Securing business data
Call us today on 020 7592 8800

Vulnerability Scanning

PCI ASV Scanning

As well as being a requirement under the PCI DSS standard automated scanning is a very useful tool.Its extremely cheap and offers a convenient way of performing regular, easy, quick error checks, e.g after a firewall change a scan could be run to make sure a port hasn’t been opened by mistake. Once the Qualys ASV account has been created, for the period of a year, against the originally specified IPs(additional IPs will incur additional costs), unlimited scans can be run on request(please note, if consultancy services have been sold as part of the package there may be an additional charge), ASV is gross error checking, its quick, easy, convenient and cheap.

________________________________________________________________________________________

Automated Internal Scan

It is extremely cheap and offers a convenient way of performing regular, easy, quick error checks, e.g after a firewall change a scan could be run to make sure a port hasn't been opened by mistake.  CNS recommend either monthly or quarterly scans, however additional scans can be run on request(please note, scans are sold on a per-scan per-ip basis so additional charges will be incurred for additional scans), Automated Scanning is gross error checking, its quick, easy, convenient and cheap.   

________________________________________________________________________________________

Comparison to Manual Testing  

Automated scanning, whatever tool is used, is not perfect, it will miss complex issues, it will miss logic issues and it will also generate false positives (it will identify issues as existing, when in-fact they do not exist).  Manual testing, relays on the technical understanding and instinct of the tester.  Automated test results should always be considered carefully and ideally evaluated by a skilled technical resource. 

_______________________________________________________________________________________

Automated  External Scan 

Offers a convenient way of performing regular, easy, quick error checks, e.g after a firewall change a scan could be run to make sure a port hasn't been opened by mistake.  CNS recommend either monthly or quarterly scans, however additional scans can be run on request(please note, scans are sold on a per-scan per-ip basis so additional charges will be incurred for additional scans), Automated Scanning is gross error checking, its quick, easy, convenient and cheap.   

________________________________________________________________________________________

Options

 
CNS can provide a number of options for automated scans.  Fully Managed - CNS will run the scans , review the reports, recommend remediation plans and offer technical advice. Partially Managed - CNS will run the scans, briefly review the report, and be available for time limited technical discussions

 

 


 

CESG CHECK Accreditation