Providing you with the resource to identify security vulnerabilities and address them before they're exploited.
Let's talkAs the size and complexity of your IT environment grows, so too will your need for a mature IT security programme. A key part of any security programme is vulnerability management, and this requires the right resource and tools to manage the discovery, coordination and remediation of vulnerabilities. Our Managed Vulnerability Scanning service is designed to reduce the overhead of having an in-house, day-to-day vulnerability management operation. Our security team offers extended coverage to manage the process across your organisation, reducing the risk of your business exposing critical data and assets.
Better cyber hygiene – vulnerability scanning is often used by hackers to identify and exploit vulnerabilities. With our managed vulnerability scanning service, you‘ll establish good cyber hygiene habits and stay one step ahead of the hackers.
Clear remediation guidance – we present the reports in a format that’s easy to understand and provides a structured remediation plan/process for any vulnerabilities identified within the scanning period.
Expert support – if you opt to take our analyst assisted review service, you’ll receive a monthly call to discuss the reports and the output and context of the vulnerabilities identified. Our analyst will guide you through the report and remedial actions.
Change control – where you wish to add new devices or locations to the service, our team will work with you to conduct further assets collection.
Extra resource – Running regular scans and analysing the output is time-consuming and can easily slip down the priority list. With our service, you‘ll keep on top of cyber hygiene and free up your team to focus on addressing vulnerabilities, rather than finding them.
Compliance – Our security analysts will provide quarterly vulnerability scans of your internal and external infrastructure to ensure that you meet compliance or security requirements, in particular, PCI Requirement 6. We’ll distribute the output from the reports to the relevant stakeholders with your business. Where you take managed services from us, we’ll share with the appropriate teams so they can take remedial action.
Managed – Ideal if you have a monthly patching cycle and require additional support to understand and remediate against vulnerabilities that pose the highest risk to your environment. Our security analysts will work with you and the relevant technical team to prioritise which patches should be rolled out.
Continuous – If you’ve achieved information security standards such as ISO27001 or IASME, you may require a patching cycle of 14 days to remediate against critical and high vulnerabilities. To help you maintain your investment in these information security standards, we offer a continuous scanning service for identifying and assessing the vulnerabilities, proposing the most appropriate remediation plan.
Depending on the level of service you select, our team will work with you to run internal and external vulnerability scans in line with the stated frequency. As part of our continuous scanning service, we’ll scan for vulnerabilities present within web applications such as cross-site scripting and SQL injection.
Our team starts by installing agents throughout the network to discover the relevant assets, using ARP, TCP and ICMP pings to identify traditional hosts and common open ports within specified address ranges. We also use a cloud-based scanner which identifies external-facing IP addresses to discover internet-facing assets.
We partner with Rapid7 (IVM) to conduct our service, combined with Nucleus to deliver and track the results of each scan.
Arguably, patching systems is one of the most effective ways to prevent the exploitation of known vulnerabilities.
Organisations should maintain a strong patching cycle, especially where they are subject to regulation or adhere to compliance standards like PCI-DSS, ISO27001 or IASME.