Managing vulnerabilities to understand exposure, drive patching programmes and meet compliance is a never ending challenge for IT departments. A common approach is to buy a vulnerability scanning tool and deliver a solution in house. However, the problem tends to be looked at from one of three viewpoints –
- The server team wants to know about all patching requirements
- The security team just wants to know just about exposures and security patches
- The compliance team just wants to know about compliance
In addition to this, audits (the compliance driver), tend to drive a behaviour pattern that is detrimental to the organisation. If compliance requires an annual audit to maintain a level of certification, for 11 months of the year it is forgotten about while the business focuses on other projects. Then for 1 month, the business experiences a big spike in activity while everyone gets ready for the audit. During this period, all other projects suffer.
Our Managed Vulnerability Service has been designed to move organisations to a continual compliance model. We implement dedicated scanning appliances inside and outside of your network (or in the cloud) and implement a rolling schedule of scans that repeat on a continual basis. Each scan is configured using an agreed template to meet specific compliance needs such as PCI, Cyber Essentials or PSN. When we find a critical vulnerability, we don’t wait. We log this with your team immediately, with a recommended remediation plan. We also provide your teams with access to a portal where they can view all non-critical vulnerabilities and help them implement a rolling plan of remediation into their BAU schedule.
We do all this on a simple fixed monthly charging model that allows your IT team to focus where you need them, on core business activities.
- What’s included?
- Deployment of internal and external scanning appliances
- Continual scanning of all assets in scope
- Automatic discovery of new assets
- Managed triage and reporting service
- What do you get?
- Critical vulnerabilities detected and reported as they are discovered with recommended remediation steps
- Dashboard to access vulnerability status information and recommended remediation steps
- Compliance reporting for specific standards such as PCI, Cyber Essentials and PSN
- Focus your IT team on core business activities