It is easy to confuse compliance with security. But regulations are by necessity backward-looking, addressing the needs of yesterday's business environment. How does a business maintain their compliance while maintaining vigilance to current information security threats?
Digital Defense Inc. (DDI) understands the challenge of meeting today's PCI compliance standards while also ensuring that you maintain a comprehensive security program that addresses the ongoing security concerns of your business. DDI also understands that in today's operating environment, the return on investment of an enterprises' information security dollar is as scrutinized as any asset at work in your organization.
PCI Pro combines the comprehensive service suite of DDI's Vulnerability Lifecycle Management — Professional (VLM-Pro) service with our managed PCI compliance services. DDI, as a certified ASV (Certificate # 3763-01-06), was the first vendor to approach PCI compliance as a managed service. Now we take this one-step further to offer full vulnerability management as a part of PCI-Pro.
Rather than running multiple scans on an enterprise with a "fail until you pass" approach to compliance, with PCI-Pro we approach Compliance as the top tier of a multi-layered pyramid involving comprehensive vulnerability assessment and remediation management as the other two layers along with PCI Compliance Assessment.
The first tier focuses on comprehensive Vulnerability Assessments, which include:
The second tier focuses on remediation management and addressing the identified vulnerabilities in a systematic, efficient and cost-effective manner. This tier includes:
The final tier focuses on taking the results of the first two tiers and producing the reports necessary to document successful completion of the PCI SSC testing. This includes necessary follow-on scanning to substantiate progress against eliminating previously discovered vulnerabilities.
Security Network Operations Center (S/NOC) - provides 24x7 technical support and is located in a highly secure, fully redundant facility, equipped with emergency backup power.
Geographic and/or Line of Business Scanning - PCI Pro is tailored to meet your needs. Whether by geographic region and/or by line of business, we provide you with a comprehensive analysis of the security of your business operation.
Active View™ Workflow Management - allows clients to monitor remediation activity on hosts in offices around the block or around the world. It also delivers systematic validation and verification of the effectiveness of your patch management programs.
Customer-Defined Risk Ratings - allows you to set the business risk level of your IP devices to a level based on the confidentiality, integrity, and availability of those network assets.
Security Grade Point Average (GPA) - Assign a rating. Think of it as a grade or "Security GPA®" to your network. Security GPA is based on a complex algorithm that takes into account both the network security posture rating and the business risk associated with discovered vulnerabilities.
Online Reports - based on data collected from each individual Scanning Sensor managed by the S/NOC and available on the Frontline™ portal.
DDI PCI-Pro allows organizations to...
... leverage DDI's technical expertise and world-class customer service and support;
... focus on core business functions to save time, money, and effort by reducing the administrative burden and tedium of performing vulnerability scans with complicated tools or unmanaged open source solutions;
... demonstrate your commitment to information security with comprehensive reporting on the security posture of your network;
... detect possible security vulnerabilities and respond quickly with actions based on your pre-defined security policies.
DDI PCI-Pro services are generally available and currently in use around the globe.
PCI Assessment
Remediation Management
Vulnerability Assessments