Sydney – May 15, 2008 – WatchGuard® Technologies, a global provider of network security solutions, today issued a wake up call for Australian and New Zealand–based organisations required to achieve PCI DSS compliance for all web-facing applications by 30 June 2008.

PCI DSS applies to every organisation that processes credit or debit card information including merchant and third-party service providers that store, process or transmit credit/debit card data. Any company charged with non-compliance risks losing the ability to process credit card payments, as well as potentially being fined.

While the goal of PCI DSS is to create a framework for good security practice around the handling of cardholder data, the standard does not define the security requirements for an organisation’s entire IT infrastructure.

A PCI-compliant operating environment is one in which the cardholder data exists, and PCI DSS defines the requirements for how access to this data must be controlled, monitored, logged and audited.

Any network firewall, and by extension a unified threat management appliance that combines a network firewall with other features such as anti-virus and intrusion prevention services, can be a part of becoming compliant, but it will only cover a certain portion of the compliance requirements.

“Compliance with the PCI DSS standards can only be achieved via a combination of PCI DSS operating environment network architecture, including firewall deployment, and security practice, procedures and policies,” says Scott Robertson, ANZ Regional Director, WatchGuard Technologies.

“For organisations seeking PCI DSS compliance, WatchGuard advises companies to design a network with appropriate physical and logical boundaries to segregate the PCI-compliant operating environment. In addition, beyond supporting the required network architectures, there are strong logging, monitoring and auditing components required by PCI DSS.”

In order to ensure that a PCI-compliant merchant is able to incorporate new technologies and to respond to new ways of hacking personal data, organisations have continuing auditing responsibilities that must be undertaken in order to retain PCI DSS compliance. The requirements are organised into six main control objectives and include: build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy.

In particular, the PCI DSS standard requires a zoned network architecture where all traffic into the trusted portion of the network is blocked by default so that only the specific protocols, ports and content allowed by the corporation’s security policy are allowed to pass into the Trusted Zone.

“Between now and the end of June, the two keys to achieving PCI DSS compliance are fostering a culture of security within the organisation and the design, deployment, and maintenance of a secure networking infrastructure.

“Organisations should be asking themselves, for example, do we have a culture of security within our organisation, do we educate and train each other on best security practices for our business, do we have a security policy that is up-to-date, that people are aware of, and do we have a way to review it, change it as needed, and to enforce it. Finally, do we have the controls – be they policy-driven, technical, or whatever – to be able to make sure that we stay compliant within the policy that we’ve created?

“If you have those factors, you have a security culture and when you have a security culture, regardless of the regulatory or industry compliance standards you have to meet, you’re going to have a sound framework from which you can adapt to them,” says Robertson.

The WatchGuard Firebox X family of UTM products is ideally suited to building and maintaining a PCI-DSS-compliant network environment thanks to the strong segregation capability available with the built-in application proxy technology.

About WatchGuard Technologies, Inc.

Since 1996, WatchGuard® Technologies, Inc. has been the advanced technology leader of network security solutions, providing mission-critical security to hundreds of thousands of businesses worldwide. The WatchGuard Firebox® X family of wired and wireless unified threat management appliances and WatchGuard SSL VPN remote access solutions provide extensible network security, unparalleled network visibility, management and control. WatchGuard products are backed by WatchGuard LiveSecurity® Service, an innovative support, maintenance, and education program. WatchGuard is headquartered in Seattle and has offices serving North America, Europe, Asia Pacific, and Latin America. To learn more, visit http://www.watchguard.com/.