Foregenix launches forensically-sound cardholder data discovery tool for PCI
FScout software uses data discovery to reduce PCI DSS scope, risk and exposure
Leatherhead, 23rd August 2010 – Digital forensics and incident response specialists, Foregenix today announced the availability of its cardholder data discovery tool, FScout. FScout’s proprietary technology identifies any unprotected and legacy cardholder data on laptops, desktops and servers across a business. The software alerts clients and identifies the unprotected cardholder data so that it can be securely removed or encrypted to reduce the business exposure, PCI scope and risk of data compromise. In addition to risk reduction, the solution is used to reduce the scope (and associated costs) of the Payment Card Industry Data Security Standard (PCI DSS) across the enterprise. Leading card payment processors Commidea, Servebase and CreditCall are among the proactive companies currently running the software as part of their commitment to compliance and risk management.
FScout maintains the integrity of the host system as it scans for unprotected credit card data. FScout’s forensically-sound approach ensures that the forensic integrity of files as well as the entire system is not disturbed should there be a need for an investigation. It uses intelligent scanning to identify unprotected cardholder data across an organisation’s systems, including normal files, deleted files, unallocated areas of the disk and slack space. This functionality, combined with its centralised and customisable reporting capabilities assists security managers in identifying and addressing future cardholder ‘data leaks’ across the organisation, thus working towards an account data sterile environment.
“FScout is an invaluable tool in our compliance toolkit. Its use helps us to validate and manage our PCI scope and ensure that we have no data leakage through regular monitoring of our business systems. We already know that PCI DSS v2 is likely to require the use of cardholder data discovery tools as part of both scoping and validation and FScout addresses that requirement” said Marc White, Head of Security and Compliance at Commidea Ltd. “FScout is in my opinion, best of breed, accurate, fast, reliable and a valuable addition to every security team’s PCI armoury.”
“As a key partner in our security strategy, Foregenix provides a proactive, well supported and refreshing view on PCI DSS Compliance. The release of FScout further demonstrates their proactive stance towards securing customer data and in particular, cardholder data,”said Salvatore Cicero, CTO of Servebase. “Its reporting gives us the ability to regularly scan our entire business to ensure that there is no unprotected credit or debit card data being exposed. Going forward FScout will form an integral part of our security strategy of monitoring for risk.”
“The Foregenix cardholder data discovery tool FScout fits extremely well, alongside other existing tools in the PCI DSS world, in the category of useful and efficient tools in reducing risk. We are looking forward to be able to use FScout to be more efficient regarding PCI compliance and risk reduction of our contract partners and merchants,” said Michael Fraenken, Senior Risk Manager from acquiring bank Postbank P.O.S. Transact GmbH, Germany.
FScout works on multiple platforms including Windows, Linux, Open BSD/FreeBSD and Solaris.
Foregenix is an independent, specialised information security business, headquartered in the United Kingdom, with a global service delivery capability. The Foregenix team has been closely involved with the payment card Industry since the inception of the security standards in 2004, and have carried out numerous PCI DSS assessments, PA-DSS assessments, penetration tests and forensic investigations on hundreds of organisations during this time. Its technical team has extensive experience in digital security, having worked as security consultants, analysts and engineers in a wide array of environments; including global financial institutions, global networking and security providers. www.foregenix.com