SecureConnect Solution Aids in Compliance of PCI Requirement 11.2
With the recent introduction of new packages, BHI SecureConnect has introduced internal vulnerability scanning to provide customers with an additional layer of protection.
Available as a component of the SecureConnect Elite package, internal vulnerability scanning assists in securing internal networks and complying with PCI requirement 11.2, by proactively identifying weaknesses within a company's internal network environment.
Requirement 11.2 of the PCI DSS states, "Run internal and external network vulnerability scans at least quarterly and after any significant change in the network."
Most business owners don't consider that a devastating security breach could originate from their internal networks. Attackers can be anyone from disgruntled employees, internal thieves or external hackers that are able penetrate networks through an unsecure internal access point. By implementing internal vulnerability scanning as part of a vulnerability management program, companies can significantly reduce their risk of being compromised. If an attacker does manage to penetrate the network perimeter, proper internal security can contain the attack to avoid further penetration.
Like all SecureConnect services, quarterly internal vulnerability scans are fully-managed by SecureConnect security experts. SecureConnect assesses each asset and identifies attack vectors. Once the in-scope environment has been scanned, SecureConnect evaluates those vulnerabilities, reduces false/positives and presents the results in a customized report. Accessed through the mySecureConnect portal, the report identifies vulnerabilities for each in-scope asset and includes steps for remediation. SecureConnect employees are on-hand to provide guidance in remediation.