Scanning your infrastructure for vulnerabilities
ASV-scanning according to PCI DSS Standard
Vulnerabilities can cause serious and large-scale consequences for your organization. Vulnerability scanning will identify the weak points in the IT infrastructure and allow you to manage them effectively.
AAA can provide you with the one-time vulnerability scanning of your infrastructure or provide vulnerability scanning as a service on regular basis.
PCI DSS requirements
11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).
There are three types of vulnerability scanning required for PCI DSS:
Requirements of ISO 27001 and Regulation Act #95 of National Bank of Ukraine
А.12.6.1 Management of technical vulnerabilities
Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organization’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.
Using two vulnerability scanners simultaneously to reduce false negative
ASV-scanning of external perimeter according to PCI DSS
External and internal perimeter scanning (with/without authentication)
Web-application smart scanning (with authentication and scanner learning)