The most commonly asked customer questions about the vulnerability scanning process.
See also: Picking Your Vulnerability Scanner: The Questions You should Ask
We scan your external IP address or domain name. The scan identifies what ports are open and responding to public traffic. The scan then tests for weaknesses in your network.
The scans run automatically every 90 days, or whenever a scan is manually initiated by you. Keep in mind, it’s a PCI DSS requirement that you run a new scan if your environment changes in any way.
See also:10 Qualities to Look For When Selecting an Approved Scanning Vendor
If you have an intrusion detection system or intrusion prevention system protecting your network, you may need to add our scanner's IP range to a white-list or exclusion-list for the scan to complete accurately.
The scores are pulled from an industry standard Common Vulnerability Scoring System (CVSS). As per PCI requirements a single score of 4 or greater results in a failed scan.
See also: White Paper: Vulnerability Scanning 101
There are many variables that determine how long a scan takes. Average scan completion time ranges between 3 and 4 hours. However, scans running for longer than 4 hours are not uncommon. If your scan has been running for more than 24 hours, please contact our Support Department at 801.705.5700 or support@securitymetrics.com.
You can start a scan on any IP you have set up on your account. In the Scan Overview tab, look at the target you want to scan, and click the Scan Now button.
Only customers who are enrolled in a PCI compliance service may put the SecurityMetrics PCI DSS Validated logo on their website. Instructions are provided inside passing test results of each vulnerability scan.
If you have any additional questions about vulnerability scanning that weren’t answered in this blog post, feel free to contact our 24/7 support team at: 801.705.5700 or support@securitymetrics.com (UK: +44 33 0808 0832)
.svg)
