Home
PCI Compliance
Vulnerability Scan

External Vulnerability Scan (ASV) Solutions

Find and eliminate external network weaknesses with vulnerability scanning.

Buy nowRequest a quote
A group of computers using a vulnerability scanner in a server room
Jump to Section
Summary
Features
How it Works
FAQ
Resources
Why SM

Start scanning for vulnerabilities

Request A Quote

Summary

As an Approved Scanning Vendor (ASV), SecurityMetrics Vulnerability Scan helps you achieve PCI compliance, discover external vulnerabilities, and get extensive support and remediation assistance.

Features

An IT worker running a security scan

Our 24/7 scan technicians quickly help you remediate identified vulnerabilities

Achieve network security

We help our customers achieve external network security by keeping up with the most current list of vulnerabilities, finely tuning our scan engines to expose weakness, and providing extensive support.

Get PCI compliant

A SecurityMetrics Security Specialist helps identify your PCI requirements before scanning. You are given a Payment Card Industry validation type and then placed on an automated scanning schedule to ensure you meet PCI deadlines.

Know how to resolve issues with extensive support

Meeting compliance deadlines and knowing exactly how to fix discovered vulnerabilities can be difficult. SecurityMetrics employs a 24/7 technical support staff for its customers. The support department helps customers understand vulnerabilities and provides assistance to close the most threatening gaps.

Discover external vulnerabilities

If left unprotected, thousands of potential entry points on a business network are available for criminals to exploit. As new ways to access these entry points are invented daily, checking your external business network for vulnerabilities is crucial.

Rely on a reliable security partnership

A partnership with SecurityMetrics lends years of data security and compliance expertise to your business. Our extensive knowledge and comprehensive services relieve the stress of cyber security and compliance requirements.

Get simplified vulnerability reporting

SecurityMetrics reports on all discovered vulnerabilities including security holes that could enable backdoors, buffer overflows, denial of service, and other types of malicious attacks. It’s web application scanning even discovers SQL injection issues specific to your website programming.

Which vulnerability scan is right for you?

A support representative helping with a vulnerability scan

SecurityMetrics employs a 24/7 technical support staff for scan customers

Perimeter Scan

Perimeter Scan lets you swap scan targets according to your dynamically changing environment, making mass-IP management easy.

SecurityMetrics Perimeter Scan is credit based, so you can buy the amount of scan credits you need to use at your discretion and in your timeline.

PERIMETER SCAN (CREDIT-BASED)

  • Ideal for Adding and Removing Targets
  • Ideal for a Larger Organization/Multiple IPs
  • More Flexibility and Customization for Your Scanning Needs
  • Great For PCI, HIPAA, GDPR, and General Security
  • Manual Scanning Option
  • Detailed Scanning Reports
  • Can Be Used For PCI Compliance
  • 24/7 Support For False Positives with Help Within 48 Hours

ASV Scan

SecurityMetrics ASV scan, also known as a PCI approved scanning vendor scan, identifies top risks (such as misconfigured firewalls, malware hazards, remote access vulnerabilities) and can be used for cyber security, PCI DSS compliance, or other security mandates.

ASV Scan lets you perform unlimited rescans during your contract.

ASV SCAN (UNLIMITED SCANS):

  • Manual Scanning Option
  • Detailed Scanning Reports
  • Can Be Used For PCI Compliance
  • 24/7 Support For False Positives with Help Within 48 Hours

Get a comprehensive Vulnerability Assessment Scan

SecurityMetrics External Vulnerability Assessment Scan helps you stay ahead of cyber criminals. Our regularly updated scan engine identifies external network vulnerabilities so you can keep your data safe. External vulnerability scanning identifies top risks such as misconfigured firewalls, malware hazards, remote access vulnerabilities, and can be used for cyber security or compliance mandates like PCI DSS and HIPAA.

Keep your scans organized

For an organization with a high volume of scan targets, keeping port scans organized can be a challenge.

Our external vulnerability assessment tools allow you to group and label scan targets to make it easier to manage by location, network type, or unique circumstances at your organization.    

Scan targets on our schedule

SecurityMetrics Perimeter Scan allows you to test the scan targets you want, when you want. Run port scans on your most sensitive targets more frequently, test in scope PCI targets quarterly, or test designated IPs after changes to your network with simplicity.

Perimeter Scan even provides the flexibility to create and manage your own schedule on a group level.      

Review scan results

Each network scan produces a summary report with identified vulnerabilities. Vulnerability scanning reports list the target, vulnerability type, service (e.g., https, MySQL, etc.), and the severity of each vulnerability (low, medium, high).

Reports can be downloaded in PDF or an excel file that can be sorted by columns to help in remediation efforts.    

Identify external network vulnerabilities, so you can keep your data safe.

Start scanning for vulnerabilities

Request A Quote

External Vulnerability Scanning (ASV) FAQs

What is an ASV Scan?

ASV stands for “Approved Scanning Vendor.” The Payment Card Industry Data Security Standard (PCI DSS) requirement 11.2.2 calls for regular vulnerability scanning from an ASV.

These are vendors with scanning solutions that have been tested, approved, and added to a list of approved solutions that can help fulfill this PCI compliance requirement. Learn about what qualities to look for in an ASV.

What does a vulnerability scan do?

An external vulnerability scan is performed outside of your network (e.g., at your network perimeter), identifying known exploitable weaknesses in a network.

When am I required to scan?

The PCI SSC requires a vulnerability scan to be performed minimally every three months or after any significant network change (i.e., add/remove network device, updates to segmentation rules).

What IP addresses or domains need to be scanned?

Any Internet-facing connection that processes, stores, or transmits cardholder data. This includes IP addresses that are used in the event of a failover or backup.

My vendor said my hardware was PCI compliant. Do I still need to validate compliance?

Yes, you will still need to validate compliance. There is more to PCI compliance than just the hardware you use. Using tested and secure hardware for credit card processing, viewing, and storing are important aspects of PCI Compliance, but those are only a few.

Credit card information is often compromised through the lack of secure connections and other misconfigured connections to that secure hardware. Scanning will help identify vulnerabilities to be fixed.

Resources

The following are related resources that we have prepared for you. Find more answers to your questions in our Learning Center.

download
ASV Scanning
Data Sheet
download
Perimeter Scan
Data Sheet
newsmode
Vulnerability Scanning 101
White Paper

Why choose SecurityMetrics for vulnerability scanning?

docs
Simplified vulnerability reporting
SecurityMetrics proprietary vulnerability scanning engines scan for thousands of external network vulnerabilities. Perimeter scan identifies open ports available for data transfer. The port scans report all discovered vulnerabilities and security holes that could enable backdoors, buffer overflows, denial of service, and other types of malicious attacks. Perimeter scan even discovers SQL injection issues specific to your website programming.
groups
Dedicated network scan team
SecurityMetrics has a dedicated network scan team that works daily to build, improve and upgrade its proprietary vulnerability scanning engine used for Perimeter Scan. Using information provided by SecurityMetrics Forensic Investigators, Penetration Test Analysts, and Payment Card Industry (PCI) Data Security Standard (DSS) Auditors, the scanning team works hard to ensure scan accuracy.
query_stats
False positive reduction
Many network scan vendors provide affordable vulnerability scanning on the surface, but after considering the time you spend resolving false positives, (when a scan engine identifies a threat that's not real) scan prices quickly add up. The SecurityMetrics Scan Team continuously adjusts its scanning engines based on trial and customer feedback. This allows for accurate scanning, a reduction in false positives, and customer savings.

Network Vulnerability Assessment technology is protected by any or all of the following patents and other pending applications: U.S. Patent No. 11,012,464.

Recognition for Outstanding Work

SecurityMetrics has worked hard over the years to provide outstanding products and services. Here are some of the awards the team has won.

The Golden Bridge Award 2020 Gold logo
Global Infosec Award Winner 2024 Logo
Cybersecurity Excellence Award Winner 2023 Logo

20+ years of experience

QSA | PFI | ASV | P2PE | SSF | SLC | 3DS | QPA | PCIP

PCI Qualified Security Assessor logo
HITRUST Authorized CSF Assessor logo
CISSP logo
HCISPP logo
CISA logo

See how we've helped our clients succeed

When you succeed, we succeed. That's why we pay such close attention to detail and provide award-winning support. Let's work together!

TESTIMONIALS

The relevance of ensuring proper ecommerce website security and protecting card holder data continues to be paramount for our organization, and we could not manage this process better without the reporting tools and excellent technical expertise provided by SecurityMetrics.

Jason Drake
Premiere Sports Travel

SecurityMetrics is an integral part of the team in our PCI program. We depend on the assessors to make sure that we stay on the compliance track. They do it with developing relationships across campus, discussing upcoming projects or application changes, and being available to us for consulting. They are knowledgeable, helpful and help us keep the campus engaged by their friendly demeanors.

Robbyn Lennon
University of Arizona

We have been customers of SecurityMetrics for about eight years. We are so impressed with the patient and professional way that their staff treats customers. They do not hurry, seem tired, act annoyed or too busy to work with their customers. Every person I spoke to was great!

Naomi Christman
The ProImmune Co, LLC

SecurityMetrics is the most retail friendly solution. At the small business level, frequently the person that has to interface with the tool is an owner or someone who has financial responsibility, but they may not necessary be technically savvy with using online tools. We believe SecurityMetrics meets that need better than anyone else we've seen.

Steve Methvin
Bozzutos

SecurityMetrics' Pen Testing has definitely helped us improve our network security in ways I could have never imagined. You just don't know what you don't know. I am absolutely confident in their team's abilities and my experience has led me trust them implicitly as a security partner. Their depth of understanding is impressive, and their professionalism is unmatched.

Morgan Leppink
Internet Ticketing Systems

We’ve been using SecurityMetrics for our onsite PCI audits for more than 10 years now. We have continued to come back and return to SecurityMetrics due to the value that has been supplied by them. SecurityMetrics has been around long enough now and they’ve been one of the top providers when it comes to PCI compliance, that I know they’re in it for the long haul.

Dawn Martinez
SVP, NewTek Merchant Solutions
Stay up to date
Subscribe to our blog.
Subscribe Now
Data Security
Vulnerability ScanningPenetration TestingSecurity TrainingPANscan®SecurityMetrics VisionSecurityMetrics MobileCIS Controls AssessmentConsultingResellerForensic/Incident ResponseData and Network SecurityData Security AcademyWebpage Integrity Monitoring (WIM)Shopping Cart InspectShopping Cart Monitor (PCI 6.4.3 & 11.6.1)SecurityMetrics Pulse
Compliance
GDPR CompliancePCI CompliancePCI DSS AuditPCI Level 4 ProgramPA-DSS/SSF AuditP2PE AuditPIN Security AssessmentPCI PoliciesPCI TrainingHIPAA ComplianceHIPAA PoliciesHIPAA TrainingHealth Network ProgramHITRUST
Company Info
About UsBlogGlossaryMedia RelationsCareersTerms of UsePrivacyAbuseDo Not Sell My Information
Contact
Contact UsReport a Vulnerability
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy PolicyTerms and Conditions
Your IP Address is:
YouTube logoSecurityMetrics podcast logoLinkedIn logoFacebook logo
Subscribe to our blog
Subscribe Now
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy Policy
|
Terms and Conditions
|
Your IP Address is:
000.000.000.000