What Is an ASV Vulnerability Scan?

ASV (Approved Scanning Vendors) scan is an external vulnerability scan carried out to verify whether the organizations are compliant with the requirements of PCI DSS Requirement 11.2.2. The PCI SSC adds a vendor to the list of Approved Scanning Vendors after testing the set of security services and tools called the ASV scan solution of the vendor.

Perhaps the most vilified of all the Payment Card Industry Data Security Standard (PCI DSS) requirements is number 11 — that all organizations accepting payment must perform quarterly internal and external scans by an approved scan vendor. These scans, together, are also known as ASV vulnerability scans. But that’s not all, either. If your organization accepts payment cards, regardless of what level you’re at, you MUST:

• perform these scans,
• use an approved PCI scanning vendor,
• remediate all issues the scans find, and
• you have to submit reports to your acquiring bank.

None of that sounds like fun.

Fortunately, it’s not as onerous as it sounds. Especially if you’re using the right scanner.

But before we get to that, let’s talk about what an ASV vulnerability scan is and point you to a PCI service provider that’s an approved scanning vendor.

What Constitutes an ASV Vulnerability Scan?

A vulnerability scan is about what it sounds like, using a scanning tool your network is scanned for vulnerabilities. (Note that a vulnerability scan is different from a penetration test.

But how? These scanners are built on the back of antivirus software. Frankly, that’s what most antivirus programs already do — they scan networks. Over time, these antivirus suites get built out with thousands of known malware samples as well as the tests to identify them on a network.

The best scanning product available is Comodo’s HackerGuardian PCI Scanner. That’s for a number of reasons. Its vulnerability scan is incredibly comprehensive. It can take a little bit of time depending on your environment, but, suffice to say, if a malware sample has been discovered, it’s a part of Comodo’s battery of tests. That battery of tests is constantly being updated to keep organizations ahead of the latest threats.

When a scanner finds a vulnerability, it’s supposed to notify you. Comodo HackerGuardian goes a step beyond by also providing actionable remediation advice, which makes cleaning up any issues the scans turned up a cinch. Best of all, Sectigo HackerGuardian PCI Scanner produces ready-to-submit reports for your ASV vulnerability scan, which takes the tedium right out of documenting everything. Just take the report, put it in an email and send it to your acquiring bank. It’s that simple.

Sectigo HackerGuardian PCI Scanner performs both internal and external ASV scans, which satisfied PCI DSS requirement 11 completely.

The Cheapest PCI ASV Vulnerability Scanner Is Also the Best

We’ve already covered the depth of Comodo CA’s experience and its expert vulnerability remediation advice. Now, let’s talk about the other reason it’s the best scanning option: price.

Some of the PCI ASV scanners on the market can run into the thousands of dollars — and they don’t do nearly as much as HackerGuardian! They don’t provide actionable intel. They don’t handle reporting. They just scan.

Not HackerGuardian. It handles all parts of the ASV scanning process. And it costs considerably less. And here’s the best part: At ComodoSSLstore.com, we sell it the cheapest of anyone. Even cheaper than Comodo CA. We sell Comodo HackerGuardian PCI Scanner for about a third of its MSRP, starting at just $72.42.