Managed Vulnerability Scans

Vulnerability Scanning

The Payment Card Industry Data Security Standard (PCI DSS) requires organisations to perform external vulnerability scanning (ASV scanning) and in some cases internal vulnerability scanning as well. 

External vulnerability scans are required for most merchants even if able to leverage a reduced scope. Some merchants will also have to complete internal vulnerability scanning. 

Service providers may have to complete internal or external vulnerability scanning depending on the scope of the service. 

How Confide Can Help

We provide an independent, trained resource to help you run the scans. This helps to ensure that:

  • You have a separation of responsibilities between the people running the scans and the people managing the systems. 
  • You have someone running scans who understands the tools and the findings and who has demonstrated their knowledge through product certifications
  • You get a prioritised report that helps you understand what vulnerabilities need to be fixed to maintain PCI DSS compliance. 

We can either help arrange a subscription for you or you can provide our consultants access to your existing scan service to allow them to support your scanning. 

Benefits of Managed Scans

You can reduce the work that you have to do as part of your PCI DSS compliance which in turn results in a reduced cost and effort.

If you’ve been scanning quarterly, this increases the risk that you are waiting three months to find out about new vulnerabilities. Because we manage the service, we run scans more frequently to alert you earlier to potential vulnerabilities you may be exposed to.

A common problem that we’ve seen is that teams forget to get scans attested. This is a key part of a passing scan. We help minimise this risk by working with you to get scans attested at a regular cadence. You still have to fix vulnerabilities that are identified, but we help you along the way.