Guardium – Real-Time Database Protection and Compliance

Guardium Joins PCI Security Standards Council to Provide Real-World Perspective and Accelerate PCI-DSS Adoption

Brings Real-Time Database Security and Monitoring Expertise to Help Organizations Protect Cardholder Data with Practical, Cost-Effective Solutions That Don't Impact Existing Business Processes

WALTHAM, Mass. (September 18, 2007) ─ Guardium, the database security company, has joined the Payment Card Industry (PCI) Security Standards Council , an open global forum whose mission is to enhance payment data security by fostering broad adoption of the PCI Security Standards.

The organization was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International. Its Board of Advisors includes major banks and retailers such as Bank of America, Chase Paymentech Solutions, Citibank N.A., Exxon Mobil Corporation, First Data Corporation, JPMorgan Chase and Co., PayPal Inc., The Royal Bank of Scotland, Tesco Stores Ltd. and Wal-Mart Stores, Inc.

Customers that have chosen Guardium to protect cardholder data for PCI-DSS (Data Security Standard) include a 6,000-store national retailer, a Tier-1 card issuer, a leading merchant acquirer and a major transaction processor. Guardium has also achieved IBM “Advanced Industry-Optimized” status for financial markets by demonstrating successful customer implementations in the financial services industry.

Guardium offers a practical, appliance-based solution that both protects cardholder data in real-time and creates a secure audit trail of all activities - without impacting performance or requiring any changes to databases or applications. This pragmatic approach allows organizations to rapidly address key PCI-DSS requirements - including Requirements 3, 6, 7, 8 and 10 - without disrupting existing business processes or entailing lengthy re-engineering of legacy applications.

In addition, Guardium’s scalable solution reduces compliance costs by automating and centralizing many PCI-DSS monitoring and oversight processes. The company’s technology protects against both external and internal threats by tracking and monitoring all database activity in real-time and immediately identifying suspicious or unauthorized behavior, based on corporate policies and continuous comparisons to baselines of normal activity.

“Guardium’s first-hand experience working with companies in all industries makes it a valuable addition to our organization,” said Bob Russo, general manager, PCI Security Standards Council . “We welcome them and all others involved in the payment process to join us and help the Council develop policies that are stronger, more realistic, and practical.”

Guardium will work with the Council to evolve the current Data Security Standard and accelerate its adoption by financial institutions, banks, merchants, processors and point of sale vendors. The company’s CTO, Ron Ben-Natan, Ph.D., is a recognized industry expert in application and database security, with a real-world background working for financial services companies such as Merrill Lynch and J.P. Morgan. Ron is also the author of 10 technical books on distributed applications and security, including his most recent book, “Implementing Database Security and Auditing,” which describes best practices for security professionals, database administrators and auditors.

“Most organizations want to strengthen controls around sensitive data but aren’t aware that cost-effective, field-proven solutions exist to protect their complex and heterogeneous data center environments from information leakage,” said Phil Neray, vice president of marketing for Guardium. “Joining the PCI Security Standards Council will allow us to accelerate adoption of PCI-DSS by encouraging organizations to explore alternatives to traditional technologies and approaches which are widely-seen as impractical and ineffective.”

About Guardium
Guardium, the database security company, develops the most widely-used solution for database activity monitoring, security and auditing, with a blue-chip customer base that includes organizations in all major geographies and industries. Founded in 2002, Guardium was the first company to address the core data security gap by delivering a practical, appliance-based platform that both protects databases in real-time and automates the entire compliance auditing process.

Guardium’s investors include Cisco Systems and leading venture capital firms. The company has partnerships with IBM, EMC, HP, Microsoft, Oracle and Sybase and is a member of IBM’s prestigious Data Governance Council.

###

Media Contacts:

Aline Kaplan
Guardium
7781-314=0216

Corinne Sheehan
Adam Parken
Corporate Ink
617.969.9192