IT Infrastructure - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  IT Infrastructure


Voyence Helps Network Managers Cope with PCI Compliance



 By: Paula Musich
2007-09-14
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this IT Infrastructure story.


Rate This Article:
Poor Best
Voyence's tool simplifies the auditing review process for network managers.

For merchants and financial institutions, figuring out how to comply with Payment Card Industry Data Security Standard requirements can be a real guessing game.

Network change and configuration management provider Voyence on Sept. 17 hopes to take the guesswork out of PCI compliance for network operators with its new VoyenceControl PCI Advisor.

Because the PCI standard gives general guidelines on how to protect customer account data at various points during the payment process, rather than explicit instructions on compliance, its up to network operators to interpret how to apply the standard to their network.

"There are 12 different areas of the PCI mandate. Ten are related to the network," said Darren Orzechowski, vice president of worldwide marketing for the Richardson, Texas, company.

Resource Library:
PCI Advisor, the first product in the planned Compliance Advisory Series, takes advantage of VoyenceControls central repository of network equipment configuration data that tracks changes as they are made. The repository includes a built-in compliance engine.

Read more here about VoyenceControl.

Embedded in the tool are the actual PCI DSS mandates, which are mapped to relevant network security data. The tool also links associated policies, their definitions and results.

The PCI Advisor, which is built on top of VoyenceControl, provides, for example, a sample of how to write and apply an access control list for a network device that is compliant with the standard. "[Users] can take our templates, fill in their own variables for their network and add it. Now they have compliance," said Matt Clark, director of reporting at Voyence.

To help network engineers maintain compliance with the PCI standard on a day-to-day basis, Voyence built in dashboards and reporting specific to PCI to see what changes have happened and whether and where those changes introduced compliance problems.

"One thing that PCI is big on is that process has to be written down; the auditor needs to see that and evidence that youre following that process. They want to see as youre doing changes on a daily basis that youre following PCI-compliant processes, and they want documented evidence of that," said Clark.

Toward that end VoyenceControl PCI Advisor provides an audit trail of the change control process. "As they go through the quarterly review they can see who submitted a change job, who approved it, when it was approved and so on," added Clark. It includes check boxes and time stamps for those quarterly reviews.

But perhaps the biggest time and cost savings element of the PCI Advisor is the Auditors Report, which supplies documentation to the auditor on compliance policies, processes and results.

"It cuts down the time dramatically that it takes an organization to go out and collect the information to prove they are meeting the requirements. With the Voyence tool its all right there in front of me," said auditor Barry Johnson, director of risk mitigation at IGX Global, an information security firm in Rocky Hill, Conn.

Without the Voyence tool, Johnson said he has "had to go to as many as 15 different tools or areas to pull that information together. If all the information is there, then potentially they arent paying for me to be there as long."

The PCI Auditor Reports walk the auditor "through the processes, what compliance policies are in place down to the actual line [and] what the actual configurations are on the network devices, and they include reports showing on specific dates what the compliance status of the network was," said Clark.

"It spells out which requirements youre meeting and it shows a history so you can [be sure] that youre continuing your compliance efforts during the year. As an auditor, thats something I like to see," echoed Johnson.

Voyence also plans to add additional products to the Compliance Advisory Series that focus on such regulations as the Sarbanes-Oxley Act and HIPAA (Health Insurance Portability and Accountability Act).

The VoyenceControl PCI Advisor is due in November and will start at $30,000.

Check out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.



  Reader Comments: Voyence Helps Network Managers Cope with PCI Compliance
>>> Be the FIRST to comment on this article!
 

 
 
>>> More IT Infrastructure Articles          >>> More By Paula Musich
 


x}r8qռFsvgHS-ؖRԩRQ$$qL\eK|Kg<xӅ|dS%lݍFλ$i9rsݙkj֢w.w߽ Yf8mTEK\ߤ~Am;t =4mMfNHB ~}@~kfwD%x_'Щѩ€wɔZiZلܕ>}~qbw[ .hqLIlG5tuK͂%H}xu)t}(DIږy@6GǮJߣ*#7 ݙx8/DeOd^b{Aq<5;^;0k}BQ5w0NK <['#5nCUVekF֠6^:6 ȅC׷z$fRv'nWoR 205E2Z [XdTZ wӑku8r 08juj=nf,n@w(\'p}j F1 9,!\ZIa^j<mdRr-2Y˲nMw3a[Mѡl7Z4jjC)7+www;1ݻS w\TUMSy{zY !GA GmGkh[I#ZIkPwzɀ\>uɣ59N.|'oLV)UjT:( Ԙ:j`9rM7Jq߸+FQ@+).#-b|+0#ƌ_8@f9v򳹥s1\]^u2^u;'>ߘecfy3?TrJw3F~ V'݋uqSGV}Bg#j`BcYueUo~9c_CMnXCEC0JCR ?#3p;|io]~<<$ץ#Y>!_w nr@ i/]"{,Y`MImdƩ$|ǺzN3ߜjmT7oh2 f4 .έfh- @ho*K>LrM&@Sk~$GM\5ņ])!edFS{۴/^$P!P샖_. jNTwEQS'=^f&/\RB3Al8{ÄWTwsQ iz|68G]7kDm.-s5-wjcZVp3itڃWcҿ]{w`U}PhDvZM]qsu\StjFb:??JjexQi+r%(NMf[ԑplPòǔIz<g 6aϨ>|鎓z>:AGAtišwhNP7h`Cҋ;Lڠ~N;ݧn]=&tno/*AbG& ahh5 ZLH#AтMtT8n]`2Z9ܹ L& zVtc` VGPC!nH }P(Vr`{nȲc@|j JG@i0xzEاH.B$(ZȻ"!Alu [$t XV0(VFFvGBj+6ODs@PGҙ;qjr_)̄rZ z)2ٜʬ$3Mf X*ȉ#o"0%X ,gZ Xk5Ʋ fhZZO4Mǖa1A.ϼs6I`0EX$%\Ew, fzn4 Iߵo)y@la} / a@-]7mSr`8) 0:|Ch2i{M?g[,:L:%qCz]:0s k2'y='.Q1juϙܑm˹JoBoڅRU眺_dA_fMjlȜu>IVB17O)wz@aex**#wT4tj~#JwCݼ~hé;h{q#%MAw=e河xOuXKnuo?Jյ݋pz1TKúJj'/odm_EڠueLGeK-# IHf(XK+ezlxӇ8$&le6LEin Qy]{8dO17l`(`\Rev0>2ei[[ahdʸAfJ砢~c &*d ?r=kOGzc|pP9s?磔YTp$480T]2akRhj]Maf(0q |0b=99pJ/]aY8-- 'uaOhK3k<'UC8`ڊ:DӜh2F ñeH{ӞW+H>LZ`!?ՊRRՄiO5 &^PGe d^ `M`Rc׶ݻ| :lF֝=}Zj[<>9Q>5 < ıςL׃RUaT8j]pV~ 2­qŝa&1 DR)Ö13wdi'{םT'/咢TS+!f8c0SM \}O>zN¢ -{h'^+0ZN * RIS,d;W.P9ufjYE` dEN]tCx!+pDZ\P]\C#+Z&FdݤS*'Ș-qV#Yw7亢#݀ލnF+ F vgS(0f{L PwA-~O9b:xcqiy@(pᘙ@FSS؇dm/RkK*~iϻM^,_mhD1(dyDF4D/qbk Nu|8ZJ5qvsTy9kY%f+eEyZiztylƵYT{E3p{ݹY$'8 MGFi$]k|[P vfȵ w3m94c~('cjZ%o XBbK>aL:KlCs0X3f~:kt?y{z&wuf@^C-oc dc0=̞̝A mۨ L Ua bȈCzfH|~[q{?I L#yT*JZӳ$*+@:erz埍z_7)~(zC9+muA>aRTS*.?J6#U\+ԊR?YTAtE︤CEZdЯdL5AKl!/`.P(S/F fTmZ/)+iQ/ ~ dwm! PG c[,] y>1ag 3~w]fr?yzŻRiiԽ8cTZ>}8~61zˁNIMw$(XMp,Is^i{{>>^; YdEp0Z^ <!hao0 8 %Y; g݋uoлo= r@p'Bju_$'d0 sti_E'6b `xѤĢCT䵴f[YUHO~D!6OY=!tQ^}rZTrq]ȩh$}ݛ9V8:FHS p'#9ʼSsa, GW .k CvcNأ&k{?ȄKԍ)A/]s>ͥ=`L̴M\gwhNPD(Vp9c㻞Xi*/q)y͠y{`o&|)s'A֚uhaJofm5Şa4 ݣovR:}_ivݷ;޽s¾"CWq k:i)`* 94DhH^ݍ X"2NIJa'>8zdM#}9JfyӼ4hɘAxl7B_7nC]pb]sT xB`o~ˤaW*]c{*{w}wﰧ]VZtC.qFVd/)&%ΒE LM OKt1ڬ/ۥ{HkYXdbSOٞo ?֘M'|Ȟ8^C|Syg!,d_aзF0[)=)$Ιd<J;ooݍnL M A;&JX۴ rUCaC_:,0i0pDa $\}5 ߈;6bE#Ɠt-c򽱢rp:ip*9;_PE?\=3q DɛxYx7e\ڊ]aKn~ Vv/w,Viun.wR:FB}O+ʻ'.<0Qg$E }m==S<|h45dnሬ2O2YfS-O,E̾ӍQ`]OH9=rE's[%aH둁S(*,O8;"]$m/MٲZQGYqr+F,_1F9GߋiǺ3k' `l/B|;*UD` /CɱKWϟHBN>6nLc9߬3eF(&!@mC .z$XLȸVikJ̆Z%hZӞi:3Mz:4Yfc>O~/4Oxy_|ix(-+˰*y#3-?c[H3OlzV\"L6W:GRD>P ,4T~lށIT I(QH!o<#+YJDZ._᰻*zۚ*RIy>F3K eX[tx?}S:h$Hq.V渔j ڨpOb$Oq+\1$Uʋ+3iz[1jCRUInʨ@_1Z0G~S}zxD/1 xp * _ڔ i!ҭnQl$,c~eOC)$tI R_gAa|r*zUY#3W1+opF@3kՋS%6Fq'(9z Jҕk@:}u ؚ̹!*cQV 2.$RTDy"1ZO{o+J&MYR,؉W˝*8ɗG]r%#h[+E/E$UWXO9B[kkE̓sCAmd6E*KO;CX.)%I+c3.`^gNC.ooooo4=by7QCWb.\l)ԆG%13Gڂc5p!"A$Q qrw65'TcMg+E'S7U/xQ#u1b h.a!.<}3H-`ڸꆜbM&HyQ_Ь0"> 9P6Z|inx2Vk1om†|Q~-hÄOo$p R*O B O@I4X!"8͓ɴGOL6gz(em tj~3.L ,g`֝;7u>2}'w7dbzE$-REMr$a1OdS)" z{2Wg˿ܼԹ1Ep > OSj{R0`k5FX' 70XO%-1R*"Szߥ=hճٗA86=xݻ:0{mO.^-*K4 ' Ehk}nZ'"Z[~, ee>]_,?Mecڨ;WN0)BnxNt؛,c u`m?y G#x|@W6-?xzc;D[[Ϟ.W#[⼩3[Z닋DI l~>h-ռtN0- pFH6/f{굜 fnzrMD%R| ʿ2rr_|k N5"q _z&BNk1\(xm$v?h`+@M,6-0V'BEqBf{ymZۈYѧ3.|WZZJ e9n6^Opzlï~JYf-e։5V$5$c*ΘhVtEP2-QTKopCJ`W-I:FV *`1m{;hOW"g>`!Zp6P]}z Uc͉by\!53řn.o5n[*Jj ][G?lƞUo|֊OZΚYΞCuܙŗr4tq'ulHKux''h'@amICXlnpì3XO0I_7nmԛL=ǔuT;]Ek~;;mF٧0G_L" {M!vlv$x{t$ ē;. ~GFU1sʉmOU~xyVMq⊓P-%8ɠ)"(lhFZ ElX0Du5F?PM};cDn|_Qk"ؖPVôH]E a!/(/nG~aI{ue&{ǘ$ q}EMm&^N kQ*flZO>'p.4XDJ Ň!^G K&5\A^R_V6LPFm.MEfIȢDE\1]ՔZr~^ :XuV%d˘xVH=Қ0&^zOE*ނ0H>PSqq UH+40B9=⏴|^ߕ{9hCy<Vz^3!˟X;b=Vں.q)y,y-J!L[Kx6_fR!gI ] 0.T8lW/ժsZE=4g!#@ZהV/`eE^[0H0e&>&"k8 ՗>-,'c0/';`^hRi|Iч% X3(qZ:<}Q-mEJ)!7߈#|֢@N cˡWq\o6zW 5%s$xx$(EQRxXC @W&Du#i!BEȝN|ZWD]%AJ%՜tg@EP]ׯ0Oļ\\snod0a/,9+J xfVVTm}qV.KEҔ`GS9ݱ=r {c`6~m9`Vm$M6Z[bT\Q=@%K.&ڰkbD))o2윶FcˠOkטPt1iC lA^+@ZBB(YYv' o.'G>]ov/?VHzՕݷod}extJ"rG:-eoiԖ!}Ȁ XPpMI٫T~Nd>MYx\Jӑu a|$z34mG=׀gU""a=X *>ndeH$H]YUc `xP$!Vu3taȈFxp稯-d=w:}GLna=9l4,Dzl0W)Va-=peL]gաu?䏃 OCcPx- rH8GaٹpuW Iݽa?ÈGs{^Z"hZ1ш@Q>|tN8%"&LmahnoaߝF$%xL1fװÞ1;m{^G#B Ť{i=׽dbWoH$P`+wdcmX$_@1bRB Q tR*tQ:..( oIYPXP؟S?pk2ꧦH0^qnp"(3[]ă02]w73 lMqW'Ig#j)`b. \]:ovN5k' H=:yXZBj@̐0(ˏIJ uXZFB(s 6Jk3) 7FúޛZF #}AaP8Z  +z+uT'I]WP)9CȮ KTU:P|.Oa@tyݬd/ǯ]iJdR. ?h$@쌆=xɾe{$$ ͈u0՝!XV39]69tHa{9.aw竰}ZGݪ;G'݋UbPhX>i5Mo )ns9EЊLjV}Q}xS?_A6pj;彜rcq'ʏ֗}Nr>?BB봻{\husʡݜ{SC) ח0۵s?sCs<s<AS(?)-sa|/r"G~.`.rƯz_z92?.˜rs#O9}}ʡ5_^55u:Iʙ#gK\8=JW ~TA__y+%INysYU~vïUX^йZ*ϑ*sҿw2~62A^ aqʍz^S_xڙ閽pLڭe]9hwp_l(%^a/ ^敽$'xEƒB+gٔ@#X{#u'NW6#ﹺ d^)WsU}Ӊ{Z?Ś/Yy<qLkb39(c#h .Ǒrۿe?|K2yi8$C{\pm`JrY-ahOW=M̝.nm;yx#ֽ2"Z;Yo)P/Y#IcDgev0ACѺ`*O WY-KbaP 3#o50ŸeZ 7㌰6ևW>{M0A:We}=tf}Y JÙ#ш~ǰ+L 29"9GqL]Q[tC=ѯF.h DN͡a[;$o>eM+5VkZpWrP c=bsUUEVrp` VUr `" *s>P`24UF` Ԋz!OJ14`­tK_cwp EЧ v̦L˘͛YH~æJጽNѯDʑ $1` HLBOkgq=q] XI 4<ZA0bl{2!%Kva[F8l#| }D2Y&5$M!-7cAqߢ=G'oC<:ed`+f'Շo\6 hE/ڳQx }J,p0lW2:X~ sn70aŘSkCMHn_!g]ScGˇUErby060OHb NZcV}ޣ# Ⱦ8ty9)"qEkڴJ&EF䮘H]g샴sh^jIҥlM H]+a5c*\~r SLiuhcЁxNiܬ1kHm7g@oJ`Xkt(JV7Bg3Σ3o˙~n݆xwPxO\ޛ-ӳVm$bmU]ݎ;3'/Հm'[}lW3!?e7ITC]cx GLH65'Tc*i|?Ge Lwt4?@&s`܈}DI5#_߇Fu: /A.sl2q7c[ !ˍ KmӬ9s¥"UXHNRX,8. kl9S;n[r(c<[_Eڵ<oc3+~`[t%(5x[vGLWe؋$| _[0~Y+m˕bA<\n2?>%i#|@ }(ۊnfT| %`GYU`Kr8ǩk Vmxtz w}t+e!)1w:f˟lہQ#nȹ-`jkEmEtẁA9)z0~ \\K萻kÐüpaf,˲cv9zaRr[W`0Z.<,(`F,$v"VTHkMΡmdqR!efƲ"7cP!Xd]-noB@w:S .xBDZ,ɋ|P cyx ^ŧ$NSb0x@t&W.rWa%P?|Ykh YIb ϻgyH%D}Sw= ɳAFK'O(Uƥ}:_Q|;]%`gd /=l}xxq,Emӻ:dA0|e{>] ~k Whc<y &g˳̦UZ*$