As part of its PCI initiative, SonicWALL commissioned ControlCase, a Qualified Security Auditor for PCI, to undertake a comprehensive audit. This audit confirmed the PCI version 1.1 compliance capabilities of SonicWALL’s Global Management System (GMS), and standard and enhanced SonicOS, as available on TZ and PRO series security appliances. SonicWALL also worked with ControlCase to create a step-by-step guide for implementing best practices in the deployment of a GMS-managed SonicWALL network.

The guide helps users put in place the necessary policies, control mechanisms and processes for introducing and enforcing security related to payment card transactions, without overlooking any of the details which the standard requires them to address.

“By following SonicWALL’s PCI implementation guidelines, organizations can quickly meet and maintain a majority of the network and policy requirements defined by the PCI Data Security Standard,” said Mark Mercer, chief executive officer at ControlCase. “SonicWALL is clearly providing a valuable service to their customers, and the market, by providing such guidance to a potentially confusing, complex issue.”

SonicWALL also worked with Dorian Cougias, founder and CEO of Network Frontiers, a company focusing on regulatory compliance and IT infrastructure training and publishing, to create a set of materials including mapping tools and online training materials for channel partners. Cougias and his research partner, Marcelo Halpern of the international law firm Latham and Watkins, with their supporting team, have created the first independent initiative to exclusively support a unified IT compliance management process that includes contractual standards such as PCI-DSS.

SonicWALL’s GMS has been updated to provide additional protection of consumer payment card data, prevent errors in compliance and enable detailed logging and easy remediation. The latest PCI-related enhancements include new policy and access controls that can be applied throughout a SonicWALL network and cover central management, monitoring and reporting of network security enforcement points.

Barriers to compliance.
ped by four major credit card companies, the PCI standard requires that any transaction or account information given to a merchant remain confidential and safe from unauthorized access. By September, 2007, many merchants who accept credit cards will be required to demonstrate compliance with PCI DSS version 1.1. To date, the predominant hurdles preventing merchants or service providers from passing PCI audits have been related to the environmental implementations of an application or product. Organizations failing PCI audits frequently rely too heavily on technology, such as vulnerability scanning tools, while ignoring the need to adjust business processes and controls.

“SonicWALL has taken an aggressive approach to meeting and exceeding the PCI compliance guidelines for security solutions,” said Greg Naderi, Product Line Manager of Network Security at SonicWALL. “We realize the road to compliance is paved with sound business processes, control mechanisms and solid technology. Coupled with our GMS and SonicOS solutions that support the PCI 1.1 standard, our best practices guide makes it easier for retailers, on-line merchants and service providers to configure their network for the optimal level of security. PCI is a very demanding and complex standard, but we believe that it’s a positive force which will encourage many organizations to embed prudent security practices into their everyday business practices.”