Traditionally, compliance professionals have created firewalls to segment or separate systems with sensitive credit card data (known as "in scope" systems) from corporate networks, to protect from potential theft and misuse. Enterprises have sought to lower the total cost of implementing PCI DSS by minimizing the number of these in-scope systems. However, these approaches also typically introduce significant challenges with respect to network architecture, policy management and cost. In contrast, PacketSentry with Virtual Segmentation features no in-line appliances (so no potential impact to applications) and control policies based on Microsoft's Active Directory group membership.
In a recent white paper, "The User Activity Approach to Internal Segmentation," Frost & Sullivan Analyst Ariel Avitan reports that, "Internal Segmentation functionality [like PacketMotion's Virtual Segmentation] gives organizations the ability to prevent specific entities or groups from breaking internal policies, better understand internal data flows, real-time policy enforcement and other functions that cost many man-hours support today."
"By supporting identity-based controls, PacketSentry provides organizations with a set of abilities to efficiently address the difficulties in complying with specific sections of the PCI DSS standard," said Avitan. "The ability to actively monitor all data elements and end-user activity without impacting network performance comes from PacketMotion's patented software technology platform that leverages massive computing power. This ability is a key advantage and differentiator in the market."
Consisting of PacketSentry Manager(s) and Probe(s), PacketSentry with Virtual Segmentation manages multiple control activities concurrently, including privileged user controls, in-scope systems change management, and data access audits. PacketSentry is comprehensive enough to adapt to ever-changing controls to accommodate PCI DSS requirements that are updated frequently, addressing one of the industry's biggest challenges to meeting PCI DSS compliance mandates. Finally, the solution delivers cost reductions that can benefit enterprises in terms of internal threat security as well.
PacketSentry with Virtual Segmentation is available now and is sold directly by PacketMotion and its authorized resellers in the U.S. and internationally. PacketSentry pricing begins at $50,000, and the Virtual Segmentation option is based on licensing. Product information may be found at: http://packetmotion.com/English/Collaterals/Documents/PacketSentryVirtualSegmentation.pdf
The Frost & Sullivan paper is available upon request.
PacketMotion's User Activity Management (UAM) solutions enable mid- to large-sized enterprises to simplify and lower the cost of meeting their compliance/audit requirements (PCI DSS, SOX, HIPAA, etc.) while delivering security functionality such as the ability to immediately stop user behavior that violates internal policies. A Gartner "Cool Vendor" company, PacketMotion combines patent-pending software with massive computing power to monitor individual user activity at the application level. The PacketSentry appliance operates out of band with no impact on network performance, and it installs in less than one day, typically reducing compliance-related capital and operating costs by as much as 80% compared to a suite of siloed tools.
PacketMotion and PacketSentry are registered trademarks of PacketMotion. Copyright PacketMotion 2010.