Network IP Scan

Source: PCI Security Standards Council

Features:

• 24-hour access to our on-demand testing portal
• Comprehensive scanning of all IP ports
• Unlimited Testing model for all contracted IP addresses
• Detailed technical reports with remediation advice
• Quarterly Compliance Certificate
• Range Probe Function determines which IP’s are open and active
• Delta Report highlights differences over time between IP tests
• Online help and FAQ
• Technical support
• Available consulting: remediation, penetration tests, and forensics services

ComplySheild™ 24-hour access on-demand testing portal As a subscriber to the ComplySheild™ testing portal you have 24-hour access to run PCI vulnerability scans on-demand or use the scheduler to run tests every 90 days, every month, or any future dates you wish. Your test reports are always available online to view via HTML or download as a PDF document. All functions are one to two mouse clicks away, and there is a full PCI knowledgebase available to answer all your questions.

Comprehensive scanning of all IP ports The depth of testing performed is very important. Each IP address has over 64,000 available ports. To save money on bandwidth costs, most testing vendors test only a very small number of them. They select what they feel are the popular groups and only fire the tests against this limited amount. ComplyGuard Networks tests all 64,000+ ports of every single IP address. We fire in excess of 23 million separate tests against each IP in our PCI DSS vulnerability test. It is the reason why many of our PCI assessor partners and large customers prefer to use ComplyGuard. We generally find things that even expensive outsourced penetration tests do not. It is our testing philosophy to be as thorough and accurate as possible. Developing compliance solutions is our only business.

Unlimited Testing model for all contracted IP addresses With ComplySheild you can test each IP address as many times per year as you need to maintain your compliance. Each and every time there are any changes to your network infrastructure or new software updates and patches are added, PCI DSS requires you to re-test your network. This is the only way to maintain security integrity and be sure that any changes made did not open your system up to new vulnerabilities. In the event of a data breach, documented proof that you have completed this will be required for a forensic review or the discovery process in a lawsuit.

Detailed technical reports with remediation advice Once your test has completed, the full details are available immediately via the online HTML view, or downloaded the report as a PDF documents for printing, storing, or forwarding. You receive an executive summary, vulnerability summary, technical detail report with descriptions, and advice on fixing any discovered problems. You can sort the vulnerabilities by severity so you can focus on the most critical items first. There are additional links to the CVE database and other resources to provide further insight to any reported issues.

Quarterly Compliance Certificates Instantly download your quarterly compliance certificate as a PDF document for all IP addresses that pass the vulnerability scan and forward to your acquiring bank.

Range Probe™ Function determines which IP’s are open and active PCI DSS requires us to check your entire IP address range to determine which IP’s are open and active. Any discovered open ports must be closed if not needed, or tested for security vulnerabilities. We will identify them in the report and you have the option to test all discovered (open) IP addresses with a single mouse click to launch the vulnerability scan. Range Probe does not perform a full IP scan and may be run at any time with no effect on production systems. Subscribers may test any number of IP addresses with this feature. It does not matter how many IP’s you are contracted for your regular full PCI scans.

Delta Report™ highlights differences over time between IP tests Included in our service is the Delta Report™ which provides change management documentation. . This report will allow you to see the differences in tests over time. It is an added value in our tool set as it provides the complete history of change of a particular IP. It will provide information regarding which vulnerabilities previously required remediation, which ones remain unchanged, and alert you to any new vulnerabilities. The Delta Report is the foundation of documentation needed for statutory compliance as well as being a “Best Practice” in managing any network.

Online help and FAQ Your questions on PCI or using our system are handled by our extensive knowledgebase that covers all aspects of PCI DSS. This information was compiled and authored by the top authorities in the field that helped to create the PCI standard. The information will give you both the specification details and real world application advice. You may access PCI documents, user manuals, news, white papers, and other valuable information. Support questions can be submitted and answered via secure email.

Technical support If there is an issue requiring personal attention you will receive full technical support from our support specialists. Available consulting: remediation, penetration tests, and forensics services ComplyGuard Networks can provide any PCI or network security related services you may require.