Tripwire Announces Comprehensive Support for PCI DSS 3.0 in Tripwire Enterprise
PORTLAND, Ore. — July 16, 2014 — Tripwire, Inc., a leading provider of advanced threat, security and compliance solutions , today announced comprehensive platform and policy support for Payment Card Industry Data Security Standard 3.0 (PCI DSS 3.0) requirements in Tripwire® Enterprise. Tripwire is a certified PCI-Approved Scanning Vendor (ASV).
Tripwire Enterprise, a security configuration management suite, closes the retail threat gap by providing the broadest PCI platform and policy support in the industry and is used to protect the largest, most sensitive retail networks in the world. The Tripwire Enterprise Solution combines the power of configuration management, change detection and file integrity monitoring (FIM), to deliver continuous compliance and automated audit evidence collection.
The recent plague of high-profile retail data breaches has resulted in increased scrutiny of the security measures used to protect cardholder data. The PCI DSS was updated in November 2013 to version 3.0 with six new requirements designed to clarify and supplement existing guidance. The new requirements include complete hardware and software inventories, penetration testing, detailed authentication management, comprehensive malware detection and more robust protection for devices that capture, transmit, process or store cardholder data.
“The latest version of PCI reflects a subtle but important shift in scope that moves us toward a more comprehensive approach, which leverages PCI-driven investments to build a broader security program,” said Dwayne Melancon, chief technology officer for Tripwire. “In addition to the new requirements, the updated standard requires a broader view of security, including alerts and action on changes that are detected through automated means. This version of the standard definitely necessitates a more mature security program implementation, which our tools are ideally suited to support.”
Tripwire Enterprise PCI DSS support includes:
- End to end monitoring and protection of the entire PCI infrastructure from point of sale devices (POS) to servers that store, transmit or process cardholder data.
- Detailed inventories of hardware and software, including version numbers, patch status and identification of non-PCI compliant configuration settings.
- Dynamic, real-time change intelligence that prioritizes changes and events that contribute to PCI compliance “drift,” quickly identifying suspicious changes and events, including unauthorized system access.
Tripwire Enterprise also offers the most comprehensive platform and policy support in the industry. In addition to previously supported industry platforms and operating systems, The Tripwire Enterprise Solution now includes support for:
- Windows Server 2012 R2
- Windows Server 2012
- Windows Server 2008 R2
- Windows Server 2008
- Windows 8.1
- Windows 8
- Windows 7
- Red Hat Enterprise Linux (RHEL) 6
- RHEL 5
- AIX 7.1
- AIX 6.1
- Solaris 11
- ESXi 5.5
- ESXi 5.1
For more information about Tripwire Enterprise PCI support, please visit: https://www.tripwire.com/regulatory-compliance/pci-dss-compliance/.
Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence. Learn more at www.tripwire.com, get security news, trends and insights at http://www.tripwire.com/state-of-security/ or follow us on Twitter @TripwireInc.