys Introduces QualysGuard PCI Connect to Streamline the PCI DSS Certification and Validation Process

Qualys, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced QualysGuard® PCI Connect which is the industry’s first Software-as-as-Service (SaaS) ecosystem for PCI compliance connecting merchants to multiple partners and security solutions in order to document and meet all 12 requirements for PCI DSS. Qualys is unveiling this new product at the RSA Conference this week at booth # 1717.

QualysGuard PCI Connect is an on demand ecosystem bringing together multiple security solutions into one unified end-to-end business application for PCI DSS compliance and validation. As a new addition to the widely adopted QualysGuard PCI service, PCI Connect streamlines business operations related to PCI compliance and validation for merchants and acquirers all from a combined collaborative application with automated report sharing and distribution. PCI compliance status and tracking is performed on an ongoing basis. Merchants who use QualysGuard PCI Connect can easily identify areas where they may not be meeting compliance requirements. Acquirers who use QualysGuard PCI Connect can easily evaluate whether merchants have met PCI requirements and whether sufficient evidence has been submitted for validation.

“At Merchant e-Solutions we are striving to have all our merchants compliant in 2009 and we are constantly searching for solutions that will complement our internal PCI DSS administration infrastructure,” said Jim Aviles, manager of products and technology for Merchant e-Solutions, a provider of traditional and internet-based payment services for banks and merchants. “QualysGuard PCI Connect will give our e-commerce merchants an easy to use tool to conduct vulnerability scans and document PCI compliance at a lower cost, it will also enable us to integrate the tracking and validation of their compliance status.”

QualysGuard PCI Connect is an open platform with XML APIs that will allows partners and solution providers to provide automated data feeds into QualysGuard PCI Connect to demonstrate compliance. In addition, merchants will be able to identify gaps in the PCI compliance program and easily connect to security solutions that can meet their needs.

“Compliance with the PCI data security standard is a continuous process, and not a one-time event,” said Avivah Litan, VP and distinguished analyst, Gartner Inc. “Security monitoring should be a continuous process and automated as much as possible so that human analysis and intervention is focused on high risk activities.”

QualysGuard PCI Connect offers merchants and acquires the following benefits:

  • Automates the collection of data for validations PCI DSS compliance
  • Merchants see detailed results including related evidence for all requirements of PCI throughout the entire organization when answering SAQ
  • Provides workflow for merchants to track comprehensive compliance status on an ongoing basis
  • Open API to work with any security solution or vendor
  • Acquiring bank has additional security controls of merchants when validating merchants for compliance

At the RSA Conference, six security vendors that provide PCI DSS solutions have partnered with Qualys to provide automated data feeds into QualysGuard PCI Connect. These partners include:

  • AirTight Networks is integrating its SpectraGuard® Online service, the only WIPS offered as SaaS today, into QualysGuard PCI Connect. SpectraGuard Online automates compliance with PCI Requirement 11.1 that mandates a minimum quarterly wireless scan of all locations or the deployment of a wireless IDS/IPS.
  • Core Security Technologies’ flagship IMPACT Pro is the leading commercial-grade penetration testing software solution on the market today. Merchants looking to comply with requirement 11.3 of the PCI mandate, which calls for regular penetration testing, use Core IMPACT Pro for robust, repeatable and measurable assessment of their networks and web applications.
  • Imperva SecureSphere Data Security Suite addresses PCI DSS section 6.6 via Web application firewall and sections 10 and 3.4 via database activity monitoring and database firewall solutions.
  • RedSeal Systems automatically analyzes how firewalls and routers work together to grant or prohibit access to every point within an organization’s network. Using this information, it validates if a network configuration complies with the network security requirements of PCI DSS requirement 1.
  • Splunk provides an overall view of your PCI compliance posture across all requirements. Specifically: PCI log management, file integrity monitoring and control reporting. PCI DSS Requirements, 7.1, 10.2, 10.5, 10.6, 10.7, 11.5
  • Third Brigade provides comprehensive server and application protection, including integrity monitoring, IDS/IPS, Web application protection, application control, stateful firewall and log inspection, in a modular, centrally-managed software solution that addresses PCI DSS requirements 1, 2, 6, 10, 11, and 12.

“Listening to our customers who are dealing with PCI DSS, it became clear to us that a centralized solution to collect the data for various PCI requirements was needed to streamline the process and give merchants more technology options for PCI validation,” said Philippe Courtot, CEO and chairman of Qualys. “We are thrilled to work with all the leading PCI DSS solution providers to deliver such a collaborative solution for merchants and acquirers to facilitate, manage and track PCI compliance at all levels.”

QualysGuard PCI Connect is an extension for the QualysGuard PCI on demand platform that provides businesses, online merchants and acquirers with the easiest, most cost-effective and highly automated way to validate PCI DSS compliance. Qualys is an Approved Scanning Vendor (ASV) and is fully certified to assess PCI DSS compliance. Currently, 68 percent of all PCI DSS ASVs and 49 percent of QSAs utilize QualysGuard to deliver PCI certification and automated Web application scanning to their global clients.

Availability

QualysGuard PCI Connect will be available in July 2009.

Partner Quotes

“AirTight is delighted to be part of the QualysGuard PCI Connect ecosystem, which recognizes that wireless is an integral element of a comprehensive security and compliance solution,” said David King, chairman and CEO of AirTight. “Navigating through the multiple provisions of PCI DSS can be daunting. By bringing together partners such as AirTight who provide best-in-class security solutions, Qualys is offering an integrated framework that will allow customers to meet the compliance requirements of PCI DSS, including the new standards that specifically apply to wireless, very easily.”

“Merchants and acquirers use Core Impact Pro to comply with the penetration testing elements of the PCI DSS standard and actively test the effectiveness of many security mechanisms required by the mandate,” said Jeff Clark, VP business development of Core Security Technologies. “As a member of PCI Connect, we are now better positioned to help merchants address additional elements of the PCI compliance process as well as to enhance these organizations’ abilities to measure their real-world cyber-risk.”

“Customers look to Imperva SecureSphere as the industry standard for Web application firewall, database activity monitoring and database firewall solutions for PCI compliance,” said Rohit Gupta, VP business development at Imperva. “Imperva is pleased to partner with Qualys to help customers streamline their PCI validation process via a centralized solution for data collection and tracking.”

“RedSeal is pleased to be partnering with Qualys on PCI Connect,” said Steve Dauber, vice-president of marketing for RedSeal Systems. “In conjunction with other ecosystem members, RedSeal’s automated assessment of DSS requirement 1 will help assure acquiring banks that valuable cardholder data is stored and transmitted safely.”

“Meeting today’s PCI compliance mandates extends far beyond simple log collection, retention and analysis. PCI solutions need the flexibility to be able to respond to ad-hoc requests from auditors and easily adapt when requirements change,” said Michael Baum, chief corporate and business development officer and co-founder of Splunk. “We are excited to be a part of the Qualys PCI Connect Program to offer customers our flexible IT Search technology, Splunk for PCI, which easily adapts to new control objectives and policy monitoring and provides powerful ad-hoc reporting capabilities to meet audit requests in minutes, instead of hours or days.”

“Our customers, from Fortune 100 companies to universities and HMOs, want to achieve and maintain PCI compliance more easily, more quickly and more cost-effectively, but no single vendor carries all pieces of the puzzle,” said Dhanya Thakkar, vice president business development, Third Brigade. “QualysGuard PCI Connect is a groundbreaking ecosystem and the resulting integration will simplify the management and ultimately reduce the cost of compliance.”

About Qualys

Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard® service is used today by more than 3,500 organizations in 85 countries, including 40 of the Fortune Global 100 and performs more than 200 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company.

Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, SecureWorks, Symantec, Tata Communications, TELUS and VeriSign. For more information, please visit www.qualys.com.

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments t...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...