ASV Scanning Services

To comply with PCI DSS, irrespective of levels, organizations have to practice effective and thorough approach for patch management and vulnerability management process. Besides annual PCI compliance an organization needs to present the results of the quarterly network perimeter scans and evidence of application and network penetration tests. SISA as an organization with strong technical security skills in addition to be an Approved Scanning Vendor validates adherence to certain PCI DSS requirements by performing vulnerability scans of public facing PCI environments.

SISA's scanning service 'SecureScan' is approved by PCI Security Standard Council. Our services are used and appreciated by various organizations across the globe.


Administrative Features of SISA 'SecureScan'

SISA 'SecureScan' is the most accurate and most used ASV scan used for testing, reporting and submission.

Conduct both network scan and web application security scan to efficiently identify and eliminate all security vulnerabilities.

According to PCI requirement 6.6 organizations need to maintain secure web applications. It does a web-application scan to evaluate all web applications hosted in organization environment by-

Scanning vulnerability types within any application (built or customized in-house, or off-the-shelf product)

Crawling web applications

Identifying cross-site scripting vulnerabilities

Conducting authenticated and unauthenticated scanning

Network perimeter mapping for rapidly identifying all network devices that can be seen from the internet and report comprehensive information about them. It detects rouge devices including virtual hosts that may have been maliciously placed on your network and which is assessable over internet.


Technical features of SISA 'SecureScan'

Systematic vulnerability identification

Comprehensive vulnerability Knowledge Base.

Non-intrusive detection techniques

Inference-based scanning engine.

Scans are configurable for optimum performance and minimum network load.

Unique fingerprints for over 2,000 operating systems, applications and protocols.

Automated Unlimited Scanning schedules & automates network discovery and vulnerability scan tasks on a daily, weekly or monthly basis.

Industry standard support for vulnerability scoring with Common Vulnerability Scoring System (CVSS).

Industry standard support for the addition of custom detections using Open Vulnerability Assessment Language (OVAL).

CVE-Compatible


Illustrative & Structured reporting

Executive Dashboard provides illustration of risk.

Graph and Vulnerability Trend Reports for managers.

Detailed Executive Technical Reports with verified remediation actions for technicians.

SANS Top 20 Report provides industry baseline.

Top 10 reports of the top ten most prevalent vulnerabilities (both internal and external).

Threat Exposure Estimation Risk analysis report predicts the likelihood of exposure.

CVE, Security Focus and Bugtraq-referenced vulnerability checks with detailed remediation instructions.


Solutions for Vulnerability Fixation

PCI compliance expertise from our vast pool of Qualified Security Assessors

Security expertise from vast pool of CISSP's, CISA's, CEH's

Detailed advance advice plus an optional phone call before we perform the test to ensure that you have the time to remediate configurations before testing begins, increasing your chances of compliance on the first test.


A Comprehensive evaluation of your information security program

Detailed recommendations for improving your security posture beyond the minimum PCI requirements. We know that you expect more from a manual testing service than the cutting and pasting of findings into a report. We look at building each report and recommendation plan with the care and attention to detail that would go into building a custom race car.

Support by email, plus one remediation planning session by conference call after each test.

PCI Onsite Assessment service by QSA can be availed to ensure full compliance and avoid an expensive fine in case of compromise.