Available as a component of the SecureConnect Elite package, internal vulnerability scanning assists in securing internal networks and complying with PCI requirement 11.2, by proactively identifying weaknesses within a company’s internal network environment. The majority of businesses, however, are more familiar with the need for external vulnerability scanning, failing to notice clear indication of the internal aspect.
Requirement 11.2 of the PCI DSS states, “Run internal and external network vulnerability scans at least quarterly and after any significant change in the network.”
Most business owners don’t consider that a devastating security breach could originate from their internal networks. Attackers can be anyone from disgruntled employees, internal thieves or external hackers that are able penetrate networks through an unsecure internal access point. By implementing internal vulnerability scanning as part of a vulnerability management program, companies can significantly reduce their risk of being compromised. If an attacker does manage to penetrate the network perimeter, proper internal security can contain the attack to avoid further penetration.
“Many companies tend to concentrate on the external scans, as they are a requirement for validation; Internal vulnerability assessment is of equal importance in securing an organization’
Like all SecureConnect services, quarterly internal vulnerability scans are fully-managed by SecureConnect security experts. SecureConnect assesses each asset and identifies attack vectors. Once the in-scope environment has been scanned, SecureConnect evaluates those vulnerabilities, reduces false/positives and presents the results in a customized report. Accessed through the mySecureConnect portal, the report identifies vulnerabilities for each in-scope asset and includes steps for remediation. SecureConnect employees are on-hand to provide guidance in remediation.
“The combination of our internal and external scanning services without having to purchase or deploy an additional appliance sets us apart from the competition,”
As an Approved Scanning Vendor, BHI SecureConnect is one of a select group that can provide qualified scans in compliance with the PCI DSS.
“Customers choose SecureConnect because it offers a simplified approach to completing these necessary scans and achieving compliance in an affordable solution,” Huebner said.
To learn more about internal vulnerability scanning and SecureConnect, visit www.SecureConnect.com
# # #
BHI provides innovative, tailored Internet technology solutions while ensuring customers' total peace-of-mind. Offering a wide range of services, BHI makes it easy & affordable to bring enterprise-level security & PCI compliance solutions to your stores.