RapidFire Tools Inc. has equipped its Network Detective assessment solution with new functionality designed to help MSPs perform quarterly PCI DSS vulnerability scans for their clients without assistance from a third-party vendor.
The new service, which is an optional add-on to Network Detective’s PCI compliance module, debuted at the 2017 CompTIA ChannelCon conference, which is currently underway in Austin, Texas.
Under terms of the PCI DSS standard, businesses that process credit card transactions must provide an “attestation of compliance” to their merchant bank every quarter confirming that their firewall has passed an external vulnerability test. Those tests must be performed by an “approved scanning vendor” (ASV) evaluated and endorsed by the PCI Security Standards Council. For managed service providers with regulated customers, hiring a third-party ASV to conduct scans adds complexity and cost to the PCI compliance process.
Network Detective’s new ASV scanning service, which is delivered in partnership with Clone Systems Inc., an ASV headquartered in Philadelphia, is intended to mitigate both burdens. From a complexity standpoint, the new offering enables MSPs to collect attestation of compliance certificates for their customers through the same system they use to identify and remediate security vulnerabilities generally.
“One interface, one bill,” observes Mark Winter, vice president of sales at Atlanta-based RapidFire Tools.
At $49 per firewall IP address per quarter, the new offering costs less than outside ASVs usually charge as well, adds Winter, and leaves MSPs room to deliver fee-based ASV scanning services at rates low enough for both them and their clients to come out ahead.
“We’re offering it at a discount to MSPs so they can up-charge a little to their customer [but] still save the customer money,” he says.
The $49 fee covers both manually-executed scans and an automated scan that the system initiates on its own once a quarter to ensure that regulated end users don’t accidentally fall behind on attestation of compliance reporting requirements. In addition, follow-up scans are available free of charge for businesses that flunk the test the first time around.
According to Winter, the ability to deliver both PCI compliance assessment and remediation services without outside assistance benefits not just MSPs leery of introducing a potential competitor to their clients but end users as well.
“They’ve got that one person who is going to not only run the scans but fix the problems,” Winter states.
The PCI DSS standard requires many companies that accept credit cards to check for internal as well as external exposures. According to Winter, MSPs that use Network Detective’s PCI compliance module for external threat scanning can create truly comprehensive PCI compliance offerings by also using the company’s Inspector solution to perform periodic internal vulnerability tests.
Introduced as a hardware-based appliance in 2014 and available since March of last year in a software form factor as well, Inspector is a “deep dive” IT assessment solution offered at what RapidFire Tools boasts is an economical price.
“It’s the probably least expensive way for an MSP to use to do internal vulnerability scanning,” Winter says.
Network Detective’s PCI compliance module is one of several available singly or in discounted bundles. Other modules arm MSPs to assess an SMB’s HIPAA compliance, Microsoft Exchange deployments, SQL Server databases, and security safeguards.
Elsewhere at ChannelCon today, Avast Software entered the security assessment space when it shipped a new edition of its Managed Workplace RMM solution featuring built-in vulnerability scanning functionality.
ChannelCon 2017 concludes on Wednesday.