News & Events

2006 Press Releases

PDF Version

Rapid7 approved by MasterCard as a Security Scanning Vendor for Achieving Compliance with the Payment Card Industry (PCI) Data Security Standard

Rapid7 Attains Approval After Completing the MasterCard Site Data Protection (SDP) Vendor Compliance Testing Program

Boston - May 2, 2006 - Rapid7 LLC today announced it has successfully completed the MasterCard Site Data Protection (SDP) Vendor Compliance Testing Program, which certifies the enterprise vulnerability management company to help merchants achieve compliance with the Payment Card Industry (PCI) Data Security Standard. Rapid7 is the provider of NeXpose PCI Compliance, which delivers network vulnerability scanning services and meets the security scanning requirements of the MasterCard SDP program.

By using a MasterCard-approved security scanning vendor such as Rapid7, merchants can proactively protect their businesses and the data in their payment systems against the threat of compromises. Left undetected, vulnerabilities can potentially lead to unauthorized access, but by finding and fixing any exposures, an SDP-compliant solution reduces the risk of intrusion.

To become qualified as an SDP compliant scanning vendor, Rapid7's NeXpose PCI Compliance demonstrated its effectiveness at proactively locating and reporting vulnerabilities during rigorous evaluation in MasterCard's test environment. MasterCard's testing process addresses how the vendor collects and manages scan requests from customers, the ability of the vendor to identify vulnerabilities and misconfigurations in the network and Web applications, and how the vendor presents the scan results.

A key focus of the MasterCard SDP program is to ensure that merchants and service providers (third party processors and data storage entities) are securely storing credit card account data in accordance with the PCI Data Security Standard. To demonstrate compliance, merchants and service providers must perform onsite security assessments and quarterly network scans. Rapid7 recommends that businesses serious about protecting customer data and avoiding the cost of incidents should do more than the minimum level mandated by the PCI standard.

"The return on investment for deploying a self-auditing solution is easily accomplished," said Alan Matthews, president of Rapid7 LLC. "The financial penalty for failure to provide protected systems for processing credit card data makes vulnerability testing mandatory. Consumers need to be assured that the online transaction systems they are using are secure."

NeXpose PCI Compliance provides scan templates and reporting capabilities that meet or exceed the MasterCard SDP specifications for system security scanning. The PCI Standard compliance report provides pass/fail information at both executive and administrator detail levels. A complete remediation plan is provided that enables security analysts to bring their system devices into full compliance with the PCI Standard.

The PCI Data Security Standard is the global standard adopted by companies in the credit card industry to ensure the protection of customer information. According to the standard, all members, merchants, and service providers that store or process credit cards must meet specific security requirements, which necessitate building a secure network and maintaining a vulnerability management program.

The MasterCard SDP Program provides merchants, service providers and acquirers with easy access to the security vendors that it has recognized as qualified and compliant by maintaining a list on its Web site. Rapid7 is on the MasterCard SDP Program's list of approved security scanning vendors.

For more information about Rapid7's PCI certification services, email our PCI support team.

About Rapid7 NeXpose

The award-winning Rapid7 NeXpose Unified Vulnerability Management (UVM) is an all-in-one security solution that scans networks, Web applications, databases, to locate threats, assess their risk to the environment, devise a remediation plan and implement the ticketing process. NeXpose incorporates an expert system to build a knowledge base of facts on the environment it explores and model potential targeted attacks to expose all existing threats. NeXpose provides robust reporting capabilities that ensure compliance with governmental regulations, corporate security configuration policies, and the PCI Data Security Standard. NeXpose is available as a "plug and play" appliance, downloadable software, or an On-Demand hosted solution.

About Rapid7

Rapid7 is the leading provider of unified vulnerability management and penetration testing solutions, delivering actionable intelligence about an organization’s entire IT environment.  Rapid7 offers the only integrated threat management solution that enables organizations to implement and maintain best practices and optimize their network security, Web application security and database security strategies.

Recognized as the fastest growing vulnerability management company in the U.S. by Inc. Magazine, Rapid7 helps leading organizations such as Liz Claiborne, the United States Postal Service, Carnegie Mellon University and Red Bull to mitigate risk and maintain compliance for regulations such as PCI, HIPAA, FISMA, SOX and NERC.  Rapid7 also manages the Metasploit Project, the leading open-source penetration testing platform with the world’s largest database of public, tested exploits.  To obtain a free download of NeXpose or Metasploit, please visit http://www.rapid7.com/resources/free-downloads.jsp.

For more information, visit www.rapid7.com.

 

Awards
inc500 Award Logo inc500 Award Logo 2009 Redherring Winner Logo 2009 Best Prodcuts Logo 2009 Tomorrow Tech Logo 2009 GPE Awrads Logo Finalist Hot Companies 2009 Logo Rapid7 Star100 Revised Graphic SC Award Nominee 2008 Nominee 2008 Global Exeellence SC Awards 2007 Finalist Hot Companies of 2007 Customer Trust Logo Hot Company 2006 Logo SC 2006 Awards Winner
Most Read
Most Downloaded
Press Releases