NETSPI AND BLUE LANE PARTNER TO DELIVER PAYMENT CARD
INDUSTRY (PCI) COMPLIANCE SOLUTIONS

Companies Launch Initiative to Address Server Security Requirements for PCI

CUPERTINO, Calif., September 19, 2006 – Blue Lane Technologies Inc., provider of the industry's first inline patch proxy for enterprise servers, and NetSPI, a leader in risk, compliance, and security consulting services, today announced a partnership aimed at helping companies address the Payment Card Industry (PCI) issues they face surrounding server security.

NetSPI is a Visa Qualified Data Security Company (QSDC) and MasterCard SDP approved scan vendor, certified by MasterCard and Visa to perform both the on-site audit and the quarterly network scans required by merchants and service providers. Blue Lane’s solution protects unpatched servers and delivers the same functional protection that the vendor security patch provides without touching the server. The solution, comprised of the Blue Lane PatchPoint System and NetSPI’s evaluation and advisory services, provides organizations with a path to achieve PCI compliance for critical enterprise servers.

“Blue Lane offers a compelling solution for organizations that need to achieve PCI compliance, but whose systems do not allow them to implement a legacy-style patching process,” commented Seth Peter, Chief Technology Officer at NetSPI. “As an organization that provides significant PCI on-site audit, consulting, and external scanning services, NetSPI appreciates solutions like Blue Lane’s that make compliance achievable and critical servers manageable. Combining NetSPI’s services with products such as Blue Lane’s can make the entire PCI compliance process much easier.”

The two companies have published a whitepaper entitled Inline Patches for Enterprise Servers: A Better Approach for Achieving Payment Card Industry Compliance that outlines how enterprises can eliminate the server patch challenge that can affect their ability to meet PCI requirements requiring prompt server patch deployment.

The PCI data security standard requires that security patches be deployed within 30 days. For many organizations this requirement is difficult to achieve due to the time and resources required to promptly test and deploy the patch, the inability to promptly install patches due to availability requirements that dictate no unscheduled downtime, or cases where the vendor patch cannot be installed due to older applications or identified incompatibilities.

“We are excited to work with NetSPI to help our customers solve their PCI challenges,” said Fred Kost, Vice President of Product Marketing and Management for Blue Lane Technologies. “Despite best efforts to deploy security patches in a timely manner, we find that every organization has servers for which prompt patch installation is not possible. Our solution effectively shields these servers until patch installation is practical.”

The Blue Lane PatchPoint system provides the only secure alternative to immediately install the vendor security patch. The PatchPoint System addresses software vulnerabilities at the root cause, checking for the same conditions and applying the same corrective action as the vendor patch. Because PatchPoint resides in the network in front of the server, however, it requires zero changes to server software, zero tuning, and zero downtime. Enterprises can immediately secure these new vulnerabilities, gaining all the protective benefit of the patch until the vendor patch can be installed on potentially vulnerable servers.

To learn more about the NetSPI and Blue Lane PCI solution, visit www.bluelane.com or www.netspi.com.

About NetSPI
NetSPI is a leader in risk, compliance and security consulting services. NetSPI was founded in 2001 to provide corporations and government agencies a clear path to a secure future. This vision was based on applying a strategic business approach to information security that was not selectively focused on the technology vulnerability, but incorporated business risk analysis, regulatory compliance, and all aspects of information security. NetSPI's depth of certifications include onsite PCI / QDSC, VISA/MasterCard SDP certification, CCIE, NSA-IAM, CEH, CISA, GSEC, CISSP, SSCP, CWSP, CCSE, and more. For more information, contact NetSPI at www.netspi.com or 1-612-465-8880.

About Blue Lane Technologies Inc.
Blue Lane provides the industry’s first inline patch proxy for enterprise servers that fixes application-specific vulnerabilities at the root cause by checking for the same conditions and applying the same corrective action as the software vendor security patch. Solving the dilemma of “patch now or patch later,” PatchPoint instantly secures critical applications and preserves the uptime of the business while eliminating the cost and risks associated with unscheduled patching. Blue Lane is headquartered in Cupertino, California. For more information, contact the company at www.bluelane.com.