Approved Scanning Vendor
What atsec offers
The various card brands mandate quarterly network scanning for vulnerabilities be performed by merchants and service providers for their networks involved with card holder data. This must be performed by an Approved Scanning Vendor (ASV) properly qualified by the Payment Card Industry Security Standards Council (PCI SCC).
atsec (Beijing) Information Technology Co., Ltd (“atsec China” for short) is a PCI SSC qualified ASV and can assist you in obtaining the necessary reports showing compliance with the standards. Currently the PCI ASV service provided by atsec China is available globally. We are different from most ASV service providers in that we provide a quarterly scanning service in a personalized and value added manner.
We recognize that it is not just a matter of compliance to the PCI DSS standards that drives you to seek our service, but that as a security conscious organization you would like atsec to share our knowledge, skills and expertise as consultants to give you greater assurance that your network is secure.
Our ASV service is scheduled and managed as a real project, this means that you will have an atsec consultant assigned who will guide you through the process and perform the scanning for you. Contrast this with many other ASV’s who offer a cheap “self-service” portal and leaves you to figure out the network vulnerabilities yourself.
Our quarterly scanning service includes a validation of your network and domain configuration before initiating the scans, helping to ensure that your scans meet the requirements of the standard. The resulting scan reports are manually reviewed by our consultants and discussed with you. Potential vulnerabilities found during the scans will be manually verified, in order to weed out false positives that the automated tools were not able to disprove.
You will receive both a summary and a detailed report meeting the requirements of the PCI Security Standards Council for quarterly ASV scans.
If needed, a more in depth assessment of the risks related to any identified vulnerabilities, with a value added report, can be provided. This report will include strategic recommendations for corrective actions that are tailored towards your network environment.
Why our services are important to you
Scanning systems that are exposed to the Internet for known vulnerabilities is a basic security precaution every organization needs to take on a regular basis. Vulnerabilities in networked operating systems and applications are discovered on a daily basis, and scanning for known vulnerabilities allows you to ensure that your systems are protected against related attacks.
The value that atsec adds to automated vulnerability scans saves you the trouble of having to dig through a list of potential vulnerabilities in order to determine whether they really exist or not, and provides guidance on how to address any actual vulnerabilities that were found.
atsec China is accredited with the PCI Security Standards Council as a Qualified Security Assessor and an ASV scanning provider. The ASV reports that are part of the deliverables will allow you to meet the requirement for quarterly security scanning imposed by major payment-card brands.
For more information
For more information about this service, please contact us at info_cn@atsec.com.