Penetration Testing & Security Audit Compliance
The ultimate test of server security is a penetration test (or pentest). No other procedure better simulates the real world scenario of being targeted by hackers, and no other preventative measure protects you more effectively against real-world threats. Server Scan will provide a professional and thorough penetration test for your organization complete with a report that you can use to demonstrate your compliance with Requirement 11.4 of the Payment Card Industry Data Security Standard.
Experienced Professionals
We are staffed with certified and experienced penetration testers. Our seasoned penetration testing team will investigate your systems with the most comprehensive array of security tests available. Enlist our trusted professionals to methodically review your systems for potential vulnerabilities, and provide recommendations to resolve weaknesses identified.
Pricing Guidelines
Because every environment is different, the price of penetration testing can vary widely based on scope and complexity. We offer free scoping calls to help you determine the appropriate penetration testing for your environment. Regardless of scope, ServerScan always provides competitive pricing and the best overall value for our professional penetration testing services.
Scheduling Guidelines
ServerScan offers some of the shortest lead times in the industry. We are committed to getting your penetration test completed as soon as possible. Once scheduled, tests usually run for two to four weeks, depending on a number of factors, including whether internal penetration testing is required.
Isn’t my quarterly ASV scan enough?
No. ASV scans (external vulnerability scans performed by an Approved Scanning Vendor, or ASV) are not the same as penetration tests.One does not replace the need for the other and both are required for PCI DSS compliance. ASV scans are automated and provide a cost-effective way to quickly detect vulnerabilities.
Penetration testing involves comprehensive assessments constructed by trained professionals using comprehensive methods that automated scans are simply unable to replicate. Penetration testing better protects you against real-world threats because it safely mimics how an attacker would likely attempt to compromise your systems based on your current configurations.
In the penetration test reports we provide you will also receive remediation recommendations for any vulnerabilities discovered to help you better protect your systems.
PCI DSS 4
Some important changes were made to the PCI Data Security Standard from version 3 to version 4. As before, annual internal and external pentests are still required in order to better help protect your environment.
A new Requirement (11.4.7) has been introduced in PCI DSS Version 4 that applies only to Multi-tenant Service Providers (Hosting providers). It requires that they “support their customers for external penetration testing”. When selecting a hosting provider, we strongly recommend that you select a hosting company that is already PCI DSS compliant and can provide you with a Service Provider AOC detailing the services that they will be providing for you. The better hosting providers also provide a responsibility matrix to define the PCI DSS requirements that they help you to maintain. This will simplify your own assessment and it will ensure that your hosting company will support any penetration testing on your environment that they may not have already performed.
Should your penetration test discover any exploitable vulnerabilities that need to be resolved for compliance, we also offer remediation testing to validate any implemented fixes.
Low-Impact Testing
We understand the critical nature of production systems. Our penetration testers will work with you to perform testing with timing and methodology that works for you. When ServerScan performs penetration tests on your systems, you can rest at ease. If you need testing to be performed during low traffic hours, we will work with you to find the best possible time frames.
Consulting
Not sure what you need?
We offer consulting with one of our seasoned security professionals for a variety of topics including penetration test scoping and PCI DSS compliance consulting. Contact us for more information.
Best Value
As with all services offered by ServerScan, we are passionate about providing you the absolute best value for your money. Included with all ServerScan Penetration Testing services you get one year of ServerScan PCI Scanning Services for up to five IP addresses. Secure your systems and meet your PCI compliance requirements with one simple solution.
You might still have questions. We understand if you have never thought about penetration testing, much less scheduled one. Please email us or give us a call so we can clarify any questions you may have, and help you on your way to PCI compliance.
Contact our support to get a penetration test quote customized to your environment today!