This morning Netcordia, a highly rated network configuration and change management (NCCM) startup with about 330 customers, was acquired by Infoblox, a leading DDI (DHCP, DNS and IPAM) vendor.

Steve Nye, Infoblox’s executive VP of product strategy, said he sees the NCCM and DDI markets coming together as enterprises gravitate toward network infrastructure management automation. He said both companies have been trying to solve the same problem: Manual changes to the network are the leading cause of network failures. “We approach this from the IP address management point of view and Netcordia approaches it from a device configuration point of view.”

As a result, there has been plenty of M&A activity and consolidation in the NCCM space recently. In addition to the Netcordia-Infoblox deal,  IBM acquired NCCM vendor Intelliden couple of months ago. And last week EMC announced a deeper integration of its NCCM technology, Ionix Network Configuration Manager (formerly known as Voyence, a company EMC acquired in 2007) with its Ionix for IT Operations Intelligence. This integration essentially enables the product to alert and accelerate troubleshooting when network configuration changes affect network availability and performance.

As Anton sees it, there are two camps in the compliance world:

1. “Please, please make PCI easier by letting us skip the requirements; or, better, just let us ‘SAY YES ON THE SAQ!’” camp.
2. “We know that our security program makes us PCI –compliant; please make it easier for us to prove it!” camp.

For the former, Anton recommends ScanlessPCI*, a simple, quick banner that shows your customers you are PCI compliant — while actually proving, and doing, nothing.

The latter camp, in which I hope (pray?) most of our readers fall, might be better served by investigating tools and techniques to help prove that their security passes muster, which is exactly the advice Petco’s vice president of network and store systems J. Smith gave me.

“All vendors are definitely not created equal,” he said. “And all you have to do is ask your vendor where they stand in terms of upcoming compliance.”

If you’re looking for some more insight into how you can make sure you’re headed down the right path, you’re in luck, because TechTarget has just launched a brand new IT Compliance Advisor Blog, and SearchCompliance.com is launching tomorrow for all your PCI — and other — compliance needs (a sneak preview is up today in case you can’t wait).

But the takeaway message? Even as everything else in the world seems to be getting cut back, the cost of PCI violation fines or, worse, an actual intrusion, is too great to risk. Trying to go the ScanlessPCI route is as deluded as thinking you’ll get money for nothing …

[kml_flashembed movie="http://www.youtube.com/v/aNaKWXqXkhw" width="425" height="350" wmode="transparent" /]

*NB: ScanlessPCI is, of course, a joke service, legitimate as the page may look. Don’t expect your compliance officer to be pleased if you try and pass it off!