Start scanning for vulnerabilities

young handsome business man  engineer in datacenter server room

External Vulnerability Scan Solutions

External Vulnerability Scan Solutions

Find and eliminate external network weaknesses.

SecurityMetrics Vulnerability Scan helps you achieve network security, discover external vulnerabilities, and get extensive support and remediation assistance

Achieve network security

SecurityMetrics helps its customers achieve external network security by keeping up with the most current list of vulnerabilities, finely tuning its scan engines to expose weakness, and providing extensive support.

Identify your PCI requirements

A SecurityMetrics Security Specialist helps identify your PCI requirements before scanning. You are given a Payment Card Industry validation type and then placed on an automated scanning schedule to ensure you meet PCI deadlines.


Know how to resolve issues with extensive support

Meeting compliance deadlines and knowing exactly how to fix discovered vulnerabilities can be difficult. SecurityMetrics employs a 24/7 technical support staff for its customers. The support department helps customers understand vulnerabilities and provides assistance to close the most threatening gaps.

Discover external vulnerabilities

If left unprotected, thousands of potential entry points on a business network are available for criminals to exploit. As new ways to access these entry points are invented daily, checking your external business network for vulnerabilities is crucial.

Rely on a reliable security partnership

A partnership with SecurityMetrics lends years of data security and compliance expertise to your business. Our extensive knowledge and comprehensive services relieve the stress of cyber security and compliance requirements.

Get simplified vulnerability reporting

SecurityMetrics reports on all discovered vulnerabilities including security holes that could enable backdoors, buffer overflows, denial of service, and other types of malicious attacks. It’s web application scanning even discovers SQL injection issues specific to your website programming.

Get A Comprehensive Vulnerability Assessment Scan

SecurityMetrics External Vulnerability Assessment Scan helps you stay ahead of cyber criminals. Our regularly updated scan engine identifies external network vulnerabilities so you can keep your data safe. External vulnerability scanning identifies top risks such as misconfigured firewalls, malware hazards, remote access vulnerabilities, and can be used for cyber security or compliance mandates like PCI DSS and HIPAA.

Keep Your Scans Organized

For an organization with a high volume of scan targets, keeping port scans organized can be a challenge. Our external vulnerability assessment tools allow you to group and label scan targets to make it easier to manage by location, network type, or unique circumstances at your organization.                         

SOC SIEM/browser-mockup-topbar
Alt Text

Scan Targets on Your Schedule

SecurityMetrics Perimeter Scan allows you to test the scan targets you want, when you want. Run port scans on your most sensitive targets more frequently, test in scope PCI targets quarterly, or test designated IPs after changes to your network with simplicity. Perimeter Scan even provides the flexibility to create and manage your own schedule on a group level.                         

SOC SIEM/browser-mockup-topbar
Data Security/Vulnerability Scan (ASV)/Scan-Targets-on-Your-Schedule

Review Scan Results

 Each network scan produces a summary report with identified vulnerabilities. Vulnerability scanning reports list the target, vulnerability type, service (e.g., https, MySQL, etc.), and the severity of each vulnerability (low, medium, high). Reports can be downloaded in PDF or an excel file that can be sorted by columns to help in remediation efforts.                         

SOC SIEM/browser-mockup-topbar
Alt Text

Which Vulnerability Scan Is Right For You?

Perimeter Scan

Perimeter Scan lets you swap scan targets according to your dynamically changing environment, making mass-IP management easy.

SecurityMetrics Perimeter Scan is credit based, so you can buy the amount of scan credits you need to use at your discretion and in your timeline. 


  • Ideal for Adding and Removing Targets
  • Ideal for a Larger Organization/Multiple IPs
  • More Flexibility and Customization for Your Scanning Needs
  • Great For PCI, HIPAA, GDPR, and General Security
  • Manual Scanning Option 
  • Detailed Scanning Reports 
  • Can Be Used For PCI Compliance 
  • 24/7 Support For False Positives with Help Within 48 Hours 

ASV Scan

SecurityMetrics ASV scan, also known as a PCI approved scanning vendor scan, identifies top risks (such as misconfigured firewalls, malware hazards, remote access vulnerabilities) and can be used for cyber security, PCI DSS compliance, or other security mandates.

ASV Scan lets you perform unlimited rescans during your contract. 


  • Manual Scanning Option
  • Detailed Scanning Reports
  • Can Be Used For PCI Compliance
  • 24/7 Support For False Positives with Help Within 48 Hours

External Vulnerability Scanning (ASV) FAQs

ASV stands for “Approved Scanning Vendor.” The Payment Card Industry Data Security Standard (PCI DSS) requirement 11.2.2 calls for regular vulnerability scanning from an ASV.

These are vendors with scanning solutions that have been tested, approved, and added to a list of approved solutions that can help fulfill this PCI compliance requirement. Learn about what qualities to look for in an ASV.

An external vulnerability scan is performed outside of your network (e.g., at your network perimeter), identifying known exploitable weaknesses in a network.

The PCI SSC requires a vulnerability scan to be performed minimally every three months or after any significant network change (i.e., add/remove network device, updates to segmentation rules).

Any Internet-facing connection that processes, stores, or transmits cardholder data. This includes IP addresses that are used in the event of a failover or backup.

Yes, you will still need to validate compliance. There is more to PCI compliance than just the hardware you use. Using tested and secure hardware for credit card processing, viewing, and storing are important aspects of PCI Compliance, but those are only a few.

Credit card information is often compromised through the lack of secure connections and other misconfigured connections to that secure hardware. Scanning will help identify vulnerabilities to be fixed.

Data Security/Vulnerability Scan (ASV)/Scan_team_2

Have an Expert in Your Corner

Have an Expert in Your Corner

Our 24/7 scan technicians quickly help you remediate identified vulnerabilities. Our award-winning support team reviews vulnerability management best practices and helps your organization stay secure.                         

Reasons To Use SecurityMetrics For Vulnerability Scanning

Simplified Vulnerability Reporting

SecurityMetrics proprietary vulnerability scanning engines scan for thousands of external network vulnerabilities. Perimeter scan identifies open ports available for data transfer. The port scans report all discovered vulnerabilities and security holes that could enable backdoors, buffer overflows, denial of service, and other types of malicious attacks. Perimeter scan even discovers SQL injection issues specific to your website programming.

Dedicated Network Scan Team

SecurityMetrics has a dedicated network scan team that works daily to build, improve and upgrade its proprietary vulnerability scanning engine used for Perimeter Scan. Using information provided by SecurityMetrics Forensic Investigators, Penetration Test Analysts, and Payment Card Industry (PCI) Data Security Standard (DSS) Auditors, the scanning team works hard to ensure scan accuracy.

False Positive Reduction

Many network scan vendors provide affordable vulnerability scanning on the surface, but after considering the time you spend resolving false positives, (when a scan engine identifies a threat that's not real) scan prices quickly add up. The SecurityMetrics Scan Team continuously adjusts its scanning engines based on trial and customer feedback. This allows for accurate scanning, a reduction in false positives, and customer savings.

For a customized network exploitability check, learn about SecurityMetrics’ Penetration Testing Service.


Network Vulnerability Assessment technology is protected by any or all of the following patents and other pending applications: U.S. Patent No. 11,012,464.

Request a Quote for External Vulnerability Scanning

View your external network vulnerabilities with ease using SecurityMetrics ASV Scan. 

We Strive To Fulfill Privacy Requirements And Protect Your Data (read more about it below).

We want to send you emails containing educational and promotional information. You can unsubscribe at any time. By submitting your personal data, you give us permission to send you emails. We will not share your data with anyone. The SecurityMetrics data retention policy is to keep data for five years after no further activity from you. You have the right to control the data you submit, lodge a complaint to a supervising authority, and to unsubscribe or withdraw consent at any time. You are not required to give us your data. We use marketing automation to match our solutions with your interests. See our privacy policy for more info. If you are unfamiliar with GDPR, you can learn about it on our blog.


Related Links

  • Guide SecurityMetrics Guide to PCI DSS Compliance

    The SecurityMetrics Guide to PCI DSS Compliance will help you understand current PCI requirements and trends, so that you can better protect data from inevitable future attacks.

  • Academy SecurityMetrics Academy

    Academy contains videos, quizzes, and external resources on topics like security policies and encryption. Our intent is to help SMBs like franchisees, small merchants, and healthcare practices address specific cybersecurity risks businesses may face.

  • Guide SecurityMetrics Guide to HIPAA Compliance

    We intend our guide to be a “deskside” reference for the day-to-day and recurring demands of HIPAA compliance. It’s meant to strike a balance between generally informative and specifically practical. Those who use our guide report that it is “thorough and detailed-oriented. Very helpful.”

  • Podcast SecurityMetrics Podcast

    The SecurityMetrics Podcast is intended to help businesses of all sizes as well as individuals–whether security professionals or not. We want to break security concepts down well enough that anyone can understand the top cybersecurity threats and how to deal with them.


  • SecurityMetrics Summit

    This recorded event is for all businesses that need solutions for cybersecurity, data protection, PCI DSS, HIPAA, and other types of compliance (HITRUST, GDPR, CCPA). Summit is ideal for those working in universities, retail, government, acquiring banks, and the healthcare industry. If your job includes anything related to compliance, payment card data, or cybersecurity, this is a must-watch event.


  • Threat Intelligence Center Feed

    SecurityMetrics Threat Intelligence Center analysts monitor current cybercriminal trends to give you weekly news reports and trending threat insights straight to your inbox, including: bi-monthly cybersecurity video-podcast, current data breaches, cybersecurity news, and technical advice to keep your system hacker-free.