Managed Vulnerability

Managing vulnerabilities to understand exposure, drive patching programmes and meet compliance is a never ending challenge for IT departments. A common approach is to buy a vulnerability scanning tool and deliver a solution in house. However, the problem tends to be looked at from one of three viewpoints –

  • The server team wants to know about all patching requirements
  • The security team just wants to know just about exposures and security patches
  • The compliance team just wants to know about compliance

 

In addition to this, audits (the compliance driver), tend to drive a behaviour pattern that is detrimental to the organisation. If compliance requires an annual audit to maintain a level of certification, for 11 months of the year it is forgotten about while the business focuses on other projects. Then for 1 month, the business experiences a big spike in activity while everyone gets ready for the audit. During this period, all other projects suffer.

Our Managed Vulnerability Service has been designed to move organisations to a continual compliance model. We implement dedicated scanning appliances inside and outside of your network (or in the cloud) and implement a rolling schedule of scans that repeat on a continual basis. Each scan is configured using an agreed template to meet specific compliance needs such as PCI, Cyber Essentials or PSN. When we find a critical vulnerability, we don’t wait. We log this with your team immediately, with a recommended remediation plan. We also provide your teams with access to a portal where they can view all non-critical vulnerabilities and help them implement a rolling plan of remediation into their BAU schedule.

We do all this on a simple fixed monthly charging model that allows your IT team to focus where you need them, on core business activities.

  • What’s included?
    • Deployment of internal and external scanning appliances
    • Continual scanning of all assets in scope
    • Automatic discovery of new assets
    • Managed triage and reporting service
  • What do you get?
    • Critical vulnerabilities detected and reported as they are discovered with recommended remediation steps
    • Dashboard to access vulnerability status information and recommended remediation steps
    • Compliance reporting for specific standards such as PCI, Cyber Essentials and PSN
    • Focus your IT team on core business activities

Contact us

To discuss Managed Vulnerability