FAQ

Set-up your private space in CloudPRO-X using single dashboard. Then add your system assets for scanning and monitoring. Next select a security test for each asset. Tests can be run on-demand or scheduled. Reports are issued at regular intervals such as daily, weekly or monthly. Results are clearly illustrated on the dashboard so can be easily managed by you or your tech team to close the findings.

It can detect multiple vulnerabilities like XSS, all injection-type vulnerabilities, cryptography vulnerabilities, LFI, RFI, email spoofing and more. It provides over 40000 security checks for missing patches, security configuration, malware infections and OWASP top 10 risks.

It detects vulnerabilities as other scanners do – but WITHOUT false findings. They are checked and verified not to be random.

Most of our customers fix the security problems themselves using the guidance provided in the reports.

Yes. The results of your tests are Confidential.

No. Our scanning will not harm anything on your site, applications or servers. Our service is designed to be used on ‘live’ websites, therefore, will not impact your visitors.

CloudPRO-X is cloud-based security product provided by Provensec, a company whose security products and services are trusted by corporations worldwide. We have been providing security testing solutions since 2011 and are now making these powerful tools available to everyone.

Yes, a bit.

• Adjust any intrusion prevention or web application firewall solutions to allow our system to run tests.
• Contact us to obtain specified IP addresses for whitelisting.

The Security Badge is an online certificate of website security. Displaying our security badge demonstrates that your site is free of severe vulnerabilities and also that you care about the security of your visitors and/or clients. It gives everyone confidence that any personal information they enter on the site is safe, resulting in more business for you.

According to requirement there is verity of Penetration Tests like:

• Network and configuration penetration tests
• Web application penetration tests,
• Wireless network penetration tests,
• Client-server application penetration tests,
• Mobile device and apps penetration tests, and
• Social engineering.

Provensec offers web application penetration testing, Mobile device and apps penetration testing (android, IOS, and blackberry), cloud penetration testing (AWS, AZURE and Google Cloud), and PCI penetration testing.

The cost of penetration testing depends on the client’s goals, the type of risk assessment and the number of assets involved.

This is why we offer a FREE no-obligation consultation. Our technical security experts will learn your goals, determine the scope of the assessment and then provide you with a precise quote.

Depending on the type of testing required and the size of your project, the time it takes to complete a complete a penetration test varies.

In our FREE no-obligation consultation we will ask you some questions regarding your project so we can determine the length of time it will take.

Penetration Test will reveal the weakness that the attacker probably used to gain initial access to your site. These flaws must be fixed at the same time we provided you a report of your penetration test.

Our customers fix the security problems themselves using the recommendation provided in our reports.

• After implementing significant changes in website, application or network
• Security audit for HIPAA or PCI-DSS
• After updating application or changes in system
• Before submission of application for breach insurance
• If you store valuable data and have never had one

All our penetration testing engineers hold industry recognized certifications, such as GSEC, OSCP or CEH. In addition, we also ensure that all our penetration testers have strong web development backgrounds, as well as networking experience.

Vulnerability scans preform preconfigured pattern recognition, so there are many aspects of a system that will not be scanned completely. Penetration testing provides coverage for large number and variety of serious security faults that scanners are incapable of finding and testing.

We have performed single engagements for client covering 600 IP addresses, 20 websites, 3 android applications, 2 IOS applications and 2 Static Application Security Testing.

Easy ISMS Tool is cloud-based ISMS tool that covers all steps you need to achieve ISO 27001 certification. These include documents, online risk assessment, and templates that are explained with appropriate user guidance. This helps you to accomplish continuous compliance with the ISO 27001 security standard while saving both time and money.

• Step 1: Set-up your private cloud space with Provensec Easy ISMS Tool where you will get consolidated dashboard, reports, user administration features and more.
• Step 2: Define your scope in the Easy ISMS Tool, add locations in the scope of ISMS, add business units, add business process and add assets.
• Step 3: Now manage risk by defining inherent risk, treating identified risks, define an action plan.
• Step 4: Your SOA will be pre-filled based on the above phases. Select applicable controls and implement them.
• Step 5: Meet all mandatory requirements
• Step 6: Monitor your ISMS.

Our cloud based ISMS Tool cost $4999 per year which will give you access to our cloud tool only.

The cost of customized consultation depends on the scope of assignment.

In our free no-obligation consultation we will ask you some questions regarding your ISMS so we can determine the duration and cost of the project.

Provensec Labs offers a security solution that is ready for launch with your own branding. Our Cloud Security Scanning product includes these features:

• Fully automated cloud vulnerability scanning
• Uptime monitoring
• Malware monitoring
• On-demand penetration testing
• Threat intelligence

If you are an MSP or a security consulting company looking to offer cloud security as a service – start here. We have done all the hard work for you.

Provensec Private Label Security Solution features many things like following:

• Your own branded cloud-based security as a service system.
• An easy to use automated cloud based security scanning platform.
• Dashboard with your own company logo, color scheme, punch line, and the portal has your URL.
• Monitoring and centrally managing your scanning services across all customers from a single console
• Get started quicklywith our WordPress plug-in or via an advanced API.
• Security scanning reports with your company logo are emailed to your clients automatically.

We offer many easy ways to set up your Private Label Security Solutions and get you started. The portal is already set up and hosted on Amazon cloud. When your client logs in they see your chosen URL and logo. Security scanning reports are emailed to your clients automatically and contain your company logo. If you have an existing website you can use of one of the following ways to integrate our signup process and start selling online For more information visit: https://goo.gl/8YM8kt

The Provensec Partner Program is the very backbone of our business model. We are the industry’s first B2B market playerfocusing on helping MSPs and Web Hosting companies to launch their own Security as a Service within 48 hours.

1. Build a new revenue stream without any staffing costs or upfront investment 

You can capture your share of the security market by building a scalable business without adding new headcounts or building in-house security expertise. You get a recurring revenue stream which gives you an immediate branding boost and puts you a step ahead with a competitive edge.

2. Your own branded cloud-based Security as a Service offering 

Provensec can help you launch your own branded SaaS business within 48 hours. Our business model gives you complete control of this solution so that you can create your sales strategy to your advantage. The portal has your URL, logo and punch line. Scanning Traffic originates from a source marked exclusively for your business.

3. Create your own resellers and gain from your partner program 

Our simple licensing system allows you to procure a block of licenses upfront so you are in complete control of your bottom line. This allows you to design your own product portfolio and gain from further B2B enrollments. With higher volumes, you can gain exclusive rights to resell within a certain territory.

Simply schedule a FREE no-obligation consultation with an Account Manager to discuss the investment.

Qualified Security Assessors (QSA) are licensed to perform annual audits for merchants and service providers to document compliance with PCI. Approved Scanning Vendors (ASV) is permitted to perform the quarterly scans to indicate compliance with the PCI Data Security standard. Many qualified security assessors incorporate approved scanning vendors into their solution portfolio.

Provensec is an Approved Scanning Vendor.

Provensec is certified as a PCI Approved Scanning Vendor (ASV) to help merchants and their consultants validate and achieve compliance with the PCI Data Security Standard. Provensec PCI Compliance is an on-demand compliance testing and reporting service. Using the service, we can run PCI scan for you and provide you a compliance report which you can submit directly to acquiring banks.

A network security scan must be completed every 90 days by an approved PCI scanning vendor. Provensec is a PCI approved scanning vendor (ASV). To achieve network status compliance, all hosts should be scanned using Provensec managed PCI ASV scan, and there can be no PCI vulnerabilities found from the scans. Using Provensec managed PCI ASV scan, you can scan your network in segments and re-scan for vulnerabilities on target IPs. Segmented scanning allows you to scan hosts that you have remediated without having to scan your complete network.

All external IP addresses must be scanned for PCI compliance.
In “Security Scanning Procedures” document PCI SSC mentioned what IP address should be scanned to satisfy compliance needs.

"The PCI requires all Internet-facing IP addresses to be scanned for vulnerabilities. If active IP addresses are found that were not initially provided by the customer, the ASV must consult with the customer to determine if these IP addresses should be in scope. In some instances, companies may have a large number of IP addresses available while only using a small number for card acceptance or processing. In these cases, scan vendors can help merchants and service providers define the appropriate scope of the scan required to comply with the PCI. In general, the following segmentation methods can be used to reduce the scope of the PCI Security Scan.
Providing physical segmentation between the segment handling cardholder data and other segments. Employing appropriate logical segmentation where traffic is prohibited between the segment or network handling cardholder data and other networks or segments
Merchants and service providers have the ultimate responsibility for defining the scope of their PCI Security Scan, though they may seek expertise from ASVs for help. If an account data compromise occurs via an IP address or component not included in the scan, the merchant or service provider is responsible."

Scan duration depends on the responsiveness of your server. Some scans finish in close to an hour, while others take over four hours to complete

Our scans are designed to be low impact and non-intrusive. It’s most unlikely that you will experience downtime due to the scan. You may, however, notice slightly reduced performance from your server because the scan is run. Therefore, we suggest that you simply schedule your scans to run throughout your off hours.

You will be notified by email when your scan completes.

No, you cannot find us there we have bought bulk scans from our partners who are listed on PCI DSS website. We are providing a managed service on top it where we do scan, compliance and everything and at the end of the service, you get a complaint report.

As per the requirements within the PCI scanning procedure specifications, an IPS should be set not to block a scan.

Depending on your network, it should be necessary to include the scanner IPs to your list of trustworthy IPs. Therefore, the service can send probes to the IP addresses in your account throughout scan processing.

We provide 3 reports:

• Attestation of Compliance Report: states whether your organization is compliant with PCI from a scanning aspect. It must contain your primary contacts details, your address, the ASV’s main contacts details and their business address.
• Executive Summary: provides a table with each of your externally facing hosts with a statement of “Compliant” or “Non-Compliant” followed by a list of the vulnerabilities affecting the hosts and whether these vulnerabilities cause a PCI Fail.
• Vulnerability Details: provides a list of all the vulnerabilities and which hosts that are affected by them with Proof-Of-Concept (POC)

Depends on the SAQ you are filling in. Click here to create a request for free scope consultation on PCI DSS.

Yes, we are qualified to perform PCI penetration test and PCI ASV using our managed ASV scan service.