An European Airlines Selects Vault-GENERAL™ to Exchange Cardholder Files

Packet General Networks Launches Vault-GENERAL™ To Enable Partners to Exchange Regulated Data

Baldwin, New York – February 8, 2011 – Packet General, provider of data security solutions that enable regulatory/industry compliance, announced that an European airline has selected Vault-GENERAL™ to build a secure and PCI compliant file exchange infrastructure to secure their passenger reservations information. Vault-GENERAL™ is a secure file transfer vault that allows organizations to exchange the protected health information as well as merchants to share/transfer cardholder data files in a secure and compliant manner.

The current SaaS and most appliance based file transfer solutions are unable to help organizations to meet the regulatory compliance requirements adequately. Here are some of the main flaws in these solutions that could lead to non-compliance:

• Lack of ability to maintain confidentiality against privileged insiders.

• Absence of tamper-resistant logs.

• No way to ensure integrity of the transfer data.

• No protection for file data "at rest".

The above mentioned flaws directly violate the National Institute of Standards and Technology (NIST) security recommendations as listed in "Special Publication 800-66 Revision I" as well as the PCI DSS 2.0 mandates. The consequences of a data breach are serious - the breached HIPPA covered entity must inform the Secretary of Health and Human Services (HHS) about the incident. If the breach results in disclosure of unsecured protected health information of more than 500 individuals, the HHS must post the name of the breached entity on its website. In some cases the breached entity is also required to inform the media.

"If cardholder data is stolen – and it’s your fault – you could incur fines, penalties, even termination of the right to accept payment cards!", says the PCI Council¹.

"There is a clear need for a file exchange solution that allows exchange of sensitive data files in a compliant manner," said Raj Sharma, CEO of Packet General. "The availability of the Vault-GENERAL™ as a service, a dedicated virtual appliance deployed within our customer's own network, provides extra comfort to organizations who want to remain in total control of their regulated information".

Vault-GENERAL™ is a secure file transfer vault that not only facilitates secure transfer of files but also keeps them safe before and after the transfer of files has taken place. Vault-GENERAL™ enables compliance by mitigating the following data breach risks:

Protection against "privileged insider":
Misplaced trust in the privileged user (“root”) exposes a regular file transfer server to ever-increasing malicious activity. A malicious privileged user can view data stored in any file that is being transferred. Any record of such activity can be easily altered or deleted by the privileged user. Vault-GENERAL™ eliminates this risk.

Tamper-resistant file access logs:
Every file transfer/access operation is logged and cryptographically signed and stored in an encrypted vault. Even the Vault-GENERAL™ administrators are not allowed to alter such log files.

Data integrity:
A successful attacker can alter the data stored in transfer files or alter the functionality of the server so that sensitive information is revealed. Users and administrators of the system remain unaware since it's done without altering the expected behavior. Vault-GENERAL™ mitigates this risk factor.

Data confidentiality:
Vault-GENERAL™not only encrypts the transfer files "in transit" but also "at rest". Data encryption is transparent hence client side changes are required.

"Vault-GENERAL™ not only enables file transfers of any size but it also provides audibility which results in shorter audit engagements," said Erez Zadok, Chief Scientist, Packet General.

About Packet General:
Packet General is a data security company focusing on regulatory compliance. Packet General product portfolio includes PCI-GENERAL™, an encrypted MySQL appliance and File-GENERAL™, a secure file repository. Packet General is based in New York, USA. For more information about Packet General, please visit www.packetgeneral.com or call +01 631 546 5047.

Contact:
Diane Eisele
Packet General
+1 631.546.5047
pr@packetgeneral.com

# # #

Packet General, PCI-GENERAL™ and File-GENERAL™ are registered trademarks of Packet General Networks, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

1https://www.pcisecuritystandards.org/smb/