SecureSpan & CloudSpan Version 6

The SecureSpan & CloudSpan 6 families of appliances offer: PCI-DSS Compliance Organizations that want to create a PCI-compliant electronic payment process can deploy Layer 7 v6 appliances to mediate interactions between payer, payee and/or backend clearing houses without compromising their regulatory compliance. Enhanced Security Out-of-the-box support for a master passphrase, encrypted message traffic & audit logs, as well as protection from X-site request forgery allows you to better secure your shared resources from external and internal threats, thereby decreasing business risk. Improved Visibility Filter and view encrypted audits/ audit events; track command linebased logins and audit command line-driven events.

Compliance & Security Enhancements Enable Organizations nable to Reduce Risk and Increase Visibility for Shared Resources educe isibility
Mediate between shared APIs, cloud based services and PCI-DSS electronic cloud-based PCI payment systems in a secure and compliant manner Reduce Risk Associated with Shared Resources
With the proliferation of attacks against high profile enterprise and government targets, the against need for implementing a modern security and compliance infrastructure within your organization has never been higher. While numerous point solutions already exist from traditional firewalls to cry crypto devices to identity and access systems theyre rarely designed to deal with the elimination of boundaries between systems that is the result of an ever-growing trend toward the use of shared resources, be they cloud-based services, growing , cloud enterprise application APIs, or electronic payment processing systems. application The latest versions of Layer 7s appliances provide organizations with improved security ppliances controls when sharing enterprise resources with third parties. Customers can secure all inbound inbound/outbound traffic between shared resources; protect against modern exploits and threats such as cross-site request forgery; leverage the Sophos antivirus engine to scan for viruses in attachments; and create a keystore-protected master passphrase (KMP) to protected encrypt/decrypt a audit logs for viewing by users with the appropriate RBAC roles. With complete visibility into all interactions across shared systems and services, enterprises can reduce risks associated with external threats such as hackers; internal threats such as data breaches; track command-line driven tasks; and provide proof of compliance with audit line requirements requirements.

Implement a PCI PCI-DSS Compliant Solution

To learn more about Layer 7s latest release, call 1-800-681-9377 (toll free within North America) or +1.604.681.9377. You can also email us at info@layer7.com; friend us on facebook.com/layer7; visit us at layer7.com, or follow-us on twitter @layer7. In 2006 American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International formed the Payment Card Industry (PCI) Security Standards Council. The main purpose of the council is to produce and maintain the Data Security Standard (DSS), which is the a set of rules and requirements designed to help prevent fraud, hacking, and other threats to private cardholder data vate data. Layer 7 v6 appliances can now be configured to be a key part of any PCI PCI-DSS process, allowing o organizations to create an end-to-end electronic payment process without compromising regulatory compliance By implementing the recommendations in Layer 7s compliance. Secure Implementation Guide (SIG), organizations can gain PCI-compliant: Access controls Password management Encryption key management Inbound/outbound encrypted message traffic RBAC roles and assignments that secure access to cardholder data o Auditing, including a secure audit trail for system, administrative, and messagelevel traffic

New Features
PCI-DSS Compliance
Secure Implementation Guide (SIG) Auditing and Logging Layer 7s PCI-DSS installation and configuration guide allows customers to configure and deploy Layer 7 Gateways as part of a PCI-compliant process Encrypt/ decrypt audit details View encrypted audits based on RBAC security roles Search audit event logs based on Audit Code, Message Parameter Value, User Name, User ID/User DN, Entity Type, or Entity ID Enforce administrator password expiration and reset Enforce an expiry date for accounts Pre-defined Protect Against Cross-Site Request Forgery assertion protects against browser-based exploits in which a third party attempts to misuse the trust that a site has established with an authenticated user's browser Support for the use of a keystore-protected master passphrase (KMP) using the Thales nCipher HSM Out-of-the-box SSL encryption for all inbound/outbound traffic Configure outbound TLS cipher suites on a per-target-host (as well as a global) basis Command line audit trail for events originating at the OS level and during execution of management functions Support for command line login via external LDAPs, as well as RADIUS support Record and track all command line logins Scan message attachments for viruses using Sophos Antivirus software Connect to multiple TAM policy director instances Enable Layer 7s out-of-the-box TAM assertion to perform authorization only Enable local only mode by downloading a copy of the TAM policy database to the Layer 7 Gateway Active-active clusterable, dual power supply, mirrored hot-swappable drives, multicore 1U server Solaris 10 for x86 and Niagara, SUSE Linux, Red Hat Linux 4.0/5.0 VMware/ESX (VMware Ready certified) Amazon EC2 AMI

Passwords

Security
Threat Protection

Master Passphrase Encryption

Command Line Capabilites

Auditing Login

Third-party Support
Anti-virus Tivoli Access Manager

Form Factors
Hardware Software Virtual Appliance Cloud

Supported Standards
XML, JSON, SOAP, REST, PCI-DSS, AJAX, XPath, XSLT, WSDL, XML Schema, LDAP, SAML, XACML, OAuth, PKCS, X.509 Certificates, FIPS 140-2, Kerberos, XML Signature, XML Encryption, SSL/TLS, SNMP, SMTP, POP3, IMAP4, HTTP/HTTPS, JMS, MQ Series, Tibco EMS, FTP/FTPS, WS-Security, WS-Trust, WS-Federation, WS-SecureExchange, WS-Addressing, WS-SecureConversation, WS-MetadataExchange, WS-Policy, WS-SecurityPolicy, WS-PolicyAttachment, WSIL, WS-I, WS-I BSP, UDDI, WSRR, MTOM, IPv6, WCF

To learn more about Layer 7 call us today at +1 800.681.9377 (toll free within North America) or +1.604.681.9377. You can also email us at info@layer7.com; friend us on facebook.com/layer7; visit us at layer7.com, or follow-us on twitter @layer7.

Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.