StillSecure is trying to help managed services providers cash in on the PCI security standard. Indeed, the company is promoting PCI Complete, a managed PCI compliance solution.
"The PC security standard is very complex and difficult to understand," asserts StillSecure VP of Business Development Steve Harper. "It's the most descriptive and prescriptive of all business standards." Not by coincidence, Harper says PCI Complete covers 165 of the 176 sub-requirements of the PCI Data Security Standard. Here's a list of the services included...
Fully managed compliance/security services included:
- Intrusion Detection and Prevention System
- SSL and IPSec VPN
- Multi-Factor Authentication
- Internal PCI Vulnerability Scanning
- Internal Penetration Testing
- External ASV Vulnerability Scanning
- External ASV Penetration Testing
- Web Application Firewall
- File Integrity Monitoring
- Log Management and Monitoring
- Network segnationation
- Change control management
- Daily event review of all security event log files
- 6 month firewall and Web app firewall rule configuration reviews
- Alert escalation procedures
- Incidence response procedures
- 24x7x365 QSA Approved and SAS 70 type II audited security operations centers (SOCs)
Many SMB customers, he notes, don't have enough available budget to address PCI with full-time hires.
Sign up for MSPmentor’s Weekly Enewsletter, Webcasts and Resource Center. Follow us via RSS, Facebook, Identi.ca and Twitter. Check out more MSP voices at www.MSPtweet.com. Read our editorial disclosure here.