BreachLock™ has a strict focus to ensure our clients achieve compliance with the PCI DSS standard. This is why we have a dedicated team of professionals that monitor various compliance requirements and industry standards on a continuous basis and fine tune our technology and processes to meet these requirements.
Industry recognitions we have earned
BreachLock™ provides end to end PCI DSS coverage for Security Testing.
PCI DSS explicitly demands manual penetration testing to be part of your security governance. Our platform is backed by certified security researchers that are certified and qualified to perform PCI DSS Penetration Tests.
BreachLock™ has partnered with ASVs to integrate our solution with an ability to launch and control quarterly ASV scans for you. This ensures that you
have one managed service covering both manual penetration testing and PCI ASV certified scans for you.
BreachLock™ has deep insights into PCI DSS requirements. This is why we are able to analyze your PCI requirements and advise you on what your compliance obligations are with respect to security testing.
Our expertise covers your whole IT landscape. Whether it’s your web application, mobile application, external network or internal network segmentation test, we test all of that. This ensures you have one vendor that meets all your security testing needs.
The requirement 6.1 can be fulfilled by establishing a process to identify security vulnerabilities in your internal and external applications, by using reputable outside sources for security vulnerability information, and assign a risk ranking (for example, as ‘high,’ ‘medium,’ or ‘low’) to newly discovered security vulnerabilities
To fulfill requirement 6.2 ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.
The requirement 11.3.1 covers the necessity to conduct external penetration testing at least once in every six months and after any significant change or upgrade of the organization’s infrastructure or application.
The requirement 11.3.2 includes all the requirements as discussed in 11.3.1, but instead of an external pen test, the organization needs to perform internal pen tests. These pen tests are required to be performed at least once every six months.
The requirement 11.3.3 says that the vulnerabilities (loopholes) found during the pen tests must be resolved and additional testing should be performed until the vulnerabilities are dealt with properly.
The goal of the requirement 11.3.4 is to verify that the segmenta-
tion methods used are efficient and operational and also the
out-of-scope systems are isolated from the systems in cardholder