Assessment Services

Vulnerability Scanning

STN provides a managed process that finds known vulnerabilities in networks and applications.

Schedule your assessment
STN Cybersecurity Portal screen

External Scanning

  • Scan and secure the network perimeter of your data environment
  • Full report of vulnerabilities with risk-level prioritization and recommendations for remediation
  • Analyze web servers and all perimeter security devices
  • PCI Approved Scanning Vendor (PCI-ASV) scans
  • Full report of vulnerabilities with risk-level prioritization and recommendations for remediation
  • Review of your scan results and remediation priorities by a STN Security Analyst

Internal Scanning

  • STN configures and deploys SecureSensor for scan
  • Discovery and configuration of scan targets
  • Network devices, servers, workstations, peripherals
  • Scan report is provided via the Cybersecurity Portal
  • Full report of vulnerabilities with risk-level prioritization and recommendations for remediation
  • Review of your scan results and remediation priorities by a STN Security Analyst
STN Cybersecurity Portal screen

Credentialed Scan Benefits

No disruption to operations because the operations are executed on the host itself
Definitive list of missing patches rather than an attempt to find a vulnerability
Client-side software vulnerabilities are uncovered
Ability to discover other “vulnerabilities”
Person changing their password on a laptop

Read password policies

Person plugging a USB into a laptop

Obtain a list of USB devices

Man scanning for viruses on a computer

Check anti-virus software configurations

Woman talking to a bluetooth speaker device next to her laptop

Enumerate Bluetooth devices attached to scanned hosts

Scan Results Stored in the STN Cybersecurity Portal

Results can be exported to Excel and can be sorted by:
Severity | Category | IP Address

STN Cybersecurity Portal screen
  • Address each finding
  • Add comments on compensating controls for print out in final report

Integration with STN’s Cybersecurity Portal

  • Ticket creation for remediation
  • Auditable results showing progressive improvements
STN Cybersecurity Portal screen

STN’s PCI ASV Scanning

PCI logo

Any company that has networks that touch payment card transactions is required to regularly scan their networks for PCI Compliance. In addition, these companies must have these scans reviewed by a third party.

STN utilizes Tenable-Nessus which is a PCI Approved Scanning Vendor (ASV).

PCI ASV Scanning Requirements

External

External scanning requirements for a ROC organization:

A passing ASV scan must be performed on ALL of your external networks, devices, and IP addresses (not just the In-scope items) every quarter.

If you are not able to get a passing ASV scan within the 3 months, then you must show that you performed an ASV scan and worked to fix the findings several times during the quarter.

We recommend to ROC customers to scan and patch every 2 weeks until you can pass the scan.

QSAs will typically ask their client to send ALL of your ASV scan reports and at least one Attestation of Scan Compliance certificate for each quarter.

External scanning requirements for SAQ-D organizations:

PCI SAQ-D ASV requirements are the same unless ALL of their payment processors agree that they do not need an ASV scan. (This is never the case.)

Internal

Internal scanning requirements for ROC and SAQ-D organizations:

Internal scans requirements for ROC and SAQ-D are the same, except you may limit the scope of the scans (and/or the passing results) to just those In-Scope devices, servers, systems, and networks.

You will still need at least one passing scan every quarter or show that you are continually scanning and patching throughout the quarter.

SAQ-D clients will ALWAYS need to perform internal scans.

Get in touch

Schedule your risk-free consultation.

Contact us today to speak with an expert about your specific needs.

Stay in the Cloud

Sign Up for Our Newsletter

Sign up for our monthly newsletter for to stay up to date.

Copyright © 2020 STN Inc. All Rights Reserved.