Rapid7 Launches Security Scanning Portal for PCI (Payment Card Industry) Compliance, Facilitating Protection of Customers' Credit Card Data

A PCI-Certified Security Scanning Vendor, Rapid7 Delivers Simple, Effective Way For Merchants and Other Businesses Accepting Credit Cards to Achieve Compliance with the Payment Card Industry’s Data Security Standard

Boston - January 30, 2007 - Rapid7 LLC today announced the launch of its PCI (Payment Card Industry) Compliance Portal, a remote, easy-to-use security scanning solution that enables merchants, online retailers and credit card service providers to achieve compliance with the PCI Data Security Standard. Designed to meet the security requirements of all credit card companies, the Rapid7 PCI Compliance Portal uses NeXpose, Rapid7’s award-winning vulnerability management product, to provide the highly accurate scans required for ensuring networks are safe from hackers and protecting customers’ credit card information.

The Rapid7 PCI Compliance Portal goes beyond scanning network devices to locate the Website and database vulnerabilities that hackers commonly exploit to capture credit card data. SQL injection attacks, which are frequently performed by hackers on exposed Web applications, are identified by Visa International as one of the top five credit card risks.

Using the NeXpose expert system, the Rapid7 PCI Compliance Portal can search for vulnerabilities intelligently, finding more exposures than other PCI compliance scanning portals and providing results with unsurpassed accuracy and no false positives. Like NeXpose, the Rapid7 PCI Compliance Portal generates detailed remediation reports containing project plans, system links, vulnerability definitions and a step-by-step guide for fixing any exposures, allowing companies to achieve compliance quickly.

“With the theft of customer data occurring regularly in both the online and offline marketplace, consumers increasingly demand protection and merchants must respond with robust measures for ensuring the security of their environment,” states Alan Matthews, president of Rapid7 LLC. “By achieving PCI compliance, merchants assure customers they are serious about the security of their personal information. With the Rapid7 PCI Compliance Portal, merchants have a simple, integrated solution that removes the challenges of coordinating the different credit card company requirements and provides a cost-effective way to protect their networks and achieve and maintain compliance.”

Rapid7’s PCI Compliance Portal is a hosted, self-service solution that requires no software or hardware and is accessed via a Web browser. Companies can conduct unlimited scans for an annual fee, achieving NeXpose’s enterprise-level capabilities at a cost that is within their budget.

Availability & Pricing

The Rapid7 PCI Compliance Portal offers a quick and cost-effective way to achieve compliance with the PCI Data Security Standard for an annual service fee of $449 for up to five IP addresses. Additional IP addresses are $15 each per year.

The annual fee provides companies with unlimited security scans; unlimited access to the Rapid7 Web-based PCI Compliance Portal; scheduled quarterly scans by an approved scanning vendor; online technical support from CISSP-certified security specialists, assistance with preparing the security self-assessment questionnaire and creating and implementing the required security policy; and a Certificate of Compliance accepted by all the acquiring banks worldwide.

About NeXpose

Rapid7's award-winning NeXpose Unified Vulnerability Management (UVM) product is an all-in-one security solution that scans Web servers, Web applications, databases and networks to locate threats, assess their risk to the environment and devise a remediation plan. NeXpose incorporates an expert system to build a knowledge base of facts on the environment it explores and model potential targeted attacks to expose all existing threats. NeXpose provides robust reporting capabilities that ensure compliance with governmental regulations, corporate security configuration policies, and the PCI Data Security Standard. NeXpose is available as an appliance, downloadable software or an On-Demand hosted solution.

About Rapid7

Rapid7 is the leading provider of Unified Vulnerability Management (UVM) Solutions. Rapid7’s NeXpose UVM provides network, database and Web application vulnerability management for enterprise deployments and small-to-medium businesses. Since its introduction, NeXpose has been sold to corporate enterprises, Global 2000 companies, and government entities, and serves the full range of vertical markets across the U.S. and abroad. In addition, Rapid7 provides compliance products and services for PCI, HIPAA and Sarbanes Oxley. Rapid7 is headquartered in Boston, MA, with an office in Los Angeles, California.