Thales eSecurity News Release

Vormetric CoreGuard 3.1 Enables Compliance With Latest Payment Card Industry Data Security Standards (PCI DSS)

SANTA CLARA, CA - February 1, 2006

- Vormetric Inc., the leading provider of security solutions for protecting sensitive information from unauthorized access, today announced that its award-winning CoreGuard data protection product helps companies enable compliance with the Payment Card Industry Data Security Standards (PCI DSS).

"Encryption is an integral part of PCI compliance. By implementing encryption solutions, companies can not only achieve compliance with certain PCI criteria, but also demonstrate to their partners and customers that they are dedicated to the protection of sensitive data." -- Alan Ferguson, Vice President, CoalFire Systems. CoalFire Systems (http://www.coalfiresystems.com/) is a Qualified Data Security Company (QDSC) for PCI DSS.

Vormetric CoreGuard is especially helpful for companies that need to enable PCI compliance.

"CoreGuard addresses key areas of both data security and data privacy. Its application to industry mandates such as the PCI Data Security Standards, allows companies to bridge the gap between security and privacy expectations while at the same time enabling compliance with strict data security requirements. Vormetric's CoreGuard assists the compliance, security, and privacy teams in addressing their concerns around the appropriate use and protection of customer information in a cost-effective manner." -- Michele DeMaree, Former Director of Enterprise Privacy for Best Buy and President of DeMaree Consulting (http://demareeconsulting.com/index.html).

Vormetric has been steadily gaining awareness and market share resulting in quarterly doubling of billings throughout the end of 2005. The recent addition of Dr. Heather Mark, PhD, CISSP in the role of Director of Industry Marketing, brings added leadership to Vormetric's data protection product lines. Dr. Mark co-founded information security firm ATC Security where she was responsible for marketing and partnership activities of the payment services unit. ATC was acquired in 2003 by Ambiron which later on became Ambiron Trustwave, one of the Qualified Security Assessors for the Visa Cardholder Information Security Program (CISP) and PCI.

Key areas where Vormetric helps companies address PCI DSS and protect their sensitive data include:

  • Data Encryption: Following standard PCI guidelines CoreGuard encrypts using standard AES 128 bit or 256 bit key lengths and it can encrypt cardholder data wherever it may reside: databases, audit and debug logs, flat files, reports, email repositories and backup archives. Encryption can be tied to a user and an application.
  • CoreGuard inserts above the file system layer so it is transparent to users. No modification to the application or database is required. It is non-disruptive and transparent to existing applications, business operations and the IT infrastructure.
  • CoreGuard can even protect sensitive data that does not reside in the database environment.
  • In addition to encryption, CoreGuard also helps PCI requirements for auditing and logging, application and host integrity, and policy-based user access control.
  • Vormetric adds very little performance overhead and is proven to be much faster than competitive encryption architectures. In performance tests using TCP-h benchmarks, Vormetric performance was up to 30 times faster.
  • For more specific details of how Vormetric CoreGuard addresses the PCI Report on Compliance (ROC) read the Whitepaper on Vormetric's website: "Ensuring Compliance with PCI Data Security Standards" (http://www.thalesesecurity.com/documents/FINALPCICOMPLIANCEWPJan2006_001.pdf).

"Vormetric's momentum in the Payment Card Industry is indicative of greater market awareness and demand for data security and privacy solutions," said Reed Taussig, Vormetric president and CEO. "Our PCI customers, like all of our customers, turn to Vormetric for the highest performance, most manageable data protection available at the most compelling cost of ownership.”

About Vormetric

Vormetric is the leader in data security management and enforcement solutions. Vormetric Data Security provides a centrally managed, high performance, easy-toimplement, distributed solution that solves the pressing compliance, security and risk management challenges facing today’s enterprises and government agencies. Vormetric’s application- and database-transparent solution outperforms other offerings to provide stronger and broader data security at a fraction of the management and implementation cost.

Vormetric’s more than 230 customers represent the world’s most trusted brands in financial services, retail, manufacturing, healthcare, media, energy and telecom industries as well as highly security conscious government agencies.

Vormetric technology has received strong market validation for its innovative approach to data security, including:

  • Selection by IBM as the core database encryption solution for DB2 and Informix on LinuxTM, Unix® and Windows
  • Computerworld Technology Innovation Award
  • Selection by Symantec to provide the Symantec Veritas NetBackupTM Media Server Encryption Option
  • Partnership with Oracle to secure the execution environment for Oracle® Database Vault
  • Five patents issued and nine patents pending

Vormetric is a trademark of Vormetric, Inc. All other names mentioned are trademarks, registered trademarks or service marks of their respective owners.