Our ASV (Approved Scanning Vendor) vulnerability scanning service is an automated process which validates the security of your internet facing systems and web applications. Throughout this process, Vectra will scan for weaknesses in your data security. Vectra's ASV security services are conducted through our trusted SecurityMetrics partnership, providing industry-leading scanning capabilities. Quarterly ASV vulnerability scanning of internet facing systems is a mandatory PCI DSS requirement for most businesses and organisation's providing card payment services. Even if it's not a PCI DSS requirement for you, regular scanning is also a good cyber security practice.
ASV stands for Approved Scanning Vendor. It is a designation given by the Payment Card Industry Security Standards Council (PCI SSC) to organisations that have been qualified to validate adherence to certain PCI DSS compliance requirements by performing vulnerability scans of merchants and service providers. ASVs have proven their capability to offer high-quality, consistent vulnerability scanning services that align with the PCI DSS. Engaging with an ASV ensures that your organisation's external-facing systems are routinely checked for vulnerabilities.
ASV Scanning refers to the vulnerability scanning process carried out by an Approved Scanning Vendor. The primary purpose of this scan is to identify vulnerabilities in the external-facing systems and networks of businesses and organisations that could be exploited by malicious entities. These scans are an essential component of the PCI DSS compliance process for many.Features of ASV Scanning:Scope Determination: The process begins by determining which systems are in scope for PCI DSS. Typically, these are the systems that are involved in the storage, processing, or transmission of cardholder data.Regular Scans: ASV Scans are typically conducted on a quarterly basis, but can also be performed after any significant change to the network.Detailed Reports: After each scan, the ASV provides a detailed report outlining any vulnerabilities discovered, their severity, and recommendations for remediation.Pass/Fail Criteria: For the sake of PCI DSS compliance, the scanned entity must not have any vulnerabilities rated 4.0 or higher (on the CVSS scale) that are not mitigated. If such vulnerabilities are present, the entity will need to address them and then undergo a rescan.Continuous Improvement: ASV scanning isn't a one-off process. The cyber security landscape is constantly evolving, and new vulnerabilities are discovered frequently. Regular scanning ensures that organisations can stay ahead of potential threats.
ASV scanning is an invaluable tool in the cyber security arsenal of any organisation that deals with cardholder data. It provides assurance that external-facing systems have been checked against known vulnerabilities and helps in maintaining a robust security posture.
Vectra's ASV Vulnerability Scanning Service is accessed by a web-based scanning portal. The portal allows a business or organisation to easily configure automated quarterly scans as required by PCI DSS requirement 11.2.2. It also allows for scans to be run on an ad-hoc basis when required.The portal provides easy access to the latest scan results and keeps all historical scan reports.Vectra's ASV Scanning Portal also provides an interface to facilitate investigation and resolution of any false positives.
The detailed reports provided as part of our ASV services are available for download on the portal.These scans are comprehensive and will:Identify security weaknessesProvide a risk ratingRemediation advice
Our ASV scanning service is supported by a local Australian based Service Desk. Our ASV Service Team are able to provide technical support and remote administration of the service plus track and monitor any disputed scan results.
Complete the form below and our ASV Team will be in touch to discuss your scanning requirements.