CoalfireOne℠ Scanning Solutions

Easily identify IT vulnerabilities

CoalfireOne℠ Scanning Solutions are a safe and integral part of proving and maintaining compliance-without disrupting network operations. Delivered as part of the CoalfireOne platform, our internal and external self-service vulnerability scans can help you:

  • Identify potential vulnerabilities both inside and outside of your network and applications.
  • Search networks and applications for breaches that could result in identify theft, credit card fraud, spam, malware, and more.
  • Quickly and easily comply with industry specific requirements for compliance.

Internal Scanning Solutions

Our proprietary internal scanning appliance, Lighthouse, identifies your internal network’s vulnerabilities and assists in making your internal data environment secure. We help you determine your scope and can provide on-premises or virtual Lighthouse scanning solutions.

Lighthouse Core – Onsite scanning for single merchants and small-medium businesses (SMBs).

Lighthouse Enterprise – Onsite scanning tools developed to meet the special needs of the enterprise, including scans at multiple locations.

Lighthouse Virtual – Private and public cloud-based scanning for organizations of any size.

External Scanning Solutions

All entities, including merchants, service providers, and financial institutions must complete a quarterly scan to remain compliant with PCI DSS standards. Coalfire is a PCI Security Standards Council Approved Scanning Vendor (ASV), and can validate adherence to the external scanning requirement of the PCI DSS 11.2. Our scanning solutions include:

  • Scan Universal – By scanning for all vulnerabilities, Scan Universal helps organizations adhere to global financial, government, industry, and healthcare mandates while helping protect their businesses from security breaches and data theft.

  • Scan ASV – Our Scan ASV solution helps organizations that are required to use an ASV for their PCI scans. ASV-certified since its inception in 2001, Coalfire has a remediation-free track record.

The CoalfireOne Services Group – Dedicated Support for your Compliance and Risk Objectives

The CoalfireOne Services Group helps you understand compliance and what you can do to manage risk. Our CoalfireOne scanning services team members are certified ASVs, here to assist you as you navigate the various PCI SSC scanning requirements. Additionally, we can help you address the identified vulnerabilities in need of remediation, but also to provide support on any PCI SSC inquiries. Whether you need assistance determining scope or you have scanning questions, the CoalfireOne scanning services team is here for you.

Scans Notification - March 19, 2019

Scans Notification - March 7, 2019

Scans Notification - February 14, 2019

Scans Newsletter - January 10, 2019

Scans Newsletter - October 4, 2018

Scans Newsletter - April 3, 2018

Scans Newsletter - January 10, 2018

Scans Newsletter - October 2, 2017

Scans Newsletter - July 11, 2017

Scans Notification - June 14, 2017

Scans Newsletter - April 4, 2017

Scans Newsletter - January 10, 2017

Scans Newsletter - October 21, 2016

Scans Newsletter - August 8, 2016

Scans Newsletter - April 18, 2016

Introducing Our New Scanning Platform, CoalfireOne Scans

April 03, 2019, Beck Larson, Director, Coalfire Labs

As you may be aware by now (considering previous blog posts, ongoing walk-through webinars, and our press release), we released Coalfire’s brand new vulnerability scanning platform, CoalfireOne Scans, this morning. All of us here at the CoalfireOne Scanning Services Team are truly excited to see its many improvements around overall user experience, particularly the significantly reduced time spent on dispute cycles and the ability to create custom reporting. The new platform, which provides our PCI Approved Scanning Vendor (ASV) service featuring internal and external scans while enabling easy collaboration and project management, will provide users with smooth navigation, a robust database to ensure fast processing speeds, and scalable IP scanning capabilities. Read more

Update to Microsoft Checks

March 14, 2019, Travis Finn, Consultant, CoalfireOne Scanning Services

Part of the glamorous life of an ASV involves a rigorous Quality Assurance program to ensure that we are the best ASV's we can possibly be. Some of those efforts are not as readily apparent to our clients as others; but on some occasions, we like to share when our work directly benefits those who trust Coalfire to help reduce their risk and simplify compliance. Read more

Enabling Clients to Cope with ASV Scans

February 22, 2019, Marco Brown, Associate, CoalfireOne Scanning Services

Gathering evidence, applying patches, and configuring your systems in preparation for submitting your vulnerability disputes can be a nerve-wracking and daunting task. To better enhance your understanding of the Approved Scanning Vendor (ASV) process, I’ve outlined some coping mechanisms and tools to use. Read more

Scan Interference

January 18, 2019, James Cox, Support Analyst, CoalfireOne Scanning Services, Coalfire

Scan interference is best defined as when traffic from our scanners gets blocked, filtered, dropped, or modified in response to some sort of active protection system not recognizing our traffic. Once our scanners are flagged as an intruder, the client’s environment is no longer accessible, which causes the scan to fail. In order to ensure that reliable scans can be conducted, our scanners must be allowed to perform scanning without this interruption.. Read more

CoalfireOne Special Notes

January 08, 2019, Erica Woods, Associate, Commercial Services, Vulnerability Assessments and Scanning, Coalfire

PCI-DSS can be challenging  to navigate – particularly when it comes to the ASV scanning requirements.  While fulfilling the scanning requirement is easy, obtaining a passing  attestation report may involve more than simply remediating failed findings.  One requirement that we receive many questions about is Special Notes. Read more

Reconciling Quarterly ASV and QSA Scanning Requirements

February 02, 2017, Rebecca Larson, ScanDesk Director, Coalfire

In the compliance realm, the term “quarterly” seems to be a sound and straight-forward term used to provide guidance and to aid entities in adhering to requirements. However, it’s meaning can vary based on its context in relation to dealing with various compliance requirements from your ASV and QSA. Read more

Coalfire is proud to contribute content to Security Weekly, a security podcast network that provides free content about IT security news, vulnerabilities, hacking, and research. View latest podcast below.