Technology Overview

To date ScanAlert has conducted more than 20 million scans for our customers. Over 70,000 web sites rely on ScanAlert's daily vulnerability assessments for protection from hackers and third-party certification of their security. Our advanced vulnerability discovery and management technology provides a highly effective security solution with an ROI proven in more than 200 published studies.

Vulnerability Knowledge Base

ScanAlert's up-to-date vulnerability knowledge base powers our comprehensive network security audits and vulnerability management technology. We update the knowledge base every 15 minutes with tests for newly discovered vulnerabilities and validated fixes from hundreds of sources worldwide. These continuous updates, combined with between-scan proactive alerts, ensure ScanAlert customers are always alerted of the latest vulnerabilities affecting their network.

Vulnerability Management Portal and Alert System

ScanAlert's vulnerability management portal provides highly secure access to detailed vulnerability audits and remediation information on n-tiered load-balanced application servers. Our web-based vulnerability management portal provides easy access to vulnerability management information from any location. Extensive tools enable you to launch scans, examine vulnerability details, create network device groups, track trends, access patch information, configure alerts, assign user rolls and user device responsibility groups, and generate customized reports.

Scan Appliances

Our network of distributed proprietary scanning servers, located in multiple data centers in North America and Asia, allows us to reliably perform daily security audits for thousands of clients located in more than 40 countries around the world. Each scan appliance is controlled by our central knowledge base and vulnerability management system, allowing the most suitable appliance to be automatically assigned to each device under test.

Data Security

ScanAlert is the only security scan vendor to be third-party certified to the CISP/AIS Level 1 security standard by Visa International.

Our entire portal infrastructure, and all customer data, is maintained within redundant, highly secure Tier One data centers with SAS-70 security certification, 24/7 on-site guards and biometric access control. The portal resides behind high-availability firewalls and intrusion monitoring systems. In addition, each server runs a localized firewall and IDS/IPS on top of a uniquely customized, hardened Linux distribution OS.

Secure access to each user account can be easily configured with options for IP address restriction, private key authentication, and two factor single-use password authentication.

Customer Support

HACKER SAFE certification includes unlimited online, email or telephone customer support from CISSP certified security professionals. Whatever your technical question, or level of expertise, our experienced staff is there to support you. With the unprecedented experience of scanning thousands of network devices every day, we can quickly provide accurate and authoritative assistance.Hacker Safe PCI ComplianceScan Alert's penetration testing provides the most comprehensive and thorough security analysis of Internet-facing systems currently available.

Our penetration testing service is expert-level "hands-on" hacking. It is meant to identify and exploit all possible vulnerabilities in your network. Every detail of information is gleaned from the network under attack. This type of hand testing is a much more thorough investigation than is possible with automated vulnerability audits. Only careful manual probing by an expert can reveal subtle programming flaws, logic errors, and other issues that are hidden to automated scanning.

Conducted by CISSP certified staff with government security level clearance

Automated and manual discovery and exploitation of vulnerabilities
Validate compromised system with "tag" or copy of retrieved data
Comprehensive report covering vulnerability assessment, penetration procedure details and remediation assistance
Certification of compliance with the Payment Card Industry (PCI) Data Security Standard requirements of VISA CISP and AIS, MasterCard SDP, American Express and DiscoverCard.
Full Service - Everything you need to be certified to the PCI standard:
Daily security scans of up to 6 domain names or IP addresses
Scanning of additional domains or IP addresses is additional
Full vulnerability remediation support from CISSP certified security specialists
Telephone technical support
Assistance completing your self-assessment questionnaire
Assistance preparing required PCI compliant security policy
Using our interactive self-assessment form and full technical support, many clients successfully complete the program within a few hours of enrollment.

Scan Alert's Certified PCI Compliance Program is 100% GuaranteedAbout ScanAlert and Hacker Safe To date ScanAlert has conducted more than 20 million scans for our customers. Over 65,000 web sites, including Marines.com, rely on Scan Alert’s daily vulnerability assessments for protection from hackers and third-party certification of their security. Our advanced vulnerability discovery and management technology is an easy-to-use and highly effective security solution with an ROI proven in more than 200 published studies.

Vulnerability Knowledge Base

Scan Alert's up-to-date vulnerability knowledge base powers our comprehensive network security audits and vulnerability management technology. We update the knowledge base every 15 minutes with tests for newly discovered vulnerabilities and validated fixes from hundreds of sources worldwide. These continuous updates, combined with between-scan proactive alerts, ensure ScanAlert customers are always alerted of the latest vulnerabilities affecting their network.

Vulnerability Management Portal and Alert System

Scan Alert's vulnerability management portal provides highly secure access to detailed vulnerability audits and remediation information on n-tiered load-balanced application servers. Our web-based vulnerability management portal provides easy access to vulnerability management information from any location. Extensive tools enable you to launch scans, examine vulnerability details, create network device groups, track trends, access patch information, configure alerts, assign user rolls and user device responsibility groups, and generate customized reports.

Scan Appliances

Our network of distributed proprietary scanning servers, located in multiple data centres in North America and Asia, allows us to reliably perform daily security audits for thousands of clients located in more than 40 countries around the world. Each scan appliance is controlled by our central knowledge base and vulnerability management system, allowing the most suitable appliance to be automatically assigned to each device under test.

Data Security

ScanAlert is the only security scan vendor to be third-party certified to the CISP/AIS Level 1 security standard by Visa International.

Our entire portal infrastructure, and all customer data, is maintained within redundant, highly secure Tier One data centres with SAS-70 security certification, 24/7 on-site guards and biometric access control. The portal resides behind high-availability firewalls and intrusion monitoring systems. In addition, each server runs a localized firewall and IDS/IPS on top of a uniquely customized, hardened Linux distribution OS.

Secure access to each user account can be easily configured with options for IP address restriction, private key authentication, and two factor single-use password authentication.

Customer Support

HACKER SAFE certification includes unlimited online, email or telephone customer support from CISSP certified security professionals. Whatever your technical question, or level of expertise, our experienced staff is there to support you. With the unprecedented experience of scanning thousands of network devices every day, we can quickly provide accurate and authoritative assistance.

SERVICES

HACKER SAFE® Certification

HACKER SAFE sites are tested and certified daily to pass the FBI/SANS security test as well as the Payment Card Industry (PCI) Data Security Standard requirements of Visa CISP and AIS, MasterCard SDP and American Express DSS programs.

Quick Look

* Proven to increase online sales in over 200 ROI studies
* Reduced liability by meeting all federal, state and credit card industry requirements
* Unlimited technical support to help you maintain the highest level of security
* HACKER SAFE certification mark served through Akamai network - the world's fastest
* Displayed on over 65,000 ecommerce web sites worldwide
* Multiple languages - English, Japanese, Chinese, Spanish, Dutch and German
Network Security Audit
Web-based vulnerability auditing and remediation management enables ScanAlert's customers to quickly deploy with no hardware or software to maintain. "Reports of Compliance" for HIPAA, SOX and PCI can quickly be generated

Quick Look

* Easy-to-deploy: no software or hardware to install or maintain
* Accredited third-party audits meet government and industry compliance standards
* Accurate and up-to-date vulnerability knowledge base
* Comprehensive and easy-to-use interactive reporting
* Automates vulnerability discovery and remediation management
* Compliant with SANS/FBI Top 20 and PCI DSS, Visa, MasterCard, AMEX and Discover
* Assessments aimed at achieving industry standards such as ISO 17799, and SAS 70

Network Discovery

Advanced "intelligent" port-scanning technology designed to reduce the difficulty of managing the security of large complex public IP networks. Allows you to quickly and accurately discover, identify and monitor network devices, find rogue devices or identify unauthorized services across any specified IP sub-net range.

Quick Look

* Quick and accurate discovery of hosts, services, and unauthorized devices
* Stealth techniques to overcome IDS, scan blocking, and packet delays, etc.
* Multiple groupings by IP block, device type, physical location or assigned manager
* Configurable alerts based on device or port changes, new vulnerabilities, etc.

Remote User Monitoring

Do you know if your remote workers, using mobile laptops or home PCs, are secure and free from malicious software such as keystroke loggers when they access your network? Do you know where your remote workers are? ScanAlert's Remote User Monitoring is a lightweight client agent that integrates security information from your remote users' computers directly into your vulnerability management portal, allowing you to easily track both their security and their location.

Quick Look

* Easy-to-deploy: small agent that runs on employees' PCs
* Discover infected off-site and mobile computers
* View all processes running on off-site and mobile computers
* Locate unprotected off-site and mobile computers
* Track physical location of off-site and mobile computers

Penetration Testing

ScanAlert's penetration testing provides the most comprehensive and thorough test of Internet-facing systems currently available. Our highly experienced staff hand scrutinize Internet connected systems for any weakness or disclosure of information which could be used by an attacker to compromise the confidentiality, availability or integrity of your network.

Quick Look

* Automated and manual discovery and exploitation of vulnerabilities
* Validate compromised system with "tag" or copy of retrieved data
* Conducted by CISSP certified staff with "Secret" level government clearance
* Comprehensive vulnerability assessment and penetration report

How Our Scanning Works

An overview of ScanAlert's Vulnerability Auditing Process

HACKER SAFE certification is achieved by passing rigorous daily network security audits. The certification process is completed in six steps. The first three steps are the vulnerability audit itself; comprised of Dynamic Port Scanning, Port-level Network Services Vulnerability Testing, and Web Application Vulnerability Testing. The fourth and fifth steps are alerts whenever vulnerabilities are detected and remediation management using our extensive vulnerability management portal. The result is highly effective, pro-active security.

The Vulnerability Audit Process:
(All scanning activity is safe and non-disruptive to your network operations.)

Step 1 - port discovery scan

The first phase is a thorough, interactive port scan of the target. Accurately determining which ports on an IP address are open is the crucial first step to a comprehensive security audit. ScanAlert's proprietary firewall and IDS/IPS aware network discovery technology is designed to accurately map out any size or complexity of network topology. This is often not a simple process. Unlike most scanning solutions based on Nmap, our advanced dynamic port scanning can handle all targets, from desktop PCs to the most aggressive firewalls, IDS and IPS systems.

Step 2 - network services vulnerability scan

During this second phase of the audit process, we thoroughly interrogate each service running on every available port to determine exactly what software is running and how it is configured. Once this information is acquired it is matched to our Knowledge Base of vulnerabilities in order to launch additional application specific and generic tests of each available service. These tests are based on our extensive knowledge base of over 10,000 vulnerabilities, which is updated every 15 minutes.

Step 3 - web application scan

Web application testing is the third phase of ScanAlert's daily security audit, and perhaps the most important. According to analyst firm Gartner Group, an estimated 70% of all security breaches today are due to vulnerabilities within the web application layer. Traditional security mechanisms such as firewalls and IDS' provide little or no protection against attacks on your web applications. During this testing phase, all HTTP services and virtual domains are checked for the existence of potentially dangerous modules, configurations settings, CGIs and other scripts, and default installed files. The web site is then "deep crawled," including flash embedded links and password protected pages, to find forms and other potentially dangerous "interactive elements." These are then exercised in specific ways to disclose any application-level vulnerabilities such as code revelation, cross-site scripting and SQL injection. Both generic and software specific tests are performed in order to uncover misconfigurations and coding error vulnerabilities.

This three phase approach to vulnerability auditing enables us to perform more accurate audits with less load on your servers. It also enables us to run any single test or test phase on a target to detect changes, test specific ports or vulnerabilities, or run web application only tests on multiple web sites residing on a single server.

Step 4 - alerting:

After each scheduled daily or manual audit you receive alerts whenever a vulnerability has been discovered. Alerts are configurable by user, device group, and severity level. They can be sent to any number of email enabled devices such as cell phones, and pagers, etc. Between each daily audit, you also receive immediate, preemptive alerts when any new vulnerability added to our knowledge base targets a specific device in your account. This significantly reduces exposure time between daily audits. Additional manual audits can be launched any time. Manual audits can be configured to only retest current vulnerabilities for patch conformation, or to conduct aggressive DOS and "full exploit" type tests.

Step 5 - analysis and remediation:

Interactive tools and wizards enable you to easily manage vulnerability information. Vulnerabilities may be listed to allow ranking by combinations of device groups, severity or effort-to-patch. Configurable device grouping allows expedited remediation planning, delegation and patch management. Complete and detailed easy-to-follow patch instructions are provided within the vulnerability management portal. Links to more information, such as CVE, CERT, BugTraq and vendor resources are also provided. HACKER SAFE certification service also includes unlimited email or telephone technical support from CISSP certified security professionals. Whatever your question, or level of expertise, our experienced staff is there to support you throughout the remediation process.

Step 6 - HACKER SAFE certification

ScanAlert's patent pending security auditing technology allows the HACKER SAFE mark to appear only when a web site's current security status meets the highest published government standards. A maximum of 72 hours is allowed to patch vulnerabilities before the certification mark is replaced by a single-dot "clear" gif image. The certification mark will reappear as soon as a new audit is passed. HACKER SAFE certification is fully accredited to meet the scanning requirements for the Payment Card Industry (PCI) standard, as well as the SANS/FBI Top 20 Internet Security Vulnerabilities test.

Vulnerability Management

ScanAlert's Vulnerability Management Portal provides a comprehensive and easy-to-use suite of network security management tools.

Our secure web-based vulnerability management system provides extensive vulnerability data along with complete patch information, enabling rapid prioritization and remediation. Configuration of both device (port level) and domain (protocol level) scanning is available. On-demand security audits can be initiated at any time. Multiple user accounts can be created with appropriate roles and privilege levels providing information access and alert levels tailored to your organization. From protecting a single web site to auditing a complex network, ScanAlert provides the appropriate tools for each task.

Interactive vulnerability management

ScanAlert doesn't just provide you with a 10 page list of the vulnerabilities we find - we give you an interactive vulnerability management tool. You may view vulnerabilities by type, severity, patch difficulty, device or device group. Sort and view detailed remediation steps and track delegated remediation progress. Create custom alert levels for each user or group role. Compare recent audits with data going back up to three years. Configure and generate HTML or PDF format technical, management or compliance reports.

Devices and device groups

Our vulnerability management portal enables you to effectively manage vulnerability data for large networks by assigning any network device, device group, or IP address to one or more specific groups and then assign these groups to individual or grouped users. Using ScanAlert's device and vulnerability classification capabilities, individual devices, or entire IP blocks can be easily sorted and grouped by vulnerability, device type, business function, geographic location, or other criteria- and then assigned to a user or user-profile group. You can then use the power of this flexible system to drive audit schedules, alerting, remediation activities and compliance reporting throughout your organization.

Configurable scheduled or manual scans

Scanning time may be scheduled by individual device, device group, or separate schedules defined for web application and port-level scans one each device. Manual scans may be run at any time, while special "denial of service" and "full exploit" scans may only be run in the manual mode. Manual scans of only current vulnerabilities are available to help speed remediation efforts and patch verification.

Multiple-user roles

We provide a hierarchical multi-user environment with role-based access, alerting and reporting. These powerful user management capabilities enable delegation of vulnerability assessment and remediation tasks to multiple users with pre-assigned device-level audit access, while maintaining centralized control and reporting for the Security Manager. This functionality simplifies delegation and management of network security maintenance, facilitates enterprise-wide compliance reporting, and provides all levels of staff and management with appropriate and up-to-date security information.

Customized downloadable reports

Extensive PDF and HTML reporting capabilities include easily customizable report templates with the flexibility to create executive-level summary reports with trend analysis, detailed technical reports with specific patch information and Reports On Compliance to meet various federal and industry requirements such as GLBA, SOX, HIPAA, Visa CISP/AIS and MasterCard SDPHACKER SAFE certification markThe world's leading security certification mark

The HACKER SAFE® certification mark is displayed on over 65,000 web sites worldwide. HACKER SAFE certified sites include some of the largest brands in retail ecommerce; as well as banks, universities, Fortune 500 corporations, state, county and city governments, and non-profit institutions.

Dynamic "real-time" security certification

ScanAlert's security auditing technology allows the HACKER SAFE mark to appear only when a web site's current security status meets the highest published government standards.

Displaying the HACKER SAFE image

To ensure 100% uptime, instant scalability, and quick image loads the HACKER SAFE certification mark image is served through the Akamai global network. Akamai is the world's largest content distribution network with over 16,000 servers in 105 countries. ScanAlert guarantees extremely fast image load times and provides a global 100 percent up-time Service Level Agreement (SLA) for serving the certification mark image.

Testing your conversion rate increase

Placing the HACKER SAFE certification mark on your web site has been proven to increase visitor-to-sales conversion rates. Our technology allows customers without in-house data mining tools to scientifically measure the effects HACKER SAFE certification has on their business by conducting a sales analysis. ScanAlert's sales analysis technology uses an A/B test methodology in which half of the site's visitors see a HACKER SAFE certification mark while the other half (the control group) do not. Our sales analysis service includes installation support and real-time graphical reporting.

 

ScanAlert International Pty Ltd.  PO Box 109 Pennant Hills NSW 1715  Australia. info@scanalert.com.au

Website powered by Beach Hut Media