pr-inside.com
Back
Print

Rapid7 Recertified as an Approved Scanning Vendor by the Payment Card Industry (PCI) Security Standards Council



2008-09-30 17:46:59 -

www.rapid7.com - Rapid7 LLC Beth Bryant, 508-786-3013 beth_bryant@rapid7.com Rapid7 LLC, the leading provider of Unified Vulnerability Management solutions, today announced it has successfully been recertified as an Approved Scanning Vendor (ASV) by the Payment Card Industry (PCI) Security Standards Council, which authorizes the company to help merchants and service providers achieve compliance with the PCI Data Security Standard (DSS). Rapid7 provides NeXpose PCI Compliance Services, which adhere to PCI DSS requirements for performing vulnerability scans of merchants' Internet-facing environments.

By using an Approved Scanning Vendor such as Rapid7, merchants proactively protect customer account data against the threat of compromises. Left undetected, vulnerabilities can potentially lead to unauthorized access, but by finding and fixing any exposures, a merchant using an Approved Scanning Vendor reduces the risk of intrusion.

Rapid7 became certified as an Approved Scanning Vendor in 2006 and is required to participate in an annual recertification testing process to ensure ongoing compliance with the PCI DSS program requirements. As with the initial certification, recertification involved demonstrating NeXpose's effectiveness at proactively locating and reporting vulnerabilities during rigorous evaluation in the PCI Security Standards Council's test environment. The Council's testing process addressed how NeXpose collects and manages scan requests from customers, its ability to identify vulnerabilities and misconfigurations in the network and Web applications, and how it presents the scan results.

The PCI Security Standards Council ensures that merchants and service providers (third party processors and data storage entities) are securely storing credit card account data in accordance with the PCI DSS. To demonstrate compliance, merchants and service providers must pass quarterly vulnerability scans and complete a security self-assessment questionnaire, both of which NeXpose and Rapid7's Professional Services provide assistance with. Rapid7 recommends that businesses serious about protecting customer data and avoiding the cost of incidents should do more than the minimum level mandated by the PCI DSS.

"Consumers want assurance that the information they provide in their credit card transactions is secure," said Alan Matthews, CEO of Rapid7 LLC. "The number of recent credit card security breaches confirms the need for stringent standards for data protection. Businesses can avoid potential damage to their brand and reputation as well as potential theft of their customers' data. The business and financial consequences for failure to protect credit card processing and storage systems makes vulnerability scanning indispensable."

NeXpose PCI Compliance provides scan templates and reporting capabilities that meet or exceed the PCI Security Standards Council's specifications for system security scanning. The PCI DSS compliance report provides pass/fail information at both executive and administrator detail levels. A complete remediation plan is provided that enables security analysts to bring their systems into full compliance with the PCI Data Security Standard.

The PCI DSS is the global standard developed by the founding credit card payment companies of the PCI Security Standards Council to ensure the protection of customer information and to facilitate the broad adoption of consistent data security measures on a global basis. According to the standard, all members, merchants, and service providers that store or process credit cards must meet specific security requirements, which necessitate building a secure network and maintaining a vulnerability management program.

The PCI Security Standards Council was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc. International. The Council maintains a list on its Website of the security companies that it has certified as Approved Scanning Vendors.

About NeXpose

Rapid7's NeXpose is the broadest and deepest vulnerability management system on the market, providing comprehensive, high performance coverage of network, databases and Web applications, including Web 2.0 and JavaScript. NeXpose delivers extensive reports assessing risks and proposing streamlined remediation plans to optimize security and compliance with governmental regulations and corporate security policies. With NeXpose, customers achieve high-speed, time-saving scanning performance and optimal productivity.

About Rapid7

Rapid7 is the leading provider of NeXpose Unified Vulnerability Management (UVM) Solutions. First introduced in 2001, NeXpose has been sold to over 400 corporate enterprises, Global 2000 companies, and government entities, and serves the full range of vertical markets across the U.S. and abroad. Rapid7 is headquartered in Boston, MA, with an office in Los Angeles, California. For more information on Rapid7 and NeXpose, visit www.rapid7.com.

PCI Recertification Validates Rapid7's Adherence to the PCI Data
Security Standard and Ability to Help Customers Achieve PCI Compliance



Press release: www.pr-inside.com
Contact Information: email




Disclaimer: If you have any questions regarding information in these press releases please contact the company added in the press release. Please do not contact pr-inside. We will not be able to assist you. PR-inside disclaims contents contained in this release.