nsslabs.com

Deep Security demonstrates 57 of 58 relevant PCI DSS requirements

Ottawa, ON and San Diego, CA – April 21, 2008 – Third Brigade (www.thirdbrigade.com), a security software company specializing in host intrusion detection and prevention systems (IDS/IPS), today announced that its Deep Security product is the first such solution to be validated under NSS Labs’ Product Report on PCI Suitability program.

Compliance with Payment Card Industry Data Security Standards (PCI DSS) increases complexity and costs for merchants and banks. NSS Labs, a world leader in independent security product testing and certification, is easing this pain by providing much needed 3^rd party product validation.

When asked about Third Brigade’s performance in the NSS Labs evaluation program, Vikram Phatak, CEO of NSS Labs, said “Third Brigade Deep Security was tested to our rigorous specifications: Microsoft, Oracle, and various open source applications were installed on the Windows Server being protected.  Deep Security stopped all the exploits that we attempted.” Mr. Phatak continued, “Just as important, Third Brigade’s Deep Security is capable of supporting security practices mandated within PCI DSS such as detailed logging, strong authentication, and role-based administration. Retail merchants and service providers that are required to comply with PCI DSS should feel comforted with the high-level of assurance this report provides.”

"Merchants have technology and physical constraints restricting security deployments. They are looking for fewer, ideally even just a single agent that can protect their systems and applications from malware and attacks," said Wael Mohamed, President and CEO, Third Brigade. "Now with this NSS Labs report, merchants can feel confident that not only does Third Brigade have the right architecture to meet their constraints, we deliver best-of-breed security that has been validated against their PCI requirements."

Mr. Mohamed went on to say, "There is no reason an attack against a store should go unnoticed for weeks. Third Brigade's real time detection and prevention protects operating systems, enterprise applications and custom web apps from known and unknown attacks, there is no excuse not to be protected."

Third Brigade is the first host intrusion prevention system to complete NSS Labs’ suitability testing for use in a merchant environment that covered:

• Fulfillment of specific PCI DSS v1.1 requirements, including logging and reporting

• Recommended Configuration Details for merchant environment deployment
• Security Effectiveness
• Appropriate Usage Recommendations
• Product Stability and Reliability

The final report is available here http://nsslabs.com/pci-suitability/thirdbrigade-deep-security-hips.html.  

Diana Kelley, Partner and Founder of PCI expert analyst firm, Security Curve stated “Third Brigade protects cardholder data at the source, resulting in strong cardholder protection at a very attractive price point with the potential to save millions of dollars.”  Ms. Kelley continued “I think the NSS Labs evaluation will encourage companies to take a second look at their PCI DSS compliance projects and consider host-based security capabilities like those provided by Third Brigade.”

Third Brigade Deep Security is an advanced, host-based intrusion defense system that provides:

• Firewall network segmentation to reduce the scope of the PCI audit.
• Virtual patching to comply with requirements for vendor security patches to be applied within one month of release.
• Intrusion detection and prevention of attacks that target cardholder data.
• Application firewall capabilities to complement secure coding initiatives and to protect web applications from attacks.
• Enforcement of standard security configurations, in physical and virtual environments.
• Detailed log information on who attacked, when they attacked and what they attempted to exploit, and by providing an auditable report of the security posture of a system.

Security Curve recently completed a report outlining two PCI compliance business cases where Third Brigade’s innovative approach offers cost savings to organizations faced with Payment Card Industry Data Security Standard (PCI DSS) compliance audits. The report is available for free download here: http://www.thirdbrigade.com/solutions.aspx?id=311.

About NSS Labs

Founded in 1991, NSS Labs is the globally recognized leader in independent security and performance testing and certification. NSS Labs performs the most comprehensive, high-performance security validation in the industry. Our proven methodologies reflect real-world traffic and usage conditions, helping information security professionals understand how products will work in their environments. NSS Labs is a participating organization in the PCI Security Standards Council, and is solely responsible for its test criteria, methodologies and reports. Clients include brand names like IBM Internet Security Systems, Cisco, Juniper Networks, SourceFire, McAfee, Fortinet, Radware, and Third Brigade. For more information, visit: www.nsslabs.com.  

About Third Brigade

Third Brigade (www.thirdbrigade.com) best-of-breed host intrusion defense systems protect critical data and applications, including those on virtual machines, from attacks that bypass or penetrate network defenses, and target vulnerabilities in operating systems, and enterprise and web applications. With a high performance deep packet inspection engine, Third Brigade Deep Security detects and prevents known and zero-day attacks, and provides a virtual patch for Microsoft® Windows®, Solaris™, Linux, and other Unix® hosts on physical and virtualized systems. It helps ensure regulatory compliance with PCI and other standards, and prevents costly business disruptions. Unlike others, Third Brigade provides broader, faster and simpler protection.  Third Brigade. That’s control.

Note: “Third Brigade”, “Deep Security Solutions”, and the Third Brigade logo are trademarks of Third Brigade, Inc. and may be registered in certain jurisdictions.  All other company and product names are trademarks or registered trademarks of their respective owners.