Integration Delivers Automated Penetration Testing Capabilities for PCI Compliance Management
BOSTON, MA – March 2, 2010 - Core Security Technologies, provider of the CORE IMPACT® family of comprehensive enterprise security testing solutions, today announced that is has introduced fully supported integration with the QualysGuard® PCI Connect program, the industry’s first Software-as-as-Service (SaaS) ecosystem for PCI compliance.
Led by SaaS security pioneer Qualys, PCI Connect provides merchants seeking to comply with the PCI Data Security Standard with a fully integrated platform of online security and vulnerability management solutions that allow them to address and validate the regulation’s specific controls.
Via the integration of CORE IMPACT Pro, the industry’s leading automated penetration testing software solution, Qualys customers can now address PCI DSS Requirement 11.3 – which directs merchants to perform in-depth penetration testing both annually and after making upgrades or modifications to IT systems retaining sensitive cardholder data.
PCI Connect customers can now run IMPACT Pro’s PCI Vulnerability Validation Report to complete their Self Assessment Questionnaire (SAQ) directly within the QualysGuard PCI Connect interface. IMPACT Pro also allows organizations to carry out a wide range of security assessments dictated by other PCI DSS guidelines, as well as validate the efficacy of many mandated security controls.
“The PCI Council and other regulators continue to demand that their constituents perform more frequent and comprehensive automated security assessments, and the use of IMPACT Pro alongside QualysGuard and the other elements of the PCI Connect ecosystem exemplifies a highly effective model that organizations can leverage to meet both their current and future security and compliance demands,” said Mark Hatton, CEO and president of Core Security. “Integrating IMPACT Pro and QualysGuard provides PCI Connect customers with the most effective process for finding, validating and prioritizing the most critical points of IT security risk.”
QualysGuard PCI Connect offers merchants:
- Automated PCI DSS compliance validation data collection.
- Detailed PCI assessment results including required answers for the SAQ.
- Compliance status workflow tracking tools.
- An open API for PCI solutions integration.
- Merchant security control validation for acquiring banks.
“Section 11.3 of PCI DSS requires annual penetration tests anytime there is a significant infrastructure or application upgrade or modification,” said Philippe Courtot, chairman and CEO of Qualys. “QualysGuard PCI Connect now integrates with Core IMPACT Pro to help customers automate the penetration testing process and the verification of exploitable vulnerabilities.”
About Core Security Technologies
Core Security Technologies provides IT security executives with comprehensive security testing and measurement of their IT assets by adding real-world actionable intelligence and verification to their IT security management efforts. Our software products build on over a decade of trusted research and leading-edge threat expertise from the company’s Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at 617-399-6980 or on the Web at: http://www.coresecurity.com.
Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.
The QualysGuard® service is used today by more than 4,000 organizations in 85 countries, including 42 of the Fortune Global 100 and performs more than 250 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company.
Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS.
For more information, please visit www.qualys.com.
Tim Whitman or Lauren O’Leary