Vulnerability Scanning

A Vital Part of Continuous Monitoring

Vulnerability Scanning

DataBank leverages best-in-class solution, Nessus, by industry leader, Tenable, for our internal vulnerability scans. Although these scans are required for FedRAMP customers under the Risk Assessment control set (specifically RA-5), vulnerability scanning can help meet changing PCI-DSS, HIPAA and other regulatory requirements.

FedRAMP requires service providers to perform authenticated/credentialed scans of their information systems monthly as a part of continuous monitoring. DataBank will perform scans up to the Operating System (OS) and in general, our clients are responsible for their databases and web applications. Options for database and web application scans are also available.

Although a vulnerability scan is required for FedRAMP compliance, non-FedRAMP customers have the option of adding vulnerability scanning to their environment. While there are many benefits to comprehensive scanning of your environment, a few notable benefits are:

  • PCI DSS v3.2 Requirement 11.2 states that internal and external network vulnerability scans must be run at least quarterly and after any significant change in the network. Vulnerabilities must be addressed and rescans performed. The monthly Nessus scan reports may be combined to meet the quarterly scan requirement and verification of vulnerabilities addressed.
  • Auditors appreciate the scanning reports as they help to answer typical questions regarding compliance.
  • DataBank scans show a consistent in-depth review of the customer environment and any vulnerabilities discovered. Providing these scans during an audit can demonstrate a continuous monitoring effort of discovery and correction of vulnerabilities.
  • DataBank scans provide you with a monthly in-depth analysis of the server operating system environment, including any vulnerabilities before they become an issue.
  • DataBank’s Security Team analyzes the monthly operating system scan, provides a report to the customer, and corrects any vulnerabilities up to the operating system layer. Any vulnerabilities discovered beyond the operating system are the responsibility of the customer, although DataBanks experts can assist you with a number of corrective actions upon request.
  • DataBank scanning helps organizations maintain a security sensitive posture.
  • Not only do vulnerability scans help customers meet the compliance requirements for FedRAMP, PCI-DSS and HIPAA, for the security-conscious customer it provides an in-depth review of their environment that is not otherwise attainable.

Features

We Make It Easy

Compliance Enablement

DataBank takes on as much as 80% of compliance control management compared to 20% from some other service providers. We provide the tools and technologies required for compliance with economies of scale. We have expert staff to install it, calibrate it, configure it, monitor it, and operate it over the course of our engagement. This level of support drives operational excellence and governance while keeping your costs stable and predictable.

Audit Ready

More Visibility. Less Risk.

The DataBank Customer Portal provides a central repository of audit-ready documentation and provides a single source of truth for all of your compliance needs. Get everyone, and everything, connected in one simple to use management portal. Our sophisticated portal gives you and your team real time analytics into performance, security, compliance, tickets, devices and more. Communication and clarity truly enhance your compliance solution.

DataBank-Corporate-Overview

Way more than Power, Ping, and Pipe

Download our Corporate Overview

See how we partner with you to design technology solutions that provide a secure, fault-tolerant environment, ensuring 100% uptime of your data, applications, and computing infrastructure.

Download Now
[form image]

Discover the Difference

Local Service. National Reach.

At DataBank, we find that doing things the right way the first time is the best way to achieve success. This starts with our consultative process. No hard sell, no over promising, just exceptional service and uncompromising performance.