PCI DSS ASV scanning
Requirement 11.2 of the PCI DSS (Payment Card Industry Data Security Standard) describes the need to run internal and external network vulnerability scans at least quarterly and after any significant change in the network.
Conducting vulnerability scans provides valuable information that supports efficient patch management and other security measures that improve protection of the CDE (cardholder data environment) against attacks.
Get in touch today
Our team of security consultants can advise you on how PCI DSS testing requirements apply to your organisation.
Speak to an expert
Our ASV scanning solution: HackerGuardian
Powered by Comodo, our HackerGuardian scanning service performs highly accurate scanning of your externally facing systems as required by the PCI DSS.
It provides organisations, online merchants and other service providers that handle credit cards with a simple and automated way to stay compliant with the PCI DSS.
It runs more than 60,000 tests on your organisation’s servers and network, and provides clear advice on how to fix any security vulnerabilities.
Prices start at £165
Prices start at £265
Did you know?
Regular vulnerability scanning helps preserve information security. Although firewalls are designed to keep malicious actors out of your networks, they must leave specific ports open for web, mail, FTP and other Internet-based services, leaving you vulnerable to exploitation. Vulnerability scans can help identify these weaknesses.
Scanning tools essentially run a series of if-then scenarios designed to detect system settings and the telltale signs of vulnerabilities. A completed scan will provide a logged summary of alerts for you to act on.
The PCI DSS requires that external scans must be performed at least quarterly and that it must be conducted by an ASV (Approved Scanning Vendor) approved by the PCI SSC (Payment Card Industry Security Standards Council). To pass an ASV scan, all items listed as critical, high-risk or medium-risk (or with a CVSS score of 4.0 or higher), and specific findings that are considered an ‘automatic failure’, must be either remediated or disputed by the organisation.
Benefits of HackerGuardian ASV scanning
- Our external network vulnerability scans are certified to meet or exceed all the rigorous requirements of the PCI ASV scanning standards.
- Detailed reports identify security holes exposed by HackerGuardian's 60,000+ tests and contain actionable fix recommendations.
- Free PCI 'self-assessment' questionnaire available via the online wizard.
- Secure web-based interface allows you to schedule up to ten PCI scans per quarter on up to five servers.
- Add IP Address Packs to your licence to allow you to scan additional external IP addresses.
Is a PCI ASV scan right for you?
All acquiring banks require proof that an organisation is PCI compliant before processing credit card payments, online or offline. Failure to provide proof of being PCI compliant (called an Attestation of Compliance) will result in a fine per payment card transaction from your bank.
Scan and generate reports with ease:
- Quick setup wizards and an intuitive user interface make it simple to run scans and get the reports you need to submit for PCI compliance.
- You will receive a comprehensive vulnerability report detailing any security issues identified by the scan with remediation advice cross-referenced to thousands of online advisories to help you fix the problem.
Get a quote for our HackerGuardian ASV scanning solution
Our team of experts is available to discuss your PCI scanning needs, and can advise on security testing services to help you achieve compliance. Get in touch with us today.