Our offer includes both external and internal scanning services and PCI ASV scans.
Audits consist of checking external facing, publicly available IT resources (IP addresses IPv4 and/or IPv6, networks, domains etc.) using over 150.000 non-invasive tests designed for various technologies, platforms and applications.
The aim of the network vulnerability scan is to detect deficiencies in the architecture and configuration of the analyzed system, which then could be used to penetrate the system components firewalls, servers to the internal network. Auditors will explain the scope and course of the scan, will present the most common errors and provide assistance in any non-compliances found.
PCI DSS - REQUIREMENTS
11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).
11.2.1: Perform quarterly internal vulnerability scans. Address vulnerabilities and perform rescans to verify all “high risk” vulnerabilities are resolved in accordance with the entity’s vulnerability ranking. Scans must be performed by qualified personnel.
11.2.2: Perform quarterly external vulnerability scans, via an Approved Scanning Vendor (ASV) approved by the PCI SSC. Perform rescans as needed, until passing scans are achieved.
11.2.3: Perform internal and external scans, and rescans as needed, after any significant change. Scans must be performed by qualified personnel.
