Vulnerability Management Services

Ongoing periodic vulnerability tests are a cornerstone of effective management of security for your production environment.  These specialized tests identify security weaknesses in production networks, databases, servers, web applications, etc... used to deliver your services.  It’s easy to understand that the timely identification and resolution of security weaknesses is essential to your ongoing success.  It only takes a single breach to disrupt services to your customers and stain the reputation of your company.

This service allows you to have security vulnerability scans run against your production environment without the initial expenditure to acquire the necessary testing software and the expense of hiring experienced staff to execute and remediate the results.  Our team can run these tests on a scheduled basis using one of the leading vulnerability scanners in the market.  We will also provide an independent report of security vulnerabilities to your management team and work with your IT leadership on recommended actions to mitigate any weakness in your production environment.

This service complies with the related requirements associated with many information security standards.

What's involved?

1. Production Asset Discovery and Setup (one-time)

The initial step in this service is a one-time setup to conduct the automated discovery process and complete the asset management associated with your production environment.  Once completed, you will have a fully documented picture of your production assets and the scope of assets to be included in the vulnerability testing process.  Activities include:

  • Performing automated discovery of assets across your production environment
  • Coordination with IT staff to segregate, prioritize and define the assets
  • Custom configuration of vulnerability tests to scan the environment for weaknesses

 

2. Perform Periodic Vulnerability Scan (Monthly or Quarterly)

We will conduct a comprehensive vulnerability scan on a fixed schedule against all production assets and generate a prioritized list of weaknesses in your environment.  These scans will use up-to-the-minute vulnerability criteria reflecting the latest information available for known weaknesses associated with the technologies used in your production services.

These vulnerability scans will be performed using privileged access to your environment to ensure that all vulnerabilities have been identified for your consideration.  If your company provides web and/or API access to your services, you are allowing customers to essentially enter part of your private domain to conduct business.  You need to assume that individuals attempting to exploit your environment can also reach these resources and pivot to attack other assets.  It is essential to know your vulnerabilities on a privileged basis.

 

3. Remediation and Reporting  (Monthly / Quarterly)

This periodic process involves communication and collaboration with your management team and IT staff to increase awareness and initiate actions to mitigate vulnerabilities.  We will provide reports of identified vulnerabilities to your designated IT staff and advise on the severity and actions necessary to eliminate the vulnerability from your production environment.  We will also provide management reports that provide essential information to maintain an executive perspective of security vulnerabilities.

Once the initial scan is completed, reports in subsequent months will provide an ongoing perspective of both repaired and continuing vulnerabilities.  This management oversight is an essential qualifying aspect of security compliance.

Next Steps...

Let us help protect your information infrastructure with industry leading testing and monitoring tools.  Contact us to discuss pricing for our vulnerability management services.