iViZ, an On-Demand Penetration Testing company, announced its discovery of a new class of vulnerability at Defcon 16, the world's leading security conference. This vulnerability allows attackers to steal computer boot passwords and bypass the security of pre-boot authentication software like hard disk encryption tools. It affects general computer users, enterprises, governments and can result in unauthorized access or theft of confidential data. Incidentally, in 2007 the global loss due to data theft is estimated to be USD 40 Billion. Surprisingly, this vulnerability has been existing for 25 years, says Jonathan Brossard, iViZ lead security researcher and discoverer of this vulnerability. Programmers unaware of this security hole have coded boot password feature in such a way that user entered text do not get flushed from memory properly leading to inadvertent leakage and theft. Even hard-drive encryption does not help in this case, adds Mr. Brossard. This vulnerability affects Microso

IT-Lifeline, provider of Disaster Recovery and Business Continuity (DRBC) services for small to medium sized businesses in the Pacific Northwest has been awarded another financial services contract with HomeStreet Bank. IT-Lifeline continues to expand their presence in the Pacific Northwest as the provider and regional leader of fully tailored business continuity solutions. This contract is a direct result of our expertise in DR/BC, but also the financial industry and its unique characteristics. We continually educate ourselves and customers on the issues that financial institutions are faced with when it comes to their assessment of risk ensuring our solutions continually align with their needs, said Steve Tabacek, President and CEO of IT-Lifeline.

Comodo announced the availability of version 1.0 of SecureEmail. Comodo SecureEmail employs well-established, de facto industry standard, PKI-based solutions/technologies that enable encryption and digital signature of outgoing emails, assuring recipients that the email has not been tampered with during transmission. Comodo's solution can be deployed with either Comodo or third party SSL Certificates. Email is one of the most vulnerable systems to attack. Comodo SecureEmail is the install-and-forget application that can automatically encrypt and sign all messages. Featuring full integration with Microsoft Outlook, Mozilla Thunderbird and other S/MIME-capable email clients, it includes a built-in wizard that allows users to easily download and setup a free Comodo email certificate. This helps automate the digital certificate acquisition, distribution, signature and encryption processes, freely building a secure email community. COMODO SecureEmail also helps companies further their compl

CA and Arcot Systems announced the availability of a solution designed to help organizations reduce the risk of fraud and identity theft in online transactions through risk-based authentication. Businesses are employing risk-based authentication technologies for their Web-facing applications in light of threats such as phishing and other forms of social engineering, as well as in response to regulatory initiatives such as online banking guidance issued by the Federal Financial Institutions Examination Council, the market trend to deliver software-as-a-service, and simple good business practices. The reseller agreement with Arcot allows CA to extend its suite of identity and access management products that help secure Web businesses and identities online. By implementing risk-based authentication technology, CA customers can confidently conduct Web-based transactions. It also helps instill in their customers and other users a level of comfort that their identities and their personal, pr

Guardium, the database security company, is aggressively expanding its international presence to meet increasing demand for safeguarding enterprise data and automating compliance controls. The company has formed new strategic partnerships with 29 international resellers and system integrators in the past 18 months, and expanded its global team to include five new regional directors responsible for managing and supporting Guardiums growing indirect channel. This expansion enables Guardium to align its worldwide sales organization and partners to strengthen the companys market leadership and ability to penetrate emerging markets.

Tizor Systems, a leading provider of enterprise database monitoring and protection solutions,announced today that Network Products Guide, a Silicon Valley Communications publication and a world leading publication on technologies and solutions, has named Mantra a winner of the 2008 Best Products and Services Award for Best in Regulatory Compliance.

Guardian Analytics, a provider of online account fraud prevention software for financial services institutions, announced the general availability of a new version of its flagship product, FraudMAP 2.0. This new release extends Guardian Analytics' proprietary Dynamic Account Modeling technology to model all individual online account holder activity session by session, from login to logout, increasing FraudMAP's ability to detect suspicious actions and flag behaviors inconsistent with predicted account holder behavior. The newly advanced activity modeling capabilities in Guardian Analytics' FraudMAP 2.0 analyzes all online account activity within and across sessions, including seemingly benign actions such as viewing check images or updating contact information. Sophisticated algorithms predict and weigh inherent risk by a number of parameters, such as expected account holder behavior and size of potential loss, to more accurately alert financial institutions to suspicious activity w

Coordinated Systems, the first call recording vendor to meet Payment Card Industry (PCI) Compliance, has expanded the Virtual Observer platform to remove credit card transactions from recorded audio and screen captures. Expanded security features which provide data protection functionality clearly places the solution in a leader position when it comes to PCI, HIPAA, and overall call recording security. We continue to pave the way for new PCI Compliance features even though they may not yet be part of the compliance specification, said Dan McGrail, Vice President of Product Development. Today, the PCI standard states a single transaction need not be encrypted.

Research and Markets has announced the addition of Javelin Strategy & Research's new report Consumer Authentication for Retail Banking: Compliance Does Not Equal Security to their offering. With the majority of financial institutions in compliance after the frenzied rush to meet the authentication requirements of the 2005 FFIEC Guidance, a number of financial institutions have relaxed into a satisfied mode. Compliance is not security, however, and complacency increases risk. Weaknesses have already been proven for widely adopted methods such as mutual authentication and device recognition. In this report, Javelin takes a hard look at how two-factor authentication has impacted consumers' attitudes toward online banking, as well as some of the obstacles that banks continue to face despite the stronger verification controls that are now required to authenticate online bankers. Included is a projection of the number of consumers that would bank online if institutions could provide the nece

AlgoSec, provider of Firewall Operations and Security Risk Management solutions, today announced that leading analyst firm Frost & Sullivan called its FireFlow offering an instrumental network security lifecycle management solution. In a Network Security Technology Alert, Frost & Sullivan addressed the growing market demand for network security lifecycle management solutions to meet external and corporate compliance requirements in increasingly complex environments. According to the alert, in what is a growing challenge, businesses must ensure their IT processes and structure meet regulations such as Sarbanes-Oxley (SOX) and Payment Card Data Security Standards (PCI DSS).

Crossbeam Systems, provider of next-generation security platforms for high-performance networks, today announced that it has certified Imperva's SecureSphere 6.0 to run on the X-Series Next Generation Security Platform through the iBeam ISV Certification Program. Deployed on the Crossbeam chassis, SecureSphere's market-leading application data security solution will help enterprises and carriers protect their Web applications and databases from attack, as well as enable companies to comply with a wide variety of regulatory initiatives.

Three surveys, with more than 780 respondents, show the increasing importance of enterprise risk management (ERM) to chief financial officers, audit committee members and chief audit executives. Crowe Chizek and Company LLC released the surveys results, which included participants from a broad spectrum of public and private companies, with revenues ranging from $100 million to more than $10 billion. The surveys found that more than 65 percent of chief financial officers (CFOs) and 70 percent of audit committee members cited managing enterprise risk as the biggest challenge for their organizations over the next 12 months. According to those surveyed, ERM was considered an even bigger challenge than improving financial reporting and improving internal controls for CFOs.

Brabeion Software announced the availability of Brabeion for PCI, providing out-of-the-box support for PCI compliance programs that can cut costs and time to compliance by up to 50%, at a time when organizations struggle with inefficient manual processes and a dramatic rise in PCI compliance costs. Brabeion is first to market with unique PCI-specific best practice content that now includes over 300 survey questions for processes and roles as well as over 6000 technology configuration controls and procedures and survey questions. Brabeion for PCI provides customers with the ability to overcome the complexities in mapping their business and technology environment to PCI audit requirements to ensure audit readiness. Brabeion for PCI is available as a software-as-a-service hosted offering, as well as through a traditional licensing model.

US DataVault, in its eighth year of providing online data protection to firms of all sizes across North America, today announced a breakthrough in pricing for redundant, secure online data storage, cutting its retail prices by as much as 75 percent. As a result, the company said more businesses will be able to economically store their data and e-mail offsite at US DataVault's multiple locations throughout the United States for rapid recovery in the event of a disaster, as well as to assure compliance with numerous government and industry regulations, such as HIPAA, Sarbanes-Oxley, FRCP and PCI-DSS.

Trusted Computer Solutions, Inc. (TCS), a developer of security applications that run on the Linux Operating System, today announced new compliance features for both the standalone and enterprise versions of Security Blanket. Security Blanket is the industrys most comprehensive system lock-down and security management solution that enables system administrators to automatically configure and enhance the security levels of Linux systems. The new features of Security Blanket provide compliance guidelines for organizations with industrial control systems (ICS), companies that process credit card transactions, and government agencies accessing classified data.

Patrick Townsend Security Solutions (PTSS), announced the launch of a new website ( www.patownsend.com). The site is designed to help both technical and non-technical professionals easily locate resources and solutions for all their encryption needs. In the late 90's, PTSS was primarily a System i solution, but over the years PTSS has built on its pioneering leadership to encompass all other enterprise platforms. In working with the largest retail companies in the world, PTSS understands the business imperatives of keeping critical data safe and the consequences of the smallest breach. PTSS also understands how important it is to design solutions to minimize the impact on day-to-day operations.

Triumfant has announced that Network Products Guide, a Silicon Valley Communications publication and a world leading publication on technologies and solutions has named Triumfant Compliance Manager a winner of the 2008 Best Products and Services Award. This respected annual award honors products and services that represent the rapidly changing needs and interests of the end-users of technology worldwide. As part of the tech industry's leading global awards program, this year's Best Products and Services were nominated from all over the world. Triumfant Compliance Manager dramatically reduces the time and costs necessary to achieve compliance with a variety of regulations-- including Federal Information Security Management Act (FISMA), Federal Desktop Core Configuration (FDCC), Payment Card Industry Data Security Standard (PCI DSS), and custom IT policies -- and is NIST Security Content Automation Protocol (SCAP) validated in accordance with the OMB FDCC security mandate for all Federal

Splunk, the IT Search company, today announced Gala Coral Group has chosen Splunk as its enterprise-wide solution for Payment Card Industry (PCI) compliance. The integrated gaming group, which includes Gala Casinos, Gala Bingo, Coral and Eurobet, has also rolled out Splunk to integrate security, application and network availability and provide reporting for change management. The PCI project builds on Gala Coral's successful initial deployment of Splunk, which was already being used for secure central log collection and audit trail retention - key aspects of PCI. Gala Coral chose Splunk for PCI compliance because the solution cost-effectively indexes and can search massive amounts of IT log data from any source.

Configuresoft announced that Mondial Assistance US, a leading provider of insurance and assistance services, has selected Configuresofts Enterprise Configuration Manager (ECM) to ensure Clean IT by providing continuous compliance with regulatory and industry requirements such as PCI-DSS (Payment Card Industry Data Security Standard) and Sarbanes-Oxley. Information technology is an integral part of our business, said Chris Burroughs, Vice President, IT Infrastructure Services for Mondial Assistance. The data provided by ECM has been invaluable. Before, every person in the department was tasked with helping with patching and audits. Now, only one person handles each area, which frees our time for other projects.

DigitalStakeout, an innovator and source of breakthrough Security Information and Event Management (SIEM) solutions, today released its summary of the results from its inaugural Cybersecurity Defense-in-Dimension Roundtable held in Washington, D.C.The Roundtable worked and identified four cornerstone issues as the basis for expanded future roundtable discussions. The four issues are: -- The immutable need for integration of Global threat intelligence in business/mission based security infrastructures -- The need to move to dynamic information-centric cybersecurity systems that support all source analysis and enable non-obvious threat attribution -- The priority to drive performance based strategies with value based mission and business metrics -- Create a Trusted SIEM reference architecture that breaks the contextual constraints of defense-in-depth and advances Defense-in-Dimension as the way forward.

Spearstone LLC announced a new service - DiskAgent - offering unprecedented data storage and protection capabilities for personal and business use. DiskAgent is a scalable software as a service (SaaS) solution that is easy to use and protects users from data loss and unauthorized access in the event of hardware failure or theft.DiskAgent offers continuous online backup to enterprise-class data centers and provides centralized management and constant access to data. When a computer is lost or stolen, DiskAgent enables the owner to remotely erase sensitive information from the original hard drive.

Third Brigade, a security software company specializing in host intrusion defense systems announced that Harvard Medical School has deployed the Third Brigade Deep Security host intrusion detection and prevention systems (IDS/IPS) to help protect its web applications and servers from targeted attacks against cardholder data. The protection will help Harvard Medical School to meet the data security standards set out by the Payment Card Industry (PCI). The PCI Data Security Standards, endorsed by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc., requires merchants and service providers that store, process or transmit customer payment card data to adhere to information security controls and processes that ensure data integrity.

Like a lot of IT Security specialists these days, Randy Lindberg has plenty of work to do and never enough time in which to do it. So when Lindberg wanted to upgrade the existing security management system to better monitor his organization's network for regulatory compliance and security purposes, straightforward, simple implementation, hassle-free operation, and immediate results were paramount concerns. His choice? A security information event management (SIEM) system called Cinxi from High Tower Software based in Orange County, California. Lindberg is the IT Security Lead for Banner Bank, a fast-growing banking and financial services provider based in the Pacific Northwest. From company headquarters in Walla Walla, Washington, Lindberg's staff is charged with ensuring network security for some 1,200 employees and tens of thousands of customers across the organization's 86 branch offices and 12 loan offices in Washington, Oregon and Idaho.

The OWASP Foundation ( www.owasp.org) has posted their final speaker selection for their upcoming conference in New York City. The conference will take place September 22nd - 25th, downtown at Pace University, located at One Pace Plaza.This application security world conference will be the largest OWASP conference ever. The Keynote Speakers for this event will include Howard A. Schmidt, Former White House Cyber Security Advisor, Joe Jarzombek, the Director for Software Assurance in the Department of Homeland Security (DHS), and Jeff Williams, Chairman of the OWASP Foundation. Jeremiah Grossman, Robert RSnake Hansen, along with many other well known application security pioneers, will present new research, findings and solutions. This conference is limited to only 1,000 attendees, so reserve your spot immediately.

mValent, provider of application configuration management solutions, announced today the availability of its PCI Compliance Automation Module, an extension of its award-winning mValent Integrity application configuration management software designed specifically to help IT teams comply with the Payment Card Industrys (PCI) Data Security Standard without adding to the tasks involved in meeting the requirements of this standard. Identity theft and the tools to prevent it are among the hottest topics for companies which accept credit card transactions online. For the IT teams at these companies, that means insuring that cardholder data is secured at all times, both to protect their customers and to safeguard against damage to their own brand equity and public reputations. Many independent industry pundits have reported that damage to a companys brand and reputation is the number one business driver that compelled those companies to act on PCI Compliance.

TriGeo Network Security,provider of security information and event management (SIEM) technology for mid-market enterprises, is providing real-time correlation to help meet 11 of the 12 Payment Card Industry Data Security Standard (PCI DSS) Requirements. While log aggregators only provide after-the-fact breach forensics, TriGeo Security Information Manager (SIM) analyzes user and network actions as they occur to identify, correlate and block unauthorized insider and hacker activity. This approach helps merchants comply with PCI by providing policies, controls and visibility across the network to safeguard credit card data.

OpSource announced that eXpresso Corporation, provider of online collaboration services for business, has chosen OpSource On-Demand for scalable Web delivery of its secure, award-winning solution. eXpresso enables users to share and collaborate on any Microsoft Excel file, regardless of location, which assists in the trend toward managed online business communities. eXpresso provides a complete and immediately usable Excel collaboration tool that requires no installation, support or training. However, with no in-house IT resources, eXpresso required a hosting solution that provided the technical aspects of its Software-as-a-Service (SaaS) offering, while also providing complete scalability to address the needs of its rapidly growing customer base. The company selected OpSource On-Demand because of its ability to manage its infrastructure while keeping pace with the volume of eXpresso users and their concurrent sessions.

IT-Lifeline has teamed with the ashington Bankers Association (WBA) to plan a series of educational webinars in response to new federal guideWlines that recommend tighter restrictions on top executives of financial institutions for overseeing business-continuity planning procedures.The federal organization that oversees business continuity planning (BCP) by financial institutions issued revisions in March to the handbook that instructs financial institutions on IT examination issues.

SCIPP International, a global non-profit organization dedicated to providing world-class security awareness training and certification services, has announced that it has received an endorsement of its security awareness course content and its proprietary body of knowledge known as SCIPP GAP (Generally Accepted Practices) as it pertains to disaster recovery, from the Business Continuity Institute-USA Chapter. SCIPP's proprietary Security Awareness training and certification program satisfies organizational compliance requirements for security awareness as defined in the Payment Card Industry (PCI-DSS), the Federal Information Security Management Management Act (FISMA), the Gramm-Leach Bliley Act (GLB), the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX), the Federal Financial Institutions Examination Council (FFIEC) Guidelines, and other industry specific bodies that regulate reporting and best business practice requirements.

Triumfant announced that Triumfant Compliance Manager(TM) has achieved NIST Security Content Automation Protocol (SCAP) validation in accordance with the OMB Federal Desktop Core Configuration (FDCC) security mandate for all Federal agencies. Triumfant Compliance Manager is the only stand-alone solution that actively maintains a perpetual state of compliance and audit-readiness on every PC, laptop and server, every day. Triumfant Compliance Manager dramatically reduces the time and costs necessary to achieve compliance with a variety of regulations-including Federal Information Security Management Act (FISMA), FDCC, Sarbanes-Oxley, Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and custom IT policies-while making the organization more secure in the process. Based on the uniquely powerful Triumfant IT Intelligence(TM) platform, Compliance Manager continuously verifies and enforces security policies on every PC, laptop,

John Verry (CISA) of Pivot Point Security discussed Easing the Burden of PCI-DSS Compliance by leveraging Security Information Event Management (SIEM). The 30-minute presentation, conducted in cooperation with Novell, focused on the basics of PCI-DSS compliance, the ramifications of non-compliance, major goals, and how to use automation to lower the overall cost and impact to large, complex enterprises. He emphasized the importance of provability. Not only do you have to achieve PCI compliance, you have to prove you're compliant in the event of a security breach, Verry stated. He continued by explaining that if you fail to prove compliance with the standard in the event of a breach, the penalties can be severe, In addition to the obvious damage to reputation, bad publicity, lawsuits and fines, your ability to process credit card transactions can be revoked.

Triumfant, the industry leader in Automated Compliance Monitoring and Control software, announced that Triumfant Compliance Manager(TM) has achieved NIST Security Content Automation Protocol (SCAP) validation in accordance with the OMB Federal Desktop Core Configuration (FDCC) security mandate for all Federal agencies. Triumfant Compliance Manager is the only stand-alone solution that actively maintains a perpetual state of compliance and audit-readiness on every PC, laptop and server, every day. Triumfant Compliance Manager dramatically reduces the time and costs necessary to achieve compliance with a variety of regulations-including Federal Information Security Management Act (FISMA), FDCC, Sarbanes-Oxley, Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and custom IT policies-while making the organization more secure in the process.

Triumfant, the industry leader in Automated Compliance Monitoring and Control software, today announced that Triumfant Compliance Manager has achieved NIST Security Content Automation Protocol (SCAP) validation in accordance with the OMB Federal Desktop Core Configuration (FDCC) security mandate for all Federal agencies. Triumfant Compliance Manager is the only stand-alone solution that actively maintains a perpetual state of compliance and audit-readiness on every PC, laptop and server, every day. Triumfant Compliance Manager dramatically reduces the time and costs necessary to achieve compliance with a variety of regulations-including Federal Information Security Management Act (FISMA), FDCC, Sarbanes-Oxley, Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and custom IT policies-while making the organization more secure in the process. Based on the uniquely powerful Triumfant IT Intelligence platform, Compliance Manag

Guardium, the database security company, and BMC Software are hosting a Webcast to provide government agencies with effective strategies for safeguarding Personally Identifiable Information (PII) in sensitive databases and easily complying with OMB M-06-16. The OMB directive states that government departments and agencies must log all extracts from databases holding sensitive information and verify each extract including sensitive data has been erased within 90 days or its use is still required. Major government agencies, such as the Federal Trade Commission, have already improved database security and addressed compliance regulations by deploying Guardium's database activity monitoring (DAM) solution. Guardium 7 monitors and tracks all access to sensitive data, across all major DBMS platforms and applications, without impacting database performance or requiring changes to applications.

Envysion has announced that it has passed its PCI-DSS certification audit, making it the only web-based video surveillance firm to meet new security guidelines aimed at reducing credit card fraud. Envysion Video helps retail, restaurant and hospitality customers improve their profitability and enhance their customer experience by providing remote access to in-store video that is tied to business applications, such as Point of Sale (POS) systems. Being compliant with the PCI-DSS standard provides added protection for Envysions customers against identity fraud by ensuring that all components of its MVaaS solution meet the industrys stringent security requirements. Many consumer-oriented companies are themselves rushing to become PCI certified to protect their customers sensitive information and to avoid the severe fines and limitations that would otherwise be placed on their businesses. PCI DSS was developed by credit card companies to help businesses that process card payments preven

FISolv announced two additions to the schedule for its Summer Education Series on Business Continuity Planning. The webinars will focus on how to develop a successful Business Continuity Plan and updated guidance from the FFIEC. FISolv is following up on the success of the webinars on Team Building and Board & Senior Management Responsibilities with upcoming webinars on Pandemics, the Business Impact Analysis, and Testing and Maintenance.

Ounce Labs announced that the company's Advanced Research Team (ART) has documented two vulnerabilities that can affect Java web applications that utilize the Spring Framework. With more than five million downloads of Spring to date, the security vulnerabilities identified could affect countless enterprises that utilize this commonly used framework. The specific vulnerabilities are 'ModelView Injection' and 'Data Submission to Non-Editable Fields.' These vulnerabilities allow attackers to subvert the expected application logic and behavior, gaining control of the application itself, and access to any data, credentials or keys held in the application. Although the two vulnerabilities discovered and analyzed by Ounce are part of the Spring Framework, Ounce Labs ART experts believe that similar issues can be found in other popular Frameworks. The ART Team has worked closely with the security team from SpringSource, the company behind Spring, to confirm these security issues and develop re

Network Frontiers, the leader in IT regulatory compliance management, announced the availability of the Q3 2008 Unified Compliance Framework (UCF), the first independent database to simplify IT compliance. The latest version of UCF highlights the addition of numerous new regulations and standards, including Fair and Accurate Credit Transactions Act (FACTA), Federal Financial Institutions Examination Council (FFIEC) and Fair Credit Reporting Act. UCF acts as the cornerstone of IT compliance, mapping hundreds of regulations, including PCI-DSS (Payment Card), Sarbanes-Oxley, HIPAA, CobiT, and NIST, into a master hierarchal framework. We are engaged with an accounting firm that owns several entities requiring them to be compliant with HIPAA, FFIEC, SOX and GLBA, said Christopher Hannan, owner of Optimal Technologies, LLC. In order to for us to provide their compliance auditing and consulting, we needed a cost effective and easy way to organize their compliance obligations. After evaluating

Aladdin Knowledge Systems, an information security leader specializing in authentication, software DRM and content security, announced a partnership with IdenTrust, who possesses the only global bank-centric identity network, to provide identity authentication solutions for secure online banking and financial transactions. Aladdin and IdenTrust are collaborating to offer certificate-based two-factor authentication for unmatched security, enabling financial organizations in the United States, Europe and Asia to implement next-generation technology to improve the security of e-commerce, fight identity theft, increase customer trust and drive revenue. Aladdin and IdenTrust will develop joint initiatives to drive future innovation and expand the options available for secure online banking and other industries requiring globally interoperable certificate-based transactions. A premier provider of authentication solutions to global financial institutions and the United States government, Iden

Talisma Corporation, an nGenera company and the leading Customer Interaction Management (CIM) software solution provider, today announced the availability of a white paper that describes how the fully integrated solutions of Talisma Email, Talisma Secure Message Portal and Talisma Chat help businesses achieve compliance with PCI (Payment Card Industry) Security Standards. Talisma solutions accomplish this by providing secure communication layers for protecting sensitive data during transmission, storage and access. Industry experts have stated that billions of dollars each year are lost in credit card fraud. The Federal Trade Commission's Consumer Sentinel (Consumer Fraud and Identity Theft Complaint Data) from 2007 shows that the FTC alone received more than 800,000 consumer fraud and identity theft complaints. These reported losses alone accounted for more than $1.2 billion -- credit card fraud, at 23%, was the most common form of reported identity theft.

Identity Engines, provider of role-based access control solutions for heterogeneous networks, announced the Authenticated Network Architecture (ANA): the industry's first vendor-neutral best practices framework outlining how organizations can migrate from the static, IP-address based architectures of the past, to the newer identity-based controls enabled by recent standards including IEEE 802.1X. Regulatory compliance mandates such as HIPAA, SOX, PCI, GLBA, NERC/FERC, FERPA, HSPD-12 across multiple industries have driven IT organizations to search for secure, efficient, cost-effective methods of controlling access to their network infrastructure. The ANA framework fulfills that need by leveraging latent enforcement capabilities present in most enterprise network equipment, enabling transparent role-based access across all existing infrastructure (wired, wireless, remote access).

Symark International, developer of the PowerSeries information security solutions for managing privileged access, announced PowerKeeper 3.0, the latest version of the industrys most advanced privileged account access management appliance for the secure creation, control, storage and retrieval of privileged administrative account passwords. PowerKeeper 3.0 includes support for application-to-application (A2A) and application-to-database (A2DB) connectivity, and bolsters security by replacing embedded credentials with one-time-use passwords. The new version also utilizes the HP ProLiant DL360 G5 server, which, when combined with PowerKeeper 3.0, significantly improves system availability and facilitates greater scalability to handle more users, managed systems and managed accounts per appliance.

Imperva has announced that it has extended its Imperva ADC Insights product line with PeopleSoft Insights, which monitors and protects PeopleSoft applications and data. Imperva ADC Insight Services enable organizations to streamline the compliance process and meet regulatory requirements on their application infrastructure without in-depth knowledge of the applications or mandates. Staffmark, one of the nation's leading staffing and workforce solutions providers, has developed self-service web applications based on the PeopleSoft platform. The company selected SecureSphere to safeguard these applications and the sensitive personal information they process including data submitted by job applicants.

McAfee announced enhancements to McAfee Total Protection (ToPS) for Endpoint, McAfees flagship endpoint security solution. This release provides new and updated compliance and security functions, including powerful policy auditing, flexible network access control, rogue system detection, enhanced Web security and improved anti-malware technology. The integration of management capabilities between endpoint security and compliance management enables customers to reduce costs, improve visibility and comply with industry & security policy across their entire infrastructure. According to Research VP Paul Proctor, Gartner, Inc. Companies today realize that they need more than just good security controls, and that they must also address compliance with internal security policies and industry regulations. A combination of good security functions and compliance management improves security operations efficiency and maturity.

netForensics, a visionary leader in the Information Security Management market, announced new functionality in its flagship Security Information Management (SIM) application that provides unprecedented guidance for managing and reporting on critical IT security issues, as well as compliance with regulatory requirements and standards. The integration of the new security audit framework into its nFX SIM One product enables netForensics to deliver the market's most comprehensive solution for managing and reporting on IT security and third-party compliance requirements. Modules that address specific regulations, such as PCI, Sarbanes-Oxley, HIPAA and FISMA, easily plug into the framework for quick deployment and rapid time to value. The first module delivered as part of the release of the new security audit framework helps retail organizations manage themselves against the Payment Card Industry (PCI) Data Security Standard.

Many smaller business owners may not realize that the Best Practice 6.6 of the PCI Data Security Standard (DSS) became a requirement on June 30th. The regulation requires merchants dealing with debit and credit cards to tighten their security by both conducting application code reviews and installing Web application firewalls. PaySimple has been certified PCI DDS compliant and assures that its system meets all the requirements demanded of a PCI Compliant third-party payment processing system.

Centris Information Services, provider of call center services, advanced automated call handling applications, on-demand interpreter services and broadcast messaging, has announced it has received its Payment Card Industry (PCI) Compliance certificate. Receiving this certificate ensures our customers, merchants and cardholders our data is protected according to the industry's highest standards, says Dale Augustyn, Director of Information Technology for Centris. In 2004, the Payment Card Industry Data Security Standard was created in a joint effort by major credit card companies; American Express, Visa, MasterCard and Discover, with each one of the credit card companies having its separate standard detail. June 30, 2005, the PCI DSS regulations were standardized and implemented.

Rackspace Hosting, a leading hosting services provider, today announced the release of a suite of hardware, software and professional services that helps customers achieve Payment Card Industry (PCI) compliance.

AdventNet, provider of affordable Enterprise IT Management and IT security software, announced the signing of an exclusive agreement with Solidcore Systems, the leading provider of software to detect and prevent unwanted change. This partnership, which has been in place for more than 12 months and has proven to be successful for both companies, enables full integration of AdventNet ManageEngine DeviceExpert network change and configuration management (NCCM) software into Solidcore's S3 Control software. ManageEngine DeviceExpert is a web-based, multi-vendor network configuration, change and compliance management (NCCCM) solution for network devices like switches, routers, firewalls and others. A trusted solution used by thousands of network administrators around the world, DeviceExpert helps take total control of the entire life cycle of device configuration management.

Chesapeake System Solutions announced that Central Bancompany, a full-service financial institution based in Jefferson City, Mo., is successfully using T-Recs Enterprise and Internet Data Manager (IDM) as central components of efforts to minimize operational and financial risk. Central Bancompany, which has nearly $8.5 billion in assets, serves markets in Missouri, Illinois, Kansas and Oklahoma through 13 community banks with approximately 175 locations. Central also operates a full-service trust affiliate. T-Recs Enterprise is an all-in-one application that offers all the functionality needed to reconcile the entire balance sheetcash and non-cash accountsand a sophisticated workflow management engine that keeps financial compliance processes on track and automatically escalates unresolved issues. T-Recs Enterprise offers unparalleled scalability and flexibility to support the increasing transaction volumes associated with growth-oriented entities such as Central, yet is well