Managed Vulnerability Scanning
Why is having a managed vulnerability scanning process important?
Network vulnerabilities highlight security gaps that could be abused by attackers to damage network assets and threaten the fundamentals of cyber security: confidentiality, integrity and availability. Attackers are constantly looking for new vulnerabilities to exploit and will take advantage of old vulnerabilities that have not been patched.
Implementing a managed vulnerability scanning programme, that regularly checks for new vulnerabilities, plays a critical part in preventing cyber security breaches. A well designed vulnerability testing and patch management programme ensures that new and existing security gaps are located and closed. This makes it much more difficult for attackers to breach the network.
Option 1: One-Off Scan
We can perform both external and internal vulnerability scans of your IT assets and provide you with a report that details your vulnerability status.
Option 2: Quarterly Scan
The Quarterly Scan is performed in the same way as the One-Off Scan. For internal quarterly scanning, a VM can be deployed on a permanent basis so that once this is set up, scanning can be performed with ease. This also provides the ability for ad hoc scanning on request.
Option 3: Scanning & Patch Management
Scans are conducted on a continuous, weekly or monthly basis. Reports will be provided as per each client’s unique requirements. The Cloud Agent will be used to deliver patch management services, ensuring that your organisation is being kept updated on the status of software vulnerabilities and updates are delivered efficiently and effectively in timely manner. More about Patch Management below.
Benefits of a Managed Vulnerability Scanning
Powerful tools combined with expert consultants
Our managed vulnerability service is delivered using best of breed technologies combined with cyber security specialists. Our consultants hold various levels of industry certifications such as CISSP, CompTIA and CREST certified penetration testers.
More efficient use of internal teams
Most organisations’ IT and infosec teams are understaffed due to the huge shortage of skilled employees. Specialist analyst skills are in high demand and, by any metric, expensive. Manually validating scan data from vulnerability toolsets is time consuming and not an ideal use of skilled resource, which is why many security operations teams are outsourcing this function to have immediate access to clean and actionable vulnerability data.
The annual cost of our vulnerability management service is significantly lower than the cost of building a team of internal cyber security professionals and providing them with the training, tooling and support required to deliver an effective solution.
We are an extension to your IT Department
We work closely with our clients’ IT departments to identify vulnerabilities affecting their network and to identify false positives, freeing up internal teams to focus on other projects. The reports and dashboards provide remediation steps, where possible, to fix the identified vulnerabilities and mitigation advice where a fix is not possible.
Stay on top of a changing threat landscape
We are up against an ever growing threat landscape. New vulnerabilities are arising daily, and vulnerability management is swarmed by false positive information affecting an organisation’s ability to deal with remediation and response to incidents in an efficient amount of time.
Managed Vulnerability Scanning & Patching Services
Our Vulnerability and Patching Service provides visibility into where your IT infrastructure might be vulnerable to cyber security threats. It helps you to continuously identify where you may be vulnerable to new or existing threats so that risks can be addressed quickly.
We can scan continuously and identify security vulnerabilities in offices, data centres or your cloud instances. Our internet-connected scanner will assess your external IP addresses and we can deploy agents or virtual machines to scan internal network assets.
Organisations that want to simplify deployments can utilise our lightweight agent to avoid the need to configure local credentials and host firewalls. As the agent is installed on the endpoint, it improves scanning accuracy and ensures remote machines continue to be monitored even when working off the corporate network. These service options are comprised of the following components:
The external scanner is used to scan your internet facing IP addresses to ensure that hackers are not being presented with an easy route into your IT systems.
The Patch Management option increases your remediation response time. It enables you to discover open vulnerabilities and missing patches across assets located on premises, in clouds and at remote endpoints. Patches can be scheduled or on demand at any given point, such as in emergency situations where a vulnerability is suddenly being actively exploited in the wild. Rules and workflows can be configured so that patches are deployed when they meet a certain criteria, like severity level or CVSS score.
WebApp (Web Application) Scanner
A web application scan will inspect the web application itself (and also APIs) to identify application-level vulnerabilities like XSS SQL injection and cross-site scripting vulnerabilities. It is a recommended option for organisations who have web application services accessible from the internet.
Scanner VM (Virtual Machine)
A virtual scanner appliance is deployed inside your network behind the corporate firewall so that it can scan your internal IP addresses. The virtual scanning machine connects back to the centralised platform to consolidate report data.
The cloud agent provides a continuous view of assets for vulnerability management and helps provide visibility and security for assets that are not easily scanned from the network including remote users, distributed offices and cloud server instances.
We will provide regular vulnerability status reports, which will enable the tracking of risks and oversight of the progress made in closing them. Our Vulnerability Management Service helps our clients avoid the substantial costs and resources required to design, deploy and manage a vulnerability management service internally.