PCI Compliance - Scanning Service
PCI DSS
PCI Compliance via the Cloud
Immediate deployment - no hardware to set up, always up-to-date
Scan your network for vulnerabilities, determining if your network security is compromised and reporting whether the systems are compliant or not-compliant to the Payment Card Industry - Data Security Standards (PCI DSS).
Assess - Remediate - Report
Benefits
> Protect cardholder information and keep networks secure from attacks
> Service partners are Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV) and Payment Application Qualified Security Assessors (PA-QSA) > Fully certified to assess PCI DSS compliance > Automatic scanning service > subscription based service > Pass a network security scan every 90 days by an approved scanning vendor > Maintain secure web applications according to PCI Requirement 6.6 |
> Addresses requirements for external scanning in Requirements 6 and 11
> Document and submit proof of compliance to acquiring banks > submit your scan results and questionnaire to your acquiring banks > PCI Security Council Self-Assessment Questionnaire > Scan vulnerability types within any application (built or customized in-house, or purchased) > Service and Data protection provided by SAS 70 II audited security architecture. > Tamperproof architecture ensures that scan results are never manipulated |
Solution
> Turnkey deployment requires no software to deploy or maintain.
> Discovery of live devices to help merchants define systems that are in scope for PCI.
> PCI Technical Report is used to identify and prioritise remediation.
> PCI Executive Report is submitted directly to your acquiring banks as proof of PCI compliance.
> Authorised users can conduct vulnerability and Web application scans from anywhere using a Web browser.
> False positive exception handling
> Infrastructure Network Security Scan
- Tests firewalls, routers, switches, etc.
- Tests web, mail and database servers
- Checks open ports and services
- Checks for Trojans, common worms and backdoors
- Continually updates and detects PCI-defined vulnerabilities
> For all web applications that must be secured to meet PCI requirements:
- Detects and specifies vulnerabilities in those applications
- Provides clear remediation instructions to fix vulnerabilities, down to the precise URL and exact nature of the problem.
- Works on custom built, customised in-house, or purchased web applications
- Spiders customer websites to ensure Total Coverage
- Tests for complete OWASP Top 10
Also See
> PCI Solutions