Vulnerability scanning checks your firewalls, networks and open ports for security flaws and vulnerabilities. It is a web application that can detect outdated versions of software, web applications that aren’t securely coded, or misconfigured networks. Vulnerability scanning can help you pinpoint any security weaknesses in your system and give you the information you need to remediate.
You are required to run vulnerability scans and produce a report quarterly for PCI certification. Monthly vulnerability scanning is highly recommended for any Internet-connected application.
How does it work?
Online Tech scans individual client accounts from an external web-based application. Clients can schedule up to 12 vulnerability scan tests per year. Clients can also set up the scans themselves. The scan typically takes 24 hours. The client will receive an email of the scan report which they can use to identify and remediate issues as well as provide to their auditors to fulfill the PCI requirement 11.2 of quarterly scanning.
Why use it?
As a best practice for achieving security, we recommend monthly vulnerability scans to regularly identify any new vulnerabilities that may have inadvertently been opened in your system. Our vulnerability software continues to improve with additional tests as new vulnerabilities are discovered across the Internet.
Companies that need to meet PCI compliance must meet PCI requirement 11.2 that requires scanning of their environments:
Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades). - PCI DSS Requirements and Security Assessment Procedures, Version 2.0
While not explicitly stated to meet HIPAA compliance, “automated vulnerability scanning tools” can be used to proactively test system security, as stated in the Risk Management Guide for Information Technology Systems and recommended by the National Institute of Standards and Technology (NIST).
The HIPAA administrative safeguards of the HIPAA Security Rule require the evaluation of implemented security plans and procedures - see below (164.308(a)(8)). Although there are no implementation specifications outlined, vulnerability scanning is a great tool to test your environment on a regular basis.
Perform a periodic technical and nontechnical evaluation, based initially upon the standards implemented under this rule and subsequently, in response to environmental or operations changes affecting the security of electronic protected health information, that establishes the extent to which an entity’s security policies and procedures meet the requirements of this subpart [the Security Rule]. - HIPAA Security Standards: Administrative Safeguards
What are the benefits?
- Fulfill PCI requirement 11.2 that requires quarterly scans
- Satisfies HIPAA Security Rule Administrative Safeguard standard
- Provides an additional layer of protection with insight into any vulnerabilities in your security environment
Download our Vulnerability Scanning datasheet today.