Tripwire Leads In Configuration Control For PCI Compliance

Seven of the nation's top 10 retail organizations ranked by Stores magazine – including Home Depot, Costco and Sears — have selected and implemented Tripwire Enterprise to achieve a known, trusted and continuously compliant IT system state to help address key components of the Payment Card Industry Data Security Standard (PCI DSS). Tripwire is the leading provider of configuration control solutions, with over 320 leading merchants in the hospitality, insurance, and travel industries who rely on Tripwire Enterprise to help ensure the security of sensitive customer data.

Mark Gaydos, VP of marketing at Tripwire, said the number of leading retailers in its customer roster speaks to Tripwire's strong leadership. "Tripwire has the strongest, most comprehensive solution available for PCI compliance. The fact that so many leading retailers use our software for assistance in complying with PCI is proof of that."

"PCI is not a one time event, but rather an ongoing process for protecting sensitive information," said Rob Garf, director of the Retail Strategies Service for AMR Research in a May 17, 2007 Retail Note. As the number of data breaches increase and as more retailers enter subsequent PCI audits, it is becoming increasingly clear that PCI compliance cannot be a point-in-time, box-ticking exercise. For sustained compliance that simultaneously increases data security and by extension brand safeguarding, it is critical to ensure that processes and policies that are put in place to secure PCI compliance are followed daily.

Ensuring Continuous Compliance
Tripwire automatically detects unauthorized, non-compliant change to enterprise-wide systems and virtual environments and immediately alerts IT staff so that exceptions to its change and release management policies can be immediately investigated and addressed. This approach enables retailers to better manage risk by providing continuous, automated compliance across their environments, ensuring continuous compliance with the PCI DSS.

"Throughout our 34-year history, we have made a priority of putting the customer first," said Jeff Bingaman, senior director of IT for Crutchfield. "Ensuring that our customers' data are secure, and that our website is consistently available to them, is mission critical for us — and Tripwire is the right solution for that job."

PCI DSS was released in 2005 by the PCI Standards Council, which released a modified version (PCI DSS v1.1) of the security standard released in September 2006 and is releasing v1.2 of the DSS this October. Prior to the release of PCI DSS, individual credit card companies had drafted and enforced their own security standards. Unlike many security standards, PCI DSS was not created and is not enforced by any government entity. The PCI Standards Council levies monetary penalties and contractual sanctions for members found out of compliance with the standard: members may be fined up to $500,000 per incident if any merchant or service provider that is not PCI-compliant is compromised. In the event of a security breach, members may be fined up to $100,000 per incident, plus possible additional fines.

About Tripwire, Inc.
Tripwire helps over 6,000 enterprises worldwide reduce security risk, attain compliance and increase operational efficiency throughout their virtual and physical environments. Using Tripwire's industry-leading configuration assessment and change auditing solutions, organizations successfully achieve and maintain IT configuration control. Tripwire is headquartered in Portland, Ore. with offices worldwide. http://www.tripwire.com/

SOURCE: Tripwire, Inc.