Rapid7 Recertified as an Approved Scanning Vendor by the Payment Card Industry (PCI) Security Standards Council
PCI Recertification Validates Rapid7’s Adherence to the PCI Data Security Standard and Ability to Help Customers Achieve PCI Compliance
Boston - September 30, 2008 – Rapid7 LLC, the leading provider of Unified Vulnerability Management solutions, today announced it has successfully been recertified as an Approved Scanning Vendor (ASV) by the Payment Card Industry (PCI) Security Standards Council, which authorizes the company to help merchants and service providers achieve compliance with the PCI Data Security Standard (DSS). Rapid7 provides NeXpose PCI Compliance Services, which adhere to PCI DSS requirements for performing vulnerability scans of merchants' Internet-facing environments.
By using an Approved Scanning Vendor such as Rapid7, merchants proactively protect customer account data against the threat of compromises. Left undetected, vulnerabilities can potentially lead to unauthorized access, but by finding and fixing any exposures, a merchant using an Approved Scanning Vendor reduces the risk of intrusion.
Rapid7 became certified as an Approved Scanning Vendor in 2006 and is required to participate in an annual recertification testing process to ensure ongoing compliance with the PCI DSS program requirements. As with the initial certification, recertification involved demonstrating NeXpose's effectiveness at proactively locating and reporting vulnerabilities during rigorous evaluation in the PCI Security Standards Council's test environment. The Council's testing process addressed how NeXpose collects and manages scan requests from customers, its ability to identify vulnerabilities and misconfigurations in the network and Web applications, and how it presents the scan results.
The PCI Security Standards Council ensures that merchants and service providers (third party processors and data storage entities) are securely storing credit card account data in accordance with the PCI DSS. To demonstrate compliance, merchants and service providers must pass quarterly vulnerability scans and complete a security self-assessment questionnaire, both of which NeXpose and Rapid7’s Professional Services provide assistance with. Rapid7 recommends that businesses serious about protecting customer data and avoiding the cost of incidents should do more than the minimum level mandated by the PCI DSS.
"Consumers want assurance that the information they provide in their credit card transactions is secure," said Alan Matthews, CEO of Rapid7 LLC. "The number of recent credit card security breaches confirms the need for stringent standards for data protection. Businesses can avoid potential damage to their brand and reputation as well as potential theft of their customers’ data. The business and financial consequences for failure to protect credit card processing and storage systems makes vulnerability scanning indispensable."
NeXpose PCI Compliance provides scan templates and reporting capabilities that meet or exceed the PCI Security Standards Council's specifications for system security scanning. The PCI DSS compliance report provides pass/fail information at both executive and administrator detail levels. A complete remediation plan is provided that enables security analysts to bring their systems into full compliance with the PCI Data Security Standard.
The PCI DSS is the global standard developed by the founding credit card payment companies of the PCI Security Standards Council to ensure the protection of customer information and to facilitate the broad adoption of consistent data security measures on a global basis. According to the standard, all members, merchants, and service providers that store or process credit cards must meet specific security requirements, which necessitate building a secure network and maintaining a vulnerability management program.
The PCI Security Standards Council was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc. International. The Council maintains a list on its Website of the security companies that it has certified as Approved Scanning Vendors.
About NeXpose
Rapid7 NeXpose is the broadest and deepest vulnerability management system on the market, providing comprehensive, high performance coverage of networks, databases, operating systems, and Web applications. Only NeXpose provides browser-based Web application vulnerability scanning of Web 2.0 applications and secures the complete Web application - from browser to server. NeXpose detects more vulnerabilities than traditional Web scanners by using Web Application Pass-Through Scanning, a unique capability for exploring how one vulnerability can lead to another.
NeXpose delivers extensive reports assessing risks and proposing streamlined remediation plans to optimize security and compliance with governmental regulations and corporate security policies. Rapid7 is an Approved Scanning Vendor (ASV) by the Payment Card Industry (PCI) Security Standards Council, certifying NeXpose to support retail operations in achieving PCI compliance.
About Rapid7
Rapid7 is a leader in vulnerability management and compliance, delivering a single unified solution across an organization's entire infrastructure. Rapid7's NeXpose is the only solution that includes support for web applications, databases, operating systems, and network devices in a single system. NeXpose uncovers "hidden" threats that other systems cannot find, while at the same time separating these real threats from excessive “false positive” noise common to most vulnerability management systems. Organizations, including Black & Decker, Trader Joe's, Florida State University, the New York Times, and the City of Philadelphia, continually rely on Rapid7 to mitigate risk and remain compliant. Rapid7 is headquartered in Boston, MA, with an office in Los Angeles, California.