Working through any compliance initiative can consume an organization’s resources. Without clear direction and centralized management, the complexities and challenges of compliance can overwhelm internal resources. As a secure Web-based portal, TrustKeeper is a centralized solution organizations use to complete compliance questionnaires and schedule and execute network vulnerability scans. TrustKeeper separates actionable information from the confusion by providing a single, consolidated solution to manage compliance and validation.
TrustKeeper analyzes your network infrastructure and security practices to detect vulnerabilities and provide actionable information to guide you in remediating those vulnerabilities. Because it’s an on-demand solution, you can begin using TrustKeeper in minutes to survey your organization’s critical business information and confirm that it is protected in accordance with regulatory and industry standards.
Intelligent Compliance Questionnaire
The dynamic compliance questionnaire function within TrustKeeper (e.g., the Payment Card Industry Self-Assessment Questionnaire, or PCI SAQ) will automatically populate answers based on information gathered during the registration process. In addition, TrustKeeper provides on-demand help-text based on Trustwave’s proprietary security research and feedback from tens of thousands of TrustKeeper users.
Vulnerability Management
TrustKeeper’s proprietary scanning engine tests for more than 5,000 network, operating system and application vulnerabilities (including enhanced checks for SQL injection and cross-site scripting vulnerabilities) and supports both internal and external vulnerability scanning. TrustKeeper’s agent form, TrustKeeper Agent, can be installed on remote machines and report back to the TrustKeeper portal. TrustKeeper Agent allows for scanning of remote locations that use dynamic IP addresses (such as DHCP common with cable or DSL Internet service).
Reporting
TrustKeeper provides reports in varying levels of detail to support remediation and report progress to management or auditors. These reports prioritize scan findings and include remediation recommendations to provide instant, actionable information to help users manage vulnerabilities efficiently.
Compliance Certification
Once you validate compliance through TrustKeeper, it issues a certificate explaining the measures taken by your organization to secure its network environment. In addition, merchants can display the Trusted Commerce security seal to assure their customers of the security of their operations.
Ongoing Compliance Monitoring
TrustKeeper Agent detects the storage of prohibited data, such as payment card track data, on any machine on which the agent is installed. In addition, TrustKeeper Agent provides ongoing compliance monitoring by continually analyzing the specific security configurations of any machine to ensure it’s configured in accordance with specific compliance requirements.
Manage Vulnerabilities with Ease
TrustKeeper runs phased vulnerability scans. The discovery phase identifies all active hosts that exist within the specified scan parameters. Once identified, the scanner probes each host to identify the type of host and its available services. Based on this information, the scanner launches tests against those specific services to detect vulnerabilities.
TrustKeeper provides a variety of pre-built reports based on the scanner’s findings:
Rapid Adaptation to Today’s Threat Landscape
As a leading security services provider, Trustwave arms TrustKeeper with advanced scanning techniques and the most current, practical vulnerability intelligence. Trustwave does more security assessments, penetration tests, application vulnerability assessments and forensics investigations than any other service provider for the payments industry. Trustwave’s dedicated Signature Operations Team uses this proprietary information to continually update TrustKeeper to manage today’s threats.
Get Started Today
Manage your compliance in four steps:
With TrustKeeper, you benefit from the following:
TrustKeeper analyzes your network infrastructure and security practices to detect vulnerabilities and provide actionable information to guide you in remediating those vulnerabilities. Because it’s an on-demand solution, you can begin using TrustKeeper in minutes to survey your organization’s critical business information and confirm that it is protected in accordance with regulatory and industry standards.
Intelligent Compliance Questionnaire
The dynamic compliance questionnaire function within TrustKeeper (e.g., the Payment Card Industry Self-Assessment Questionnaire, or PCI SAQ) will automatically populate answers based on information gathered during the registration process. In addition, TrustKeeper provides on-demand help-text based on Trustwave’s proprietary security research and feedback from tens of thousands of TrustKeeper users.
Vulnerability Management
TrustKeeper’s proprietary scanning engine tests for more than 5,000 network, operating system and application vulnerabilities (including enhanced checks for SQL injection and cross-site scripting vulnerabilities) and supports both internal and external vulnerability scanning. TrustKeeper’s agent form, TrustKeeper Agent, can be installed on remote machines and report back to the TrustKeeper portal. TrustKeeper Agent allows for scanning of remote locations that use dynamic IP addresses (such as DHCP common with cable or DSL Internet service).
Reporting
TrustKeeper provides reports in varying levels of detail to support remediation and report progress to management or auditors. These reports prioritize scan findings and include remediation recommendations to provide instant, actionable information to help users manage vulnerabilities efficiently.
Compliance Certification
Once you validate compliance through TrustKeeper, it issues a certificate explaining the measures taken by your organization to secure its network environment. In addition, merchants can display the Trusted Commerce security seal to assure their customers of the security of their operations.
Ongoing Compliance Monitoring
TrustKeeper Agent detects the storage of prohibited data, such as payment card track data, on any machine on which the agent is installed. In addition, TrustKeeper Agent provides ongoing compliance monitoring by continually analyzing the specific security configurations of any machine to ensure it’s configured in accordance with specific compliance requirements.
Manage Vulnerabilities with Ease
TrustKeeper runs phased vulnerability scans. The discovery phase identifies all active hosts that exist within the specified scan parameters. Once identified, the scanner probes each host to identify the type of host and its available services. Based on this information, the scanner launches tests against those specific services to detect vulnerabilities.
TrustKeeper provides a variety of pre-built reports based on the scanner’s findings:
- Detailed scan reports containing full listings of all findings from the scan, including vulnerability counts per severity, vulnerabilities by IP address and an inventory of discovered assets
- Executive summary reports meant to provide summary information to management, including the results of a compliance questionnaire (if applicable) and general scan status, vulnerability counts and historical trends Pass/Fail status of each system scanned
- Remediation reports showing vulnerabilities, severities, assigned owners, planned completion dates and resource costs
- In complex environments with hierarchical scan accounts, TrustKeeper provides an enterprise (or “sponsor”) level reporting tool that allows for generation of summary reports based on various criteria, including scan status
Rapid Adaptation to Today’s Threat Landscape
As a leading security services provider, Trustwave arms TrustKeeper with advanced scanning techniques and the most current, practical vulnerability intelligence. Trustwave does more security assessments, penetration tests, application vulnerability assessments and forensics investigations than any other service provider for the payments industry. Trustwave’s dedicated Signature Operations Team uses this proprietary information to continually update TrustKeeper to manage today’s threats.
Get Started Today
Manage your compliance in four steps:
- Automated, ongoing assessments to maintain continued compliance
- Specific, understandable recommendations to address vulnerabilities and achieve compliance
- 24x7, integrated, multi-lingual customer support via Web, e-mail or telephone
- Online compliance reports (available in differing levels of detail) including compliance status, prioritized vulnerabilities and policy weaknesses
- Document locker for secure storage and delivery of confidential information such as the Report on Compliance (ROC) or security policies and procedures documentation
0 comments:
Post a Comment