Assessment Services
Vulnerability ScanningSTN provides a managed process that finds known vulnerabilities in networks and applications.
External Scanning
- Scan and secure the network perimeter of your data environment
- Full report of vulnerabilities with risk-level prioritization and recommendations for remediation
- Analyze web servers and all perimeter security devices
- PCI Approved Scanning Vendor (PCI-ASV) scans
- Full report of vulnerabilities with risk-level prioritization and recommendations for remediation
- Review of your scan results and remediation priorities by a STN Security Analyst
Internal Scanning
- STN configures and deploys SecureSensor for scan
- Discovery and configuration of scan targets
- Network devices, servers, workstations, peripherals
- Scan report is provided via the Cybersecurity Portal
- Full report of vulnerabilities with risk-level prioritization and recommendations for remediation
- Review of your scan results and remediation priorities by a STN Security Analyst
Credentialed Scan Benefits
No disruption to operations because the operations are executed on the host itself
Definitive list of missing patches rather than an attempt to find a vulnerability
Client-side software vulnerabilities are uncovered
Ability to discover other “vulnerabilities”
Read password policies
Obtain a list of USB devices
Check anti-virus software configurations
Enumerate Bluetooth devices attached to scanned hosts
Scan Results Stored in the STN Cybersecurity Portal
Results can be exported to Excel and can be sorted by:
Severity | Category | IP Address
- Address each finding
- Add comments on compensating controls for print out in final report
Integration with STN’s Cybersecurity Portal
- Ticket creation for remediation
- Auditable results showing progressive improvements
STN’s PCI ASV Scanning
Any company that has networks that touch payment card transactions is required to regularly scan their networks for PCI Compliance. In addition, these companies must have these scans reviewed by a third party.
STN utilizes Tenable-Nessus which is a PCI Approved Scanning Vendor (ASV).
PCI ASV Scanning Requirements
External
External scanning requirements for a ROC organization:
A passing ASV scan must be performed on ALL of your external networks, devices, and IP addresses (not just the In-scope items) every quarter.
If you are not able to get a passing ASV scan within the 3 months, then you must show that you performed an ASV scan and worked to fix the findings several times during the quarter.
We recommend to ROC customers to scan and patch every 2 weeks until you can pass the scan.
QSAs will typically ask their client to send ALL of your ASV scan reports and at least one Attestation of Scan Compliance certificate for each quarter.
External scanning requirements for SAQ-D organizations:
PCI SAQ-D ASV requirements are the same unless ALL of their payment processors agree that they do not need an ASV scan. (This is never the case.)
Internal
Internal scanning requirements for ROC and SAQ-D organizations:
Internal scans requirements for ROC and SAQ-D are the same, except you may limit the scope of the scans (and/or the passing results) to just those In-Scope devices, servers, systems, and networks.
You will still need at least one passing scan every quarter or show that you are continually scanning and patching throughout the quarter.
SAQ-D clients will ALWAYS need to perform internal scans.
Get in touch
Schedule your risk-free consultation.
Contact us today to speak with an expert about your specific needs.
Stay in the Cloud
Sign Up for Our Newsletter
Sign up for our monthly newsletter for to stay up to date.
Partners
Company
Copyright © 2021 STN Inc. All Rights Reserved.