StillSecure Offers PCI- Compliant Security Penetration Testing
StillSecure has been offering a PCI-compliant Penetration test as part of its PCI Complete solution for the last several months. Now the company is letting its managed services customers purchase the penetration test as a standalone service.
Different companies define a penetration test in several different ways. A penetration test can be as simple as an automatic electronic scan of a company’s infrastructure or as in-depth as white hat hacking and social engineering. The PCI Security Standards Council has outlined its standards for a penetration test, and StillSecure has built its penetration test to comply with those standards.
“We’re an MSP. We’re not going to become a professional services firm and do things like white hat, but there are many quality professional services firms that will do that for businesses. Ours is compliant with PCI and is a continuation of our PCI compliance strategy,” said StillSecure Vice President of Business Development Steve Harper, who made clear that a penetration test is much different and more detailed than a vulnerability scan. “Think of a vulnerability scan as rattling all of the doors and windows in a house to see which one is unlocked and a penetration test as seeing how far into the house you can get.”
Businesses are required to conduct an annual penetration test. It’s usually done at the beginning or end of fiscal years with the exception of merchants, who conduct their penetration tests at the holiday season. The time and cost of a penetration test varies depending of the size of a company’s environment, the number of services and applications a company deploys, and the types of applications and services a company deploys. “It could take a few hours or a few days,” said Harper. “And it can cost anywhere from a couple of thousand dollars to something fairly significant.”
The penetration testing announcement comes about a week after StillSecure launched its file integrity monitory solution. It also builds upon StillSecure’s promotion of its overall PCI compliance solution.