A recent acquisition is enabling Trustwave to add malicious-software detection to the data-security scans the company performs to check compliance with Payment Card Industry data security standards.
The malware-detecting software, which the Chicago-based security vendor is picking up with the impending purchase of M86 Security, should serve as a differentiator for ISOs and agents that promote it to merchants, Doug Klotnia, Trustwave executive vice president, tells ISO&Agent Weekly.
Merchants should welcome the offering as another way to cope with criminals seeking to steal card data, notes Todd Ablowitz, president of Centennial, Colo.-based Double Diamond Group LLC.
“The bad guys keep evolving, and you have to stay ahead of the curve by doing the best job you can of detecting malware,” Ablowitz tells ISO&Agent Weekly. “When you detect the malware, you win.”
Malware can lurk on even legitimate websites, waiting for the opportunity to infect visitors’ computers, Klotnia says.
Incorporating the cloud-based malware-detection feature into daily TrustKeeper PCI scans gives small merchants an affordable approach to combating the problem, he maintains, noting that previous options were limited to high-priced offerings.
The product also will detect password weaknesses that can give rise to data breaches, Klotnia says.
Trustwave intends to keep a number of M86 developers on the job in their facilities in New Zealand and Israel, Klotnia says. “We want those engineering capabilities,” he notes. “They are key to maintaining the technology.”
Incorporating the software into the Trustwave scans could take a matter of months, Klotnia anticipates.
Once the software’s in place, merchants should find it as unobtrusive as the virus protection familiar to most nearly everyone who uses a computer, he says.
“I don’t think about it,” Klotnia says of such safeguards. “It tells me if needs patch, and I know I’m protected.”
Trustwave intends to work with ISOs and acquirers on how to present the product to merchants, he says.
The software also augments Trustwave’s practice of monitoring merchants to ensure the retailers are not selling anything the card brands prohibit, Klotnia maintains. The card brands may fine ISOs and acquirers if merchants sell anything disallowed, he notes.
Besides the malware-detection software, Trustwave is acquiring M86’s Web and email security products and gateway, a Trustwave press release said.
