MANDIANT - Press Release - MasterCard SDP Vendor Compliance-(5/11/06)

MANDIANT is allowed to help merchants achieve compliance with the Payment Card Industry (PCI) Data Security Standard.

MANDIANT, a leading provider of penetration testing, web application reviews and incident response, announced today that it has successfully completed the MasterCard Site Data Protection (SDP) scanning vendor testing process. As an SDP approved scanning vendor, MANDIANT is allowed to help merchants evaluate the security of their Web sites, and achieve compliance with the Payment Card Industry (PCI) Data Security Standard.

MANDIANT has achieved approved status by proving its ability to detect, identify and report vulnerabilities common to flawed web site architectures and configurations. These vulnerabilities, if not patched in actual merchant Web sites, could potentially lead to an unauthorized intrusion. By proactively identifying and providing the opportunity to remedy such vulnerabilities, SDP-approved scanning solutions offer a means for reducing risk of intrusion and data compromise.

The SDP Scanning Vendor Approval Process is a core component of MasterCard's Site Data Protection Program™, a comprehensive, proactive and cost-effective program designed to help protect the online and physical infrastructures of its customer financial institutions, merchants and other payment processors holding MasterCard account information.

"MANDIANT is unique in that we offer elite professional services that provide our clients with the ability to proactively protect their environments, as well as respond to incidents in the event of a potential compromise. Because of this service approach, we are able to see the trends in how systems and networks are being attacked. In turn, we leverage this information when performing SDP compliance testing. It is a true differentiator," said Kevin Mandia, President and CEO of MANDIANT.

"The Site Data Protection Vendor Approval Process reflects our ongoing commitment to helping our customers and merchants evaluate and improve the security of their web sites and physical sites in a timely and affordable manner. The end result we are striving for — improved overall channel security — is a win-win for all parties involved," said Stephen Orfei, senior vice president and head of the MasterCard e-Commerce Center of Excellence.

The Scanning Vendor Approval Program requires a two-step process. The first step is to complete an online application form, which can be found at the SDP Web site. The application provides MasterCard with an overview of the applying organization, along with a detailed assertion by the security vendor that their solution is compliant with or exceeds the requirements set forth in the PCI Data Security Standard. After applying for vendor approval testing, the second step is for vendors to submit their solutions to a rigorous evaluation cycle that spans across a wide range of Web servers, firewalls, and operating systems — an environment controlled and managed by MasterCard.

The MasterCard Site Data Protection Program is a proactive, cost-effective, global solution offered by MasterCard through its acquiring members. The program provides acquiring members with the ability to deploy security compliance programs, assisting online merchants and Member Service Providers to better protect against hacker intrusions and account data compromises. The program takes a proactive approach to security by identifying common possible vulnerabilities in a merchant web site and makes recommendations for short-and long-term security improvements. The solution addresses the security issues that online merchants and their acquiring banks face in the virtual world, and concerns arising from these issues, such as Internet fraud, chargebacks, brand image damage, consumer information safety and privacy and the cost of replacing stolen account numbers.

MANDIANT is an information security company with offices in the Washington, DC area and New York City. We provide professional services, education and products for major corporations, government agencies, financial institutions and law firms. With extensive experience in the military, intelligence, law enforcement and the private sector, MANDIANT's security consultants are specialists in incident response, computer forensics, network security, application security, and training. To learn more about MANDIANT, please visit www.mandiant.com.

MANDIANT is Approved as a MasterCard Site Data Protection Scanning Vendor