What are ASV services?
ASV services are vulnerability scanning services performed by a vendor which has been approved to conduct vulnerability scans in line with PCI DSS requirements.
Payment Card Industry (PCI) Data Security Standard (DSS), requirement 11.2 mandates organisations to:
Run internal and external network vulnerability scans at least quarterly and after any significant change in the network.
Quarterly external scans must be performed by an Approved Scanning Vendor (ASV).
Nettitude is a certified Payment Card Industry (PCI) Approved Scanning Vendor (ASV).
Do You Need An ASV Scan?
Vulnerabilities in operating systems, applications and services across your Cardholder Data Environment (CDE) leave organisations and their customers data at risk. Vulnerability scanning is mandated by PCI DSS and should be part of a comprehensive risk management strategy.
Nettitude offer two flexible solutions: Self-Service ASV Services and Managed ASV Scanning.
About The Service
Managed ASV Services
Nettitude’s managed ASV scanning takes the headache out of the ASV process. If Nettitude identify any issues within your internet facing infrastructure our team provide guidance over the phone to help remediate the issues. Nettitude work as an extension of your security team to help you obtain and maintain PCI compliance.
One of the biggest concerns of any automated vulnerability assessment service is false positives. Nettitude is able to provide an automated approach for ASV scanning with an exceedingly high rate of accuracy.
Self Service ASV
If you prefer the flexibility of being able to conduct your own ASV scans you can use our self-service portal powered by the Qualys Cloud Platform to scan, attest and generate your Quarterly ASV report. In addition to conducting scans once per quarter the service allows you to scan the same assets on-demand daily, weekly or on a more ad-hoc basis.
Nettitude’s ASV self-service portal allows for both infrastructure and web application vulnerability assessments to be conducted in unison. The solution has been fully approved for PCI ASV scanning across all geographies.
Once the scan has been conducted the client submits them to Nettitude’s qualified ASV consultants for attestation, and the process of raising any false positive disputes is done seamlessly all through the portal.
Why Nettitude For ASV Scanning?
There are many benefits to conducting ASV scans with Nettitude. We have the best qualified ASV proffesionals on hand to run with your project, using the best tools for the job. Nettitude also provides real world remediation advice and guidance should a failed scan occur.
• Nettitude’s qualified ASV professionals manage and schedule all quarterly scans.
• Nettitude uses an array of tools & manual testing to meet the PCI SSC ASV program baseline requirements that go beyond services offered by purely automated tools.
• Nettitude manually validates all vulnerabilities, working with the client to establish any false positives before the report is generated.
• In cases of failing scans Nettitude provides real world remediation advice and guidance to help customers achieve compliance.
- ASV Professionals
- PCI SSV Approved Scanning Vendor
- ISO 270001
What is PCI ASV?
PCI ASV refers to requirement 11.2.2 of the PCI DSS Requirements and Security Assessment Procedures that requires quarterly external vulnerability scans, which must be performed (or attested to) by an Approved Scanning Vendor (ASV).
Frequently Asked Questions about Data Privacy Security
What is an incident response policy?
An Incident response plan or policy is a process you create before you experience a cyberattack. This is so that your team has a procedure to follow when you do experience a data breach. Nettitude follows the CREST Cybersecurity Incident Response process which is broken down into 3 phases: preparation, response, and follow up. Having a breach plan gives you the confidence to quickly nullify any threat to your data privacy security.
Why is data privacy security important?
Although it has always been important, the implications and need for higher security are coming into play now that technology is indispensable to everyday life. Using apps, browsing websites, and shopping online are all examples of how your data will be stored and managed online. For organisations today, the threat of cyber theft is a pertinent one. Having comprehensive data privacy plans in place can reduce and mitigate the risks of such events.
Does Nettitude practice sustainability?
As a company with a global footprint, sustainability is an area of importance to us. We are a registered ‘Investor in People’ organisation. Taking a cue from ISO 14001, we have strong sustainability practices put in place. Our organisation also hires fairly and equally, across gender and race. By working with us, you can rest assured that we implement data privacy security measures with ethics at the core of our mission.
Get in touch via the form below and get a free quote from us for our Red Team Security Testing services.
Get a free quote