Assessment Services

Vulnerability Scanning
STN provides a managed process that finds known vulnerabilities in networks and applications.
Schedule your assessment

External Scanning

  • Scan and secure the network perimeter of your data environment
  • Full report of vulnerabilities with risk-level prioritization and recommendations for remediation
  • Analyze web servers and all perimeter security devices
  • PCI Approved Scanning Vendor (PCI-ASV) scans
  • Full report of vulnerabilities with risk-level prioritization and recommendations for remediation
  • Review of your scan results and remediation priorities by a Redhawk Security Analyst

Internal Scanning

  • STN configures and deploys SecureSensor for scan
  • Discovery and configuration of scan targets
  • Network devices, servers, workstations, peripherals
  • Scan report is provided via the Cybersecurity Portal
  • Full report of vulnerabilities with risk-level prioritization and recommendations for remediation
  • Review of your scan results and remediation priorities by a Redhawk Security Analyst

Credentialed Scan Benefits

No disruption to operations because the operations are executed on the host itself

Definitive list of missing patches Rather than an attempt to find a vulnerability

Client-side software vulnerabilities are uncovered

Read password policies

Obtain a list of USB devices

Check anti-virus software configurations

Enumerate Bluetooth devices attached to scanned hosts

Scan Results Stored in the Redhawk Cybersecurity Portal

Results can be exported to Excel and can be sorted by:
Severity | Category | IP Address

  • Address each finding
  • Add comments on compensating controls for print out in final report

Integration with STN’s Cybersecurity Portal

  • Ticket creation for remediation
  • Auditable results showing progressive improvements

STN’s PCI ASV Scanning

Any company that has networks that touch payment card transactions is required to regularly scan their networks for PCI Compliance. In addition, these companies must have these scans reviewed by a third party.

STN utilizes Tenable-Nessus which is a PCI Approved Scanning Vendor (ASV).

PCI ASV Scanning Requirements

External

External scanning requirements for a ROC organization:

A passing ASV scan must be performed on ALL of your external networks, devices, and IP addresses (not just the In-scope items) every quarter.

If you are not able to get a passing ASV scan within the 3 months, then you must show that you performed an ASV scan and worked to fix the findings several times during the quarter.

We recommend to ROC customers to scan and patch every 2 weeks until you can pass the scan.

QSAs will typically ask their client to send ALL of your ASV scan reports and at least one Attestation of Scan Compliance certificate for each quarter.

External scanning requirements for SAQ-D organizations:

PCI SAQ-D ASV requirements are the same unless ALL of their payment processors agree that they do not need an ASV scan. (This is never the case.)

Internal

Internal scanning requirements for ROC and SAQ-D organizations:

Internal scans requirements for ROC and SAQ-D are the same, except you may limit the scope of the scans (and/or the passing results) to just those In-Scope devices, servers, systems, and networks.

You will still need at least one passing scan every quarter or show that you are continually scanning and patching throughout the quarter.

SAQ-D clients will ALWAYS need to perform internal scans.

“As a small Credit Union, we have very limited staff and time. We need a tool that provides us with a quick and easy way of fulfilling our regulatory assessments. Not only does STN’s tool do the job, but it also allows us to compare against past assessments and reveal trends through our history. This has been very powerful in determining where we have been deficient and where we are excelling. Redhawk’s FFIEC self assessment tool also provides us a quick and easy way to report to our board and our NCUA examiners on our improvements and progress.”

— Information Security Analyst

“STN’s new FFIEC tool simplifies the process of ascertaining risk levels, assessing an organization’s maturity level, and gauging progress needed and made over time. An accessible and intuitive interface makes it easy to use, STN has created a valuable tool for reporting and documenting FFIEC data as it pertains uniquely to your company.”

— Vice President / Information Security Officer

Get in touch

Schedule Your Risk-Free Consultation

Contact us today to speak with an expert about your specific needs.

Stay in the Cloud

Sign Up for Our Newsletter

Sign up for our monthly newsletter for to stay up to date.

Copyright © 2020 STN Inc. All Rights Reserved.