Aurora Earns an ‘A’ From AAA Oregon/Idaho – Company Completes PCI Penetration Test in Two Weeks
• Needed an internal penetration test to meet PCI compliance
• Wanted to have testing completed within a 30-day period
• Contacted the security consulting team at Aurora®
• Penetration test completed in two weeks
• Remote testing reduced cost, inconvenience
“It was an extremely fast turnaround.”
–Erin Benedictson, AAA Oregon/Idaho
AAA is synonymous with helping motorists in need. Members of the AAA Club receive roadside assistance, towing and fuel delivery, as well as discounts on hotels and other travel necessities.
As with any company that accepts customer payments via credit card, AAA must comply with PCI regulations, passed to secure the network environment in which most merchants and software providers operate. One of these requirements is an annual internal penetration test of security systems and processes.
When the Oregon/Idaho AAA Club needed this test performed, the club’s Information Security Analyst, Erin Benedictson, contacted Aurora.
“We were pressed for time,” Benedictson explained. “We were starting the process in January and had to turn it in by first of February.”
The Aurora testing procedure comprises a tactical approach to securing all infrastructure risk. Tests are conducted against a company’s Internet perimeter and internal systems using real world attack techniques, both automated and manual.
“The customer was pleased with our ability to come in, get it quoted, get it done, and come up with some solid recommendations in a very efficient fashion,” said Gary Bahadur, Manager of Security Services at Aurora. “We were brought in at the beginning of January, 2011 and completed the test in about two weeks. They were very happy with the way we were able to take care of this so quickly.”
“It was an extremely fast turnaround,” Benedictson said. “Usually the process takes a lot longer, especially if you have to get into negotiating prices. But Aurora came in with a price that we were able to run with, without going back and forth.”
While the test was completed quickly, it was as thorough as any that the AAA Club had experienced in previous years, according to Benedictson. “It reflected the amount of detail you would expect from a test of this magnitude,” he said.
“Our goal is always to make sure our analysis processes are as non-disruptive to the organization as possible,” Bahadur said. “That takes into account not only the time required, but also an effort to limit any intrusion into the company’s day-to-day operations.”
Benedictson said having the test conducted remotely was not only more efficient; it helped AAA to save money. “Previously we had to have someone in house to complete the test, and that meant flying them in and putting them up for a couple of days, plus allowing them access to come in at night and do the work. With Aurora we saved money, it was a lot more convenient, and we had the same level of service as in years past.”