Financial Services

Protecting Customer Financial Data

The threat to our online personal and financial information is more profound than ever. In the early stages, threat activity was more motivated by ego, current threats are motivated by profit. Given these cyber criminals, it is no surprise that the number one target for criminal activity are financial institutions that transmit, store, collect and utilize electonic personal and financial information. To verify compliance with various government regulations, such as Sarbanes-Oxley,Gramm-Leach-Bliley Act, and Payment Card Industry Standard, financial institutions need to be proactive in their effort to protect them against internal and external threats.

The Gramm-Leach-Bliley Act (GLBA) requires that financial institutions (and persons that receive protected information from financial institutions) adopt strict measures for protecting the privacy and security of customer data. GLBA is directed at all financial institutions, including banks, securities firms and insurance companies, and includes guidelines stipulating these organizations must control risks to customer information, protect against threats to the security and integrity of customer records, guard against unauthorized access to these records, and implement processes that only allow access to authorized employees.

Maintaining customer confidence is critical, therefore financial institutions need to ensure they are protecting their customerís personal information by safeguarding information systems against unauthorized access, fraud and data theft.

How NeXpose Helps

NeXpose can help financial services organizations ensure that the confidentiality, integrity, and availability of electronic customer financial information is maintained. NeXpose scans devices, systems, software and Web server applications to locate threats to the environment, then devises a remediation plan to address and remove those threats. Through regular audits of your IT environment, you are able to identify and prioritize vulnerabilities based on the risk they present to your organization, enabling you to better utilize resources fixing the more critical issues.

Rapid7 has also successfully completed the MasterCard Site Data Protection (SDP) Vendor Compliance Testing Program, which certifies us to help merchants achieve compliance with the Payment Card Industry (PCI) Data Security Standard. NeXpose PCI Compliance provides scan templates and reporting capabilities that meet or exceed the MasterCard SDP specifications for system security scanning. The PCI Standard compliance report provides pass/fail information at both executive and administrator detail levels. A complete remediation plan is provided that enables security analysts to bring their system devices into full compliance with the PCI Standard.

Rapid7 Professional Services offers PCI scanning services for merchants required to comply with the standard. These services include:

• PCI audit report and automated scans on a quarterly, scheduled basis;
• Rapid7 Remediation Plan and Report with detailed step by step instructions for vulnerability remediation to attain full PCI compliance;
• Rapid7 PCI Professional Services Review;
• Rapid7 PCI Assessment Checklist completion for PCI certification.