NetworkiNg SolutioNS

1 . 8 0 0 . i N S i g H t t i N S i g H t. c o m

Solution OverviewAs an Authorized Scanning Vendor (ASV) for PCI, Insight offers scanning services to meet the needs of small and mid-sized businesses as well as large enterprises. This data sheet provides a detailed description of our services and also contrasts our Insight PCI service with the other low cost options on the market.

Although critical to your overall compliance program, quarterly network security scanning is one of 200+ requirements in the Data Security Standard (DSS). To assist our customers with correctly applying the DSS to their unique environment, Insight also offers the Insight PCI Gap Analysis service, which summarizes your compliance status with the entire standard. Once the gaps in your environment are identified, our final report provides recommendations to remedy each gap, ranging from ongoing documentation maintenance to network architecture for scope reduction (and significant cost savings).

Our Proven MethodologyEach quarter, a PCI trained expert will schedule the scan for a date and time of your choosing. The scans are usually scheduled for after-hours or weekends to minimize disruption to normal business processes. Prior to execution of each scan, the consultant will request validation of several key pieces of information, such as network addresses, major changes to the environment since the last scan and whether or not an IPS in place that will interfere with the scan results.

Once the information is validated, the scan will be conducted within the timeframes you provide. During execution, you will have direct access to the consultant monitoring the scan. Upon completion, you will be notified immediately of any high-risk findings that will prevent compliance and the final report will be made available within one week of completing the scan.

In the event a failing grade is achieved, Insight will provide all of the information necessary to rectify any deficiencies and provide a free rescan using the same process. Whereas the requirement is to achieve a passing grade for each quarter, additional scans beyond the first rescan will be provided at an additional charge.

All reports meet PCI requirements for quarterly scanning and follow a format mandated by the PCI Security Standards Council. Report delivery is accompanied by a meeting with our PCI experts to review the report and discuss trends and required actions.

PCI Scanning Services

AbOut InSIght

Insight Networking is a strategic business unit of Insight, a technology solutions provider serving global and local clients in 170 countries. Today, thousands of clients, including more than 80 percent of the Global Fortune 500, rely on Insight to acquire, implement and manage technology solutions to empower their business. Insight provides software and licensing services globally. In addition, we offer a comprehensive portfolio which also includes networking, hardware and value added services for our clients in North America and the U.K. We are aggressively expanding our global capabilities by introducing new offerings, including hardware and services, to meet emerging needs for our clients worldwide. Insight is ranked No. 484 on the 2009 Fortune 500.

1 . 8 0 0 . i N S i g H t t i N S i g H t. c o m

Insight PCI Scanning Other Competitors

Scanning Approach Scheduled and managed like a project, including significant interaction with our scanning

Self-service portal with limited interaction with “real people”

Vulnerability Scanning Engine Rapid7 Nexpose Varies, but frequently a modified Nessus scanning

Web Application Scanning Engine

Rapid7 Nexpose performs a surface-level scan for SQL injection and Cross-Site Scripting (XSS) in any custom web application

In many cases, none unless additional tools are brought to bear, extending the amount of time required to complete the scan

Manual testing of web No No

Confirmation of vulnerabilities through penetratration

No No

Validation of customer networks and domains before initiating scans

Manually validated with customer before starting each scan

On customer-initiated change notice

Report Format Auto-generated Auto-generated

Report Reviews QSA reviews report to determine

No expert review

Report Delivery Venue Scheduled meeting w/ QSA resource to review findings and analyze recurring trends with customer

Automated report delivery without expert analysis or intervention.

Pricing Entry Point ~$2,900/year $500-$1500/year

Insight and the Insight logo are registered trademarks of Insight Direct USA, Inc. All other trademarks, registered trademarks, photos, logos and illustrations are the property of their respective owners. ©2009, Insight Direct USA, Inc. All rights reserved. Updated 5.09

Comparison Against Other Low Cost Options

Insight PCI Compliance Management Offerings •Insight PCI Gap Analysis •Insight PCI Scanning •Insight PCI Compliance Portal •Insight PCI Audit Service

Other Assessment and Compliance Offerings •PerimeterSecurityAssessments •InternetSecurityAssessment •WirelessSecurityAssessment •RemoteAccessSecurityAssessment •FirewallPolicy&ConfigurationAnalysis •InternalSecurityAssessments •InternalRisk&VulnerabilityAssessment •DataManagementPracticesAssessment(DBAs) •DataManagementPracticesassessment(Endusers) •WebApplicationSecurityAssessment •SocialEngineeringAssessment •HIPAAComplianceConsulting •NERCCIPComplianceConsulting •GLBA/FFIECComplianceConsulting •NetworkandHostSecurityTechnologyDesignandImplementation •24x7ManagedNetworkandSecurityServices