ArcSight Joins the PCI Security Standards Council and PCI Security Vendor Alliance

  CUPERTINO, CA, Jan 22 (MARKET WIRE) -- 
 ArcSight, Inc., a leader in enterprise security and compliance management
solutions, announced today that it has joined the PCI Security Standards
Council (PCI SSC) as a Participating Organization and the PCI Security
Vendor Alliance (PCI SVA) as a platinum member. Through its role on the
Standards Council, ArcSight will help to evolve payment card data protection
standards including the PCI Data Security Standard (PCI DSS). As a member of
the Vendor Alliance, ArcSight combines its knowledge and PCI-specific
experiences
with that of other technology vendors to support PCI DSS. These memberships
highlightArcSight's commitment to support the payment card industry as it
addresses new
challenges of protecting cardholder data.

    The PCI Security Standards Council was founded by American Express, Discover
Financial Services, JCB, MasterCard Worldwide, and Visa International as an
open global forum for the ongoing development, enhancement, storage,
dissemination and
implementation of security standards for account data protection. The PCI
Security
Standards Council's mission is to enhance payment account data security by
fostering broad adoption of the PCI Security Standards.

    As a Participating Organization on the PCI SSC, ArcSight has the opportunity
to access and influence the industry's latest payment card security standards.
ArcSight joins a community of nearly 350 organizations working on improving
cardholder
data protection.

    The PCI SVA is a coalition of vendors that provide solutions and expertise
in
securing cardholder data. PCI SVA assists members of the payment card industry
-- composed of merchants, banks, and point-of-sale vendors -- in educating
the business community on the requirements and business value of the PCI
DSS, a global benchmark intended to improve security throughout the entire
payment-card transaction process. The PCI DSS is applicable to any enterprise
that transmits, processes, or stores cardholder data including retail,
hospitality,
healthcare, entertainment, and others.

    As a member of the PCI SVA, ArcSight will be able to share its unique
understanding of customer business challenges as they relate to PCI
compliance and provide insights into how it has met these challenges. The
company will also gain knowledge from other members that will help it
optimize its approach to managing PCI initiatives to its customers. Alliance
members
also have the opportunity to influence and advise on the growth of the PCI
Data Security Standard.

    "With the next deadline for complying with the PCI Data Security Standard
arriving
at the end of this month, we are receiving more questions from merchants
looking to learn how to best secure their customers' data and meet all of the
Standard's requirements," said David Taylor, board president of the PCI SVA.
"Now that ArcSight is a member of the Alliance, we can leverage the company's
valuable input to build awareness of just what is required to deliver a
comprehensive PCI DSS solution."

    "Through our memberships in the PCI SSC and PCI SVA, ArcSight will be able
to
share knowledge about customer needs while also increasing collaboration across
many
participating organizations," said Reed Henry, senior vice president of
marketing and business development at ArcSight. "This will help the industry
evolve standards that better address customer challenges today and in the
future."

    With the recent spotlight on PCI, merchants are challenged to comply for a
variety of reasons. The 12 PCI guidelines span not only point-of-sale
(POS)systems that actually handle the credit card data directly, but the entire
underlying infrastructure that interconnects a payment system. Customer
andcardholder data can be strewn throughout a merchant's infrastructure, with
brick-and-mortar retail outlets often the most vulnerable to risk (based
onexisting data breach cases) and where the biggest technical challenges of
deployment exist. In many cases, merchants are saddled with an
infrastructure that has reached its technical limits and cannot provide
allthe functionality mandated by PCI. Required audits and audit preparation
cycles are
expensive in both technology and labor to implement, support and test. PCI
itself is a moving target, as requirements are expected to continue to
evolve over time; and furthermore, being PCI compliant does not ensure an
organization against damaging cardholder breaches, which prominent retailers
can attest to.

    The ArcSight PCI Protection Suite helps merchants cost-effectively address
these
challenges, providing the following clear benefits:


--  Comprehensive automated monitoring across PCI-affected assets to
    reduce workload and to eliminate human error associated with manual
    monitoring.
--  Centralized monitoring and distributed data collection at remote
    sites, with support for hundreds of devices and applications, including
    legacy systems, to provide organizations overall visibility into their
    distributed cardholder infrastructure and networks.
--  Continuous oversight of PCI controls and automated test procedures to
    meet fiduciary responsibility efficiently.
--  Support for current and evolving compliance and governance initiatives
    for continued life-cycle value.
    

    
For more information on the ArcSight PCI Protection Suite, please
visit: http://www.arcsight.com/pci-protection-suite.htm

    About ArcSight

    ArcSight is a leading provider of security and compliance solutions that
intelligently identify and mitigate business risk and deliver a
centralizedview of enterprise-wide events across heterogeneous infrastructures.
This real
time and historic view into external attacks, insider threats and regulatory
compliance provides enterprises, MSSPs and government agencies with the
intelligence and response capabilities required to effectively protect and
manage
their networks and their businesses.  For more information, see
www.arcsight.com.

    ArcSight and the ArcSight logo are trademarks of ArcSight, Inc.

    About the PCI Data Security Standard

    The PCI Data Security Standard is a set of comprehensive requirements for
enhancing payment account data security to help facilitate the broad adoption
of consistent data security measures on a global basis.

    For more information on the PCI DSS, please visit:
www.pcisecuritystandards.org.

    About the PCI Security Standards Council

    The mission of the PCI Security Standards Council is to enhance payment
account
security by fostering broad adoption of PCI security standards.

    For more information on the PCI Security Standards Council, please visit:
www.pcisecuritystandards.org.

    About the PCI Software Vendor Alliance

    To learn more about the PCI SVA, please visit: http://www.pcialliance.org.

    



Copyright 2008, Market Wire, All rights reserved.

-0-