Why run a PCI ASV scan?
Requirement 11.2 of the Payment Card Industry Data Security Standard (PCI DSS) describes the need to run internal and external network vulnerability scans at least quarterly and after any significant change in the network.
Conducting vulnerability scans provides valuable information that supports efficient patch management and other security measures that improve protection of the CDE (cardholder data environment) against attacks.
Our ASV scanning solution: HackerGuardian
Powered by Comodo, our HackerGuardian scanning service performs highly accurate scanning of your externally facing systems as required by the PCI DSS.
It provides organisations, online merchants and other service providers that handle credit cards with a simple and automated way to stay compliant with the PCI DSS.
It runs more than 60,000 tests on your organisation’s servers and network, and provides clear advice on how to fix any security vulnerabilities.
Prices start at £265
Did you know?
Regular vulnerability scanning helps preserve information security. Although firewalls are designed to keep malicious actors out of your networks, they must leave specific ports open for web, mail, FTP and other Internet-based services, leaving you vulnerable to exploitation. Vulnerability scans can help identify these weaknesses.
Scanning tools essentially run a series of if-then scenarios designed to detect system settings and the telltale signs of vulnerabilities. A completed scan will provide a logged summary of alerts for you to act on.
The PCI DSS requires that external scans must be performed at least quarterly and that it must be conducted by an ASV (Approved Scanning Vendor) approved by the PCI SSC (Payment Card Industry Security Standards Council). To pass an ASV scan, all items listed as critical, high-risk or medium-risk (or with a CVSS score of 4.0 or higher), and specific findings that are considered an ‘automatic failure’, must be either remediated or disputed by the organisation.
Benefits of HackerGuardian ASV scanning
- Our external network vulnerability scans are certified to meet or exceed all the rigorous requirements of the PCI ASV scanning standards.
- Detailed reports identify security holes exposed by HackerGuardian's 60,000+ tests and contain actionable fix recommendations.
- Free PCI 'self-assessment' questionnaire available via the online wizard.
- Secure web-based interface allows you to schedule up to ten PCI scans per quarter on up to five servers.
- Add IP Address Packs to your licence to allow you to scan additional external IP addresses.
Is a PCI ASV scan right for you?
All acquiring banks require proof that an organisation is PCI compliant before processing credit card payments, online or offline. Failure to provide proof of being PCI compliant (called an Attestation of Compliance) will result in a fine per payment card transaction from your bank.
Scan and generate reports with ease:
- Quick setup wizards and an intuitive user interface make it simple to run scans and get the reports you need to submit for PCI compliance.
- You will receive a comprehensive vulnerability report detailing any security issues identified by the scan with remediation advice cross-referenced to thousands of online advisories to help you fix the problem.