Vulnerability scanning is inevitable for data security and is a mandate for PCI DSS 3.2

  • Team Omega
  • April 29, 2016

Appliance-by-itself-in-layers-182x200Breach attacks constantly come in through various methods and through various avenues to a card data or network environment. New vulnerabilities are added to that every day. However protected the environment may be, there are no guarantees that an enterprise will never be attacked.

The Verizon 2016 data breach report notes, “Hackers use what works and what works doesn’t seem to change all that often. Secondly, attackers automate certain weaponized vulnerabilities and spray and pray them across the internet, sometimes yielding incredible success.”

One of the best ways to address this is to have a plan and process in place to address vulnerabilities. Internal vulnerability scanning are an inevitable part of preventing breaches and securing the card data environment.  It can be easily achieved through a solution like Omega’s. The Omega Appliance is a scanning device which works in environments that support EMV and Point-to-Point Encryption. The device carries out essential security functions like internal scanning, network monitoring, and logging without requiring the retailers to make changes to their network infrastructure. This solution fits into a wide-array of retail stores.

Through the Omega Appliance, companies can scan endpoints in the network for weaknesses, and also monitor the network for new connections, alerting management of suspicious activity. Retailers can place the device within each of their stores, eliminating the need for an expensive high speed virtual private network (VPN) connection. The best part is, POS vendors need not worry about installing anything on their systems, and retailers can protect their interests 24X7.

As the Verizon data breach report points out, “Vulnerability scanning is also useful in identifying new devices and new services. Reviewing scan-to-scan changes is another control to identify unknown devices and deviations from standard configurations”. The Omega Appliance does just that.

To add, internal vulnerability scanning is a mandate of PCI DSS Compliance 3.1 that has now become version 3.2. PCI DSS 3.2 control 11.2.1 requires that retailers “perform quarterly internal vulnerability scans and re-scans as needed, until all “high-risk” vulnerabilities (as identified in Requirement 6.1) are resolved. Scans must be performed by qualified personnel.”

Call Omega at 636-557-7777.  We can go over a 30-minute free discovery call to explain why the Omega Appliance is the best solution for your retail environment.  You may also reach us through our contact form or email