This is the first product of its kind to combine the automatic collection of network and computer data, with custom-generated worksheets that tell you what additional information to collect on site. Data from the various scans and worksheets are automatically analyzed and seamlessly integrated into a set of PCI Compliance reports that you can brand as your own.
The Initial Data Collection Process
A challenging aspect of ensuring your clients’ PCI compliance is gathering and organizing the vast amount of necessary data. Network Detective makes this easy by giving you a central repository to safely and securely collect the information.
The Pre-Scan Questionnaire
This initial questionnaire should be completed before starting any scans. It is used to gather preliminary information regarding the target site.
Network & Local Quick PCI Scans
Run the non-intrusive Network Detective Local Quick PCI scanner on the network, as well as any PCs your customers are using in association with credit card data activity. It typically takes less than one minute to perform the quick scan on an individual machine.
External Vulnerability Scan
An external vulnerability scan can be initiated remotely, either before or after the other automated scans. This scan is included with your subscription, so you’re free to run an unlimited number at no extra charge. Many MSPs run these routinely before ordering a certified scan from an ASV to make sure they will pass.
ASV External Vulnerability Scan
Clients who accept credit cards must have an external vulnerability scan performed on a quarterly basis by an Approved Scanning Vendor (ASV). MSPs cannot perform the scan themselves. We’ve partnered with ASV to make these affordable certified scans available to order easily from inside the Network Detective application. There is a small quarterly charge for each scan, which you can bill to your client or include as part of your on-going PCI compliance services.
Internal Vulnerabilities Scan
Expand the scope of your review by including an internal vulnerabilities scan in your assessment by attaching a Network Detective Inspector appliance to the Cardholder Data Environment (CDE). Whether you do a limited “PCI check-up” or go all-out with a full PCI Data Security Standards assessment, the data collected from the scans is automatically correlated and seamlessly integrated into your reports. No need to copy and paste the results from different tools into a single document. It’s all done for you.
The Cardholder Data Environment ID and Deep Scan
Once you’ve gathered the initial data and uploaded it into the Network Detective application, the tool will generate customized worksheets based on the preliminary data collected that will allow you to identify components of the Cardholder Data Environment. A PCI Deep Scan, which includes a “deep-dive” Primary Account Number (PAN) scan, should be run on all computers identified as belonging to the Cardholder Data Environment (CDE). You can also run the PCI Deep Scan on a sampling of computers outside the CDE to see if credit card data is being stored outside the CDE.
The Secondary Data Collection Process
After completing the deep scan and uploading it into the Network Detective application, the tool will generate six customized worksheets based on the data collected:
External Port Security Worksheet
User Identification Worksheet
Antivirus Capability Identification Worksheet
Server Function Identification Worksheet
Necessary Function Identification Worksheet
PCI Verification Questionnaire
Cardholder Data Environment Identification Worksheet
Documenting Exceptions and Compensating Controls
The next step is to have the tool generate a Compensating Controls Worksheet, which will list issues that have been identified. You will note any exceptions and add further explanations as well as detail any Compensating Controls that your client has put in place to comply with PCI.
Obtaining Your Attestation of Scan Compliance
The optional final step is to run an ASV Scan from inside Network Detective on your client’s host or IP Address. There is a small charge for each scan. If the ASV scan does not find any material vulnerabilities that you missed, you can download your ASV Attestation of Compliance with a passing grade. If the scan fails, you can use the report to identify the additional issues discovered. After you remediate the issues, order a re-scan at no additional cost for up to 90 days to get your attestation.
Producing Your Branded Documents
Ready to generate your compliance documents? Access Network Detective’s advanced branding settings to format the reports to your liking. Upload your organization’s logo, client information, custom colors, report cover images and layouts. Then, simply go to the PCI Compliance tab in the Network Detective application and select the reports you want to generate.
LET US SHOW YOU HOW IT WORKS!
All subscriptions include free training and help onboarding your first client. Not yet ready to buy? Request a demo and we’ll show you how it works.