Breach Security Joins PCI Security Standards Council

PCI Data Security Standard Calls for Web Application Firewall Deployment by June 2008

CARLSBAD, Calif., June 11, 2007 – Breach Security, Inc., the leader in web application security, today announced it has joined the Payment Card Industry (PCI) Security Standards Council™, an open global forum founded by American Express®, Discover® Financial Services, JCB®, MasterCard Worldwide®, and Visa® International for the ongoing development and implementation of security standards for payment account data protection.

Participating organizations assist in steering the direction of PCI standards through active involvement in community meetings, advance review of drafts of standards and supporting materials, along with regular dialogue with key stakeholders. Breach Security is the first participating Organization Member of the PCI Security Standards Council to address the rapidly growing threat against attacks on web applications. Organizations collecting and processing credit card payments online will benefit from this extra layer of protection from hackers and data leakage Breach Security offers.

The PCI Security Standards Council is responsible for publishing and enforcing the PCI Data Security Standard (PCI DSS). The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was introduced in January 2005 by the founding payment brands of the PCI Security Standards Council to help facilitate the broad adoption of consistent data security measures on a global basis.

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect confidential customer account information and data. Five states, including Texas and California, have proposed legislation to enforce the PCI DSS.

In September 2006, the PCI DSS established enhanced security requirements with the introduction of PCI DSS version 1.1. The latest adaptation includes section 6.6 which calls for “ensuring that all web-facing applications are protected against known attacks by applying either of the following methods: having all custom application code reviewed for common vulnerabilities by an organization that specializes in application security; installing an application layer firewall in front of web-facing applications.” This method for protection is considered a best practice until June 30, 2008, after which it becomes a requirement.

“Breach Security offers the most technically advanced web application firewalls with the broadest range of deployment options to serve any organization, large or small. Unlike vulnerability scanning, Breach Security’s web application firewalls provide continuous, real-time protection against security threats to sensitive information collected and managed by web applications,” said Marc Shinbrood, CEO, Breach Security, Inc. “We have added specific PCI-related signature profile detection to our products and look forward to participating in the ongoing development of the PCI Data Security Standard. Breach Security wants to help the payment card industry maintain the trust of online customers by offering an important layer of security for web applications.”

BreachGate WebDefend provides comprehensive security by automatically developing a profile of acceptable behavior, ensuring the highest level of security for custom, production applications at the lowest total cost of ownership. Once deployed, WebDefend “learns” acceptable behavior of an application and can be set to block malicious and anomalous behavior, including hacker reconnaissance and data leakage. WebDefend deploys out-of-line, avoiding the possibility of becoming a point of failure to critical, revenue generating web applications.

Breach Security also offers the ModSecurity Pro™ line of products, essential web application security at an affordable price. ModSecurity Pro products are based on the most widely used web application firewall in the world, ModSecurity, with over 10,000 deployments worldwide.

WebDefend and ModSecurity products are available from Breach Security and its resellers. For more information, please visit our website at www.breach.com or contact us at (866) 393-0907.

About the PCI Security Standards Council

The mission of the PCI Security Standards Council is to enhance payment account security by fostering broad adoption of the PCI Data Security Standard and other standards that increase payment data security.

The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the Data Security Standard. Merchants, banks, processors and point of sale vendors are encouraged to join as Participating Organizations.

About Breach Security, Inc.

Breach Security, Inc. is a leading provider of next-generation web application security that protects corporate-critical information. Breach effectively protects web applications of commercial enterprises and government agencies alike against Internet hacking attacks and provides an effective solution for expanding security challenges such as identity theft, information leakage, and insecurely coded applications. Breach’s solutions are ideal for any organization’s regulatory compliance requirements for security.  Breach was founded in 2004 and is headquartered in Carlsbad, Calif. For more information visit: www.breach.com.

# # #

Media Contacts:

Breach Security, Inc. U.S.

Dan Chmielewski, Principal
Madison Alexander PR, Inc.
dchm@madisonalexanderpr.com
(949) 231-2965