commissum's monthly managed vulnerability assessment ensures continued network security.
With about eight thousand vulnerabilities being discovered in commercial software annually, can you really afford to wait twelve months between penetration tests? While most vulnerabilities will not affect your organisation’s infrastructure, even if one percent impacts upon your environment, you could be exposed to twenty a quarter or almost seven per month on average.
Our managed monthly scanning is designed to complement full penetration testing, once this CREST level of detailed testing has established the impact of exploiting a vulnerability and breaching you defences.
By way of analogy
If your son comes in from the pub at two in the morning and leaves his keys in the door, that is a vulnerability. A vulnerability scan will find and report this, and will offer suggestions for mitigation such as "Remove his keys – but you need to get up at two in the morning to let him in", "Install a swipe card system" or even "Kick him out of the house!"
A penetration tester, on the other hand, would go up to the door and turn the keys and handle, only to find your son had been sober enough to bolt the door from the inside; ie the "high" risk presented by the vulnerability has been mitigated. The tester would then take the keys and try the back door, and identify that the keys for his car are also on the key-ring, exposing this asset to theft. In other words, the vulnerabilities are assessed for potential exploitation to determine the true business impact and not just the theoretical vulnerabilities.
Our Monthly Managed Service is designed to follow on after the full penetration test has established the impact (the stolen car), and will check that the underlying vulnerability is mitigated. In the analogy above, it would show every month whether the keys were still in the door or had been removed (i.e. mitigated). It would also indicate if they returned after a period of absence. This perhaps corresponds to notification of a server that has been restored from backup and not subsequently patched, which would equate to an episode of binge drinking in the analogy.
Overall, the Managed Scanning Service is the equivalent of a security guard regularly checking that all is well. A recent example of a successful outcome using a managed service provider was the exposure of data records that had not been exposed by the penetration test, but which appeared only after a firewall upgrade. The security scanning service discovered them, and the issue was quickly resolved before the public became aware of it.
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
“We have used commissum for several years and their work has always been professional and delivered to a high standard. We appreciate their ability to readily interpret project requirements and to make a valuable contribution even when a project's budget is tight. commissum are easy to deal with and have the flexibility to manage changing time scales and requirements.”
Mr Iain R, Account Director, International Business Systems & Managed Services Company
Fri 22 Nov, 2013 //
Tue 12 Nov, 2013 //
Fri 08 Nov, 2013 //