Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/22/2009
05:13 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

StillSecure Announces Support For New PCI Wireless Guidelines

StillSecure's products, services and managed security solutions help organizations comply with the PCI DSS wireless guidelines in a number of key areas

(Superior, Colo. - July 21, 2009) - StillSecure', provider of secure network infrastructure solutions, today outlined its support for the recently released PCI DSS wireless guidelines, prepared by the PCI SSC Wireless Special Interest Group (SIG) Implementation Team. Using StillSecure's suite of security products, services and managed security solutions, organizations comply with 8 of the 12 top-level PCI requirements and dozens of specific sub-requirements.

The goal of the recent "Information Supplement: PCI DSS Wireless Guideline" is "to help organizations understand how PCI DSS applies to wireless environments, how to limit the PCI DSS scope as it pertains to wireless, and practical methods and concepts for deployment of secure wireless in payment card transaction environments."

StillSecure's products, services and managed security solutions help organizations comply with the PCI DSS wireless guidelines in a number of key areas. For example, StillSecure implements and manages firewalls between wireless networks and the cardholder data environment (CDE), and deploys and manages network intrusion detection/prevention systems (IDS/IPS) to monitor wireless traffic. In addition, the company helps safeguard sensitive data being transmitted over open, public networks, and ensures that vendor default passwords have been changed and security settings are enabled. For additional detail on how StillSecure helps organizations meet PCI DSS wireless guidelines, please download the whitepaper, "PCI compliance: A technology overview," at http://www2.stillsecure.com/go/stillsecure/PCICompliance?tp=400759987.

"Wireless networking is a tremendous enabler for mobility and increased productivity, but it can represent a serious threat to the cardholder data environment (CDE) unless properly secured. Even if an organization doesn't utilize wireless technology, PCI requires constant vigilance for rogue wireless access points and networks," said Alan Shimel, Chief Strategy Officer at StillSecure. "By deploying products and services that help isolate and securely manage wireless components, StillSecure helps protect organizations while reducing the risk and liability of fraud and non-compliance."

StillSecure solutions are available as hardware appliances, managed services, or software. All solutions directly address many critical requirements within the PCI Data Security Standard. For more information about StillSecure's PCI support, see http://www.stillsecure.com/pci.

About StillSecure StillSecure delivers comprehensive network security that protects organizations from the perimeter to the endpoint. Offering both products and managed security services, StillSecure enables customers to affordably deploy the optimal blend of technologies for locking down their assets and complying with security policies and regulations. StillSecure customers range from mid-market companies to the world's largest enterprises and agencies in government, financial services, healthcare, education, and technology. For more information please call (303) 381-3830, or visit http://www.stillsecure.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19012
PUBLISHED: 2019-11-17
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or ...
CVE-2019-19022
PUBLISHED: 2019-11-17
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git r...
CVE-2019-19035
PUBLISHED: 2019-11-17
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.
CVE-2019-19011
PUBLISHED: 2019-11-17
MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette.
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.