Compliance

PCI-Approved

The Payment Card Industry Security Standards Council (PCI SSC) designates Approved Scanning Vendors (ASV) that are fully equipped to conduct external vulnerability scanning services for firms that process payments online. Scanning is the core PCI requirement, but the list of advisories has also grown in recent years to include an Annual Penetration Test and Verification of Remediation. The Edgescan platform will equip your internal security team to tackle all provisions of the PCI DSS standard.

Exceed E.U. Standards

The European Union has issued a set of rules for firms processing online payments known as the revised Payment Services Directive (PSD2), an update to the original framework instituted in 2007. The PSD2 is a collection of technical regulatory standards that guide firms towards developing strong customer authentication protocols, and there are also guidelines for incident reporting and full and proper remediation.The Digital Operational Resilience Act (DORA) is the new standard for information security among European financial institutions—particularly those regulated by central banks—and introduces rules around incident management and reporting, digital testing, and management of third-party risk. It also applies to third-party vendors providing Information and Communications Technology (ICT) services to financial institutions, including cloud platforms or data analytics. Financial entities are required to define, document, and maintain a comprehensive digital operational resilience testing program that includes vulnerability scanning and penetration tests. With continuous vulnerability scanning, regular penetration testing, and remediation guidance, the Edgescan platform is built to partner with your security team as they clear all applicable European standards.

FTC-Ready

In the United States, the FTC’s Standards for Safeguarding Customer Information (the Safeguards Rule) applies to financial institutions like “mortgage lenders, payday lenders, finance companies, mortgage brokers, account servicers, check cashers, wire transferors, collection agencies, credit counselors and other financial advisors, tax preparation firms, non-federally insured credit unions, and [some] investment advisors.” These organizations are required to develop, implement, and maintain an information security program that adequately protects customers’ personal and financial information. The Edgescan platform is well-placed to serve your team as they drive your organization to meet and exceed FTC standards.

Next-Level Data Security

The System and Organizational Controls (SOC) 2 framework evaluates how organizations manage their systems and customer data. It’s designed with cloud providers and software-as-a-service (SaaS) vendors in mind, and it’s based on five key criteria: security, availability, processing integrity, privacy, and confidentiality. Edgescan will partner with your security team to develop a data-security program that exceeds SOC standards, and the platform will identify security gaps where unauthorized access could lead to data leaks, compromised information, and bad headlines.

See the Full Threat Matrix

You can tap the Edgescan platform to aid your security team in meeting ISO / IEC 27001 / 27002 guidelines by developing information-security controls with a healthy focus on how they fit within the overall risk environment. What are the patterns of attack currently favored by bad actors targeting other firms in your industry? Are they zeroing in on rogue APIs, or some other region of the attack surface? And what are the most up-to-date methods to counter your adversaries in the constantly evolving cyber arms race? Edgescan will provide you with cutting-edge intelligence to answer these questions — and clear ISO guidelines with room to spare.

Validated Vulnerabilities

Every vulnerability flagged in the Edgescan dashboard has been automatically assessed and validated against the platform’s vast data lake using clever technology and data science. Complex vulnerabilities, exposures and threats are validated by a team of CREST & OSCP certified Penetration testers — a group of seasoned penetration testers who have been with the firm an average of seven years when automation is not rigorous enough — creating a multi-step validation process that virtually guarantees a list of vulnerabilities that’s free of false positives. Don’t waste time investigating bogus threats that pose no threat to your systems and will not affect your compliance goals. When you see it in Edgescan, you know it’s real.