IronPort Systems Helps Retailers Comply
IronPort Systems Helps Retailers Comply With Payment Card Industry Standards
New Email Security Appliances Have Built-In Compliance Capabilities
FOR IMMEDIATE
RELEASE
Sydney & Auckland, 21 November 2007.
IronPort® Systems, a Cisco business unit and a leading provider of enterprise spam, virus and spyware protection, today announced the introduction of fully-integrated Payment Card Industry (PCI) Data Security Standards compliance for email. The new functionality is included in IronPort’s AsyncOS™ operating system, which powers IronPort’s existing and new purpose-built email security appliances for retailers and other organisations that handle credit and debit card transactions.
The introduction of this functionality into the new IronPort C150™ and IronPort C350™ email security appliances gives small to medium-sized businesses a single, fully-integrated solution that combines traditional email security functions (such as spam and virus filtering) with work-flow based functions (such as policy creation, content scanning, and message encryption, quarantining and/or archiving).
“IronPort delivers a PCI solution that is directly incorporated in our existing email security appliances,“ said Tom Gillis, vice president of Marketing for IronPort. “The latest reports from Visa show that thirty-five per cent of retailers that are not PCI compliant, despite the US-legislated September deadline and fines of US$25,000 per month for non-compliance. The next largest retailers, level 2 merchants worldwide, have a December deadline and are increasingly focused on becoming compliant. The good news is that IronPort's appliances can prevent PCI violations while also stopping more than 99 per cent of all unwanted email, resulting in the ultimate compliant, spam-free user experience."
PCI Compliance
Requirements and Effects on Retailers
PCI mandates that
customers provide a secure transmission medium for sensitive
cardholder information and maintain a vulnerability
management program. Anti-virus programs must be used,
regularly updated and capable of detecting, removing and
protecting against all forms of malicious software.
Companies who are not PCI compliant are subject to fines up
to US$500,000 per incident, greater scrutiny and additional
penalties – including revoking the ability to process
their debit and credit cards. In addition to fines and
penalties, non-compliant companies are subject to related
public disclosure regulations (causing a loss of customer
trust and brand equity), which could lead to lower revenues
and shareholder revenues. As a result, retailers and other
organizations that handle cardholder information around the
world are particularly focused on rapidly deploying a
solution to address PCI compliance.
PCI Compliance Made
Easy
IronPort’s PCI compliance solution and advanced
search capabilities are directly integrated into its email
security appliances and assist in identifying debit and
credit card numbers, and sensitive cardholder information,
by utilising advanced rule sets to confirm their legitimacy.
Because sensitive information can be sent over a wide
variety of attachment types, IronPort’s advanced content
scanning capabilities extend to all parts of email and
attachments, including more than 400 different file types
– regardless of how it is embedded.
As sensitive information is identified, the corresponding messages can be automatically encrypted for secure delivery, without requiring any action by either the sender or recipient. Compliance officers can also choose other remediation options including connection-based encryption, quarantining, archiving, user notification and self-remediation.
To regularly demonstrate effectiveness, compliance officers may choose to take advantage of auditable reporting capabilities that extend to the per-user level, allowing greater user education for those who need it most. These automatic scanning and remediation capabilities help to ensure that all transmission of cardholder information across open, public networks can be secure. All of these capabilities are incorporated in IronPort’s Web-based Email Security Manager™ policy management tool, providing ease-of-deployment and use.
IronPort’s Next Generation
Hardware Provides Capacity for PCI and Other Advanced
Features
The IronPort C150 and IronPort C350 are the
latest in a series of high-performance email security
appliances, optimised for small and medium-sized customers.
By taking advantage of multi-core based hardware,
IronPort’s proprietary operating system, AsyncOS, is able
to provide the appliances with the highest capacity of any
other similarly configured system. These purpose-built
appliances allow IronPort to not only deal with the growing
volume of spam, but also apply more CPU processing to each
message and therefore enable more advanced PCI scanning
algorithms and remediation. Coupled with monitoring,
reporting and management capabilities, the IronPort C350 and
IronPort C150 are clearly the right choices for the most
demanding PCI customers in the
world.
ends