Vulnerability Scanning

Get peace of mind through frequent security testing.

Nearly 20 new security flaws, known as vulnerabilities, are discovered every day. Vulnerability scanning uses a variety of tools and techniques to examine your network for these security holes and misconfigurations.

Regular vulnerability scanning is a critical component of all successful information security programs and is a required component for all merchants accepting credit card payments. These scans also help to proactively find changes or weaknesses in your ever-changing network environment.


Your external network likely consists of perimeter devices, such as routers and firewalls, as well as Internet-accessible servers, like your email and web servers. External vulnerability scans are performed remotely, originating from the Sikich scanning server network. Our vulnerability management system only requires the addresses of your network; nothing is required to be downloaded, installed or configured on your network.


Our internal vulnerability scanning service is customized for your organization. Internal vulnerability scans test the security of your internal network (those systems that are not exposed to the Internet), which includes your network infrastructure, servers and workstations. Our system will automatically connect back to Sikich through your firewall to conduct testing and transmit results.

Why It’s Important

Each new vulnerability discovered increases your level of risk. Attackers often develop automated tools to exploit these new vulnerabilities within days, sometimes hours, of a vulnerability being disclosed.

Regular vulnerability scanning is essential to mitigating your risk. The constant and early identification of security flaws allows your organization to react quickly and appropriately, close security holes and help defend against attacks and data compromises.

How We Can Help

Whether you are a large corporation with multiple network blocks or a small company with only a single dynamic IP address, you’ll find our solutions easy, effective and affordable.

The Sikich Compliance and Vulnerability Management Portal is a web-based interface to your account. As a customer, you and your administrative team log into the portal to securely view risks and threats against your network as well as your schedule of upcoming vulnerability scans.

Results and corrective recommendations are risk-ranked based on priority and provided in both executive summary and technically-detailed formats, appropriate for business executives and technical administrators. Your management account also includes email alerts, downloadable reports, graphs, trend analyses, resource tools and real-time control over running scans to maximize your ability to respond to and secure your network against attacks.

We also understand that not everyone using our service is an information security expert. That is why we offer unparalleled support (yes, you will talk to a real-live person) both before you start scanning and after your scan has finished. In addition to providing you the guidance you need, our capable support team will:

  • Help you interpret your scan results and recommendations
  • Analyze your results to identify inconsistencies in your environment
  • Review your exception requests and false positive submissions

Easy to Configure

Enrolling is quick and easy! You can set up your tests using our secure website to register your devices, the type of tests to perform, and when and how often they should run (from daily to annually). You can configure and review your test schedule and results any time, day or night, from a web browser on any computer, mobile device or smartphone.

Easy to Understand

Vulnerability scanning services not only need to be thorough, but they also must have detailed reporting to be effective. Sikich vulnerability reports include an executive summary showing the hosts that were tested, each host’s security status, when the testing was completed and a summary of the results risk-ranked by priority. A detailed technical view shows the specific vulnerabilities identified, recommended corrective actions and links to additional resources.

With comprehensive reports in multiple formats, you can interactively review your reports online or download them, including any of your custom comments, for off-line viewing and sharing.

Accurate and Complete

The Sikich testing engine is updated daily and checks for tens of thousands of security vulnerabilities. Our service is incredibly thorough, inspecting your firewalls, routers, web servers, email servers and application servers.

Sikich has also been approved as meeting the requirements defined for Approved Scanning Vendors (ASV) in the Payment Card Industry Data Security Standard (PCI DSS), endorsed by American Express, Diners Club, Discover, JCB, MasterCard and Visa.

Easy to Manage

You can plan and manage your security tests to meet your needs. Before each test you will receive an email notifying you the test is about to begin. If you would like to postpone the testing, you can log into the web portal and reschedule the test for another time. You can even monitor the progress of the testing in real-time, and, if needed, you can use the same interface to cancel the test while it is running.

When the testing has completed, you will receive an email with the summary of the results and a link to your report. You can then log into the website at your convenience to see the detailed results of the testing and recommended corrective actions.

You can add custom comments to each vulnerability, for instance, to indicate that a change will be made by a given date or that you are willing to accept the risks associated with a particular vulnerability. These comments are stored with your testing results and are included in your reports.


The price for this service varies depending on the number of devices tested and the frequency of the testing. A small organization can typically have monthly security tests performed for significantly less than the cost of a single penetration test and at a fraction of the cost of dealing with a security breach. For large organizations, performing frequent tests can cost as little as pennies per device.

Find out what your systems are missing by scanning today.

All it takes is your name and phone number or email address to learn more about our services and expertise. If you’d like, you’ll also be able to send additional details after you submit your information here.

  • This field is for validation purposes and should be left unchanged.