Provider of E-Commerce Infrastructure to Hundreds of Online Retailers Selects SecureSphere Web Application Firewall to Secure Consumer Data

Foster City, CA, Dec. 11, 2007 – Imperva®, the leader in application data security and compliance, today announced that MarketLive, the leading global e-commerce solution for retailers, has achieved the highest-level Payment Card Industry (PCI) Data Security Standard (DSS) compliance using the SecureSphere® Web Application Firewall (WAF).  With the help of Imperva, MarketLive’s e-commerce platform, which powers some of the world’s most successful retail web sites including Frontgate, Gump’s, Norm Thompson, Stride Rite, Sur La Table, and Sundance Catalog, now meets the new PCI DSS 1.1 requirement for protecting cardholder data with application-layer security.

“With the help of Imperva’s Web Application Firewall, MarketLive has achieved PCI certification as a Level 2 Payment Card Industry service provider today,” said Barak Engel, chief security officer for MarketLive. “As a result, our clients won’t have to scramble to meet the June 2008 PCI 6.6 compliance deadline. We have taken care of this for them.”

SecureSphere Eliminates Constant Code Reviews

As a provider of e-commerce platforms for retail web sites that process credit card data, MarketLive had two options with respect to PCI compliance:

  • Build PCI controls on a case by case basis, which would require performing a mini audit for each customer

or

  • Achieve PCI DSS compliance for the MarketLive platform, which entails putting MarketLive inside the PCI reporting chain

MarketLive elected to become PCI compliant. Upon reviewing the requirements of PCI DSS v1.1, MarketLive decided to augment a code review with a Web Application Firewall to improve security and reduce its compliance burden.

“For PCI Section 6.6, we realized it made no sense to rely on code reviews alone. The idea of doing a code review both on an annual basis and a per release basis was not appealing due to the time, effort, and frequency of software version updating and enhancement involved,” said Barak Engel.

“As more and more Imperva customers become PCI certified, many are finding that, like MarketLive, a key driver is the ability not only to enhance security but also to reduce the cost of compliance.” said Amichai Shulman, CTO of Imperva. “SecureSphere meets this requirement with our patent-pending dynamic profiling technology which reduces operational costs of application security by automating policy creation and maintenance.”

New PCI Requirements Next Year

The PCI Data Security Council, founded by Visa, MasterCard, Discover, American Express, and JCB Cards, created the PCI DSS to establish and enforce data security standards for merchants. In September 2006, the council introduced PCI DSS version 1.1, which mandates that by June 2008 merchants must ensure that all web-facing applications are protected against known attacks by using either of the following methods:

  • Having all custom application code reviewed for common vulnerabilities by an organization that specializes in application security

    or

  • Installing an application layer firewall in front of web-facing applications
    Organizations that store, process or transmit cardholder data must comply with the new PCI standard by the deadline or risk fines, sanctions, or a reduction in tier imposed by the PCI Council.

About SecureSphere

The award-winning Imperva SecureSphere® products deliver practical solutions to protect sensitive data in the databases, Web applications, and Web services that support business critical systems. SecureSphere assesses, monitors, and audits all access to an organization’s databases, and tracks and controls user activity through Web applications and Web services. With SecureSphere, organizations have an automated, proven means to achieve and document regulatory compliance. SecureSphere uniquely saves time and IT resources by operating transparently with no changes to existing infrastructure and dynamically, requiring no manual tuning.

About Imperva

Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com

# # #

Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contact

Marc Gendron
(781) 237-0341
marc@mqpr.net