Defense.Net Achieves 2014 PCI DSS Certification for Its DDoS Mitigation Services

Published February 14, 2014


Nathan Misner
Sr. Director of Global Communications
F5 Networks
(206) 272-7494


As Financial Services and E-Commerce Companies Continue to be Targeted by Cyberattackers, Defense.Net Provides Most Modern Approaches to Ensure Uptime

BELMONT, CALIF.4–Defense.Net, the only company designed to mitigate the increasing scale and sophistication of modern Distributed Denial of Service (DDoS) attacks, today announced that it has achieved 2014 PCI DSS (Payment Card Industry Data Security Standard) 2.0 certification for its suite of DDoS mitigation services. The rigorous review, testing and measurement of security policies that is required to achieve the PCI DSS standard have made it the de facto “Gold Standard” for cloud-based security vendors to prove the security of their infrastructure.

PCI DSS is an information security standard defined by the Payment Card Industry Security Standards Council. PCI certification is required for organizations that process, store or transmit credit card data. It is designed to protect cardholders from credit card fraud and to provide a secure online environment. While Defense.Net does not store or process cardholder data, it does provide programmatic network traffic analysis to mitigate attacks against its customers’ websites. During the course of traffic analysis customer data is decrypted, analyzed, and then re-encrypted and this data may include credit card data.

“As DDoS attacks continue to take down the websites of some of the largest global banks and enterprises, it’s crucial that organizations have the most advanced countermeasures in place,” said Chris Risley, CEO of Defense.Net. “Achieving PCI DSS 2.0 compliance for 2014 allows Defense.Net to offer an added layer of security to companies that handle cardholder data, from financial institutions to web hosting providers to e-commerce companies.”

While PCI DSS certification has become a requirement for cloud based security companies, the extreme rigor required to receive and maintain the certification has meant that a growing number of organizations have allowed their certification to lapse. “Financial services businesses and many companies in other sectors are advised, and in some cases required, to obtain copies of current PCI DSS certification documentation from their trusted security providers,” said Risley. “What is surprising is that many organizations that one would expect to have this certification have never in fact completed the process.”

The certification was performed by Security Metrics, a multinational merchant data security and compliance company, and a Qualified Security Assessor (QSA) from PCI.

AddendumF5 Networks acquired Defense.Net in May, 2014


About F5

F5 (NASDAQ: FFIV) makes apps go faster, smarter, and safer for the world’s largest businesses, service providers, governments, and consumer brands. F5 delivers cloud and security solutions that enable organizations to embrace the application infrastructure they choose without sacrificing speed and control. For more information, go to You can also follow @f5networks on Twitter or visit us on LinkedIn and Facebook for more information about F5, its partners, and technologies.

F5 is a trademark or service mark of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

# # #

This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.