We can provide you with a fully managed Vulnerability Scanning Service that can be performed in a variety of setups. Our employees all possess UK Government level security clearance and can conduct one-off scans if required.
Fully Managed Internal Scans
Internal scans are crucial to support a strength in depth security strategy and we are able to conduct this for our clients on-site or remotely from our offices, dependent on the client’s requirements. This involves scanning against all internal systems using un-credentialed or credentialed discovery methods. Having a secure internal infrastructure protects against insider threats and limits the scale of attack if your organisation were compromised.
Fully Managed External Scans
This involves our team conducting period scans of your internet facing infrastructure, using industry leading tools to identify the latest security vulnerabilities and plan out remediation activity. This is performed on a periodic basis, which is agreed with each organisation and can also be performed outside normal hours if needed. This type of activity emulates what a malicious outsider may do in the reconnaissance phase of a cyber-attack.
What can we help with?
Some of the insight we can provide is detailed below, if you wish to discuss your individual scanning requirements please contact us below.
• Accurate, high-speed asset discovery
• Un-credentialed vulnerability discovery
• Credentialed scanning for system misconfigurations & missing patches
• Network devices: Firewalls/Routers/Switches (Juniper, Check Point, Cisco, Palo Alto Networks), printers, storage
• Offline configuration auditing of network devices
• Virtualization: VMware ESX, ESXi, vSphere, vCenter
• Operating Systems: Windows, Mac, Linux, Solaris, BSD, Cisco iOS, IBM iSeries
• Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL
• Web applications: Web servers, web services, OWASP vulnerabilities
• Cloud: Deployed as AWS AMI
• SCADA systems, embedded devices and ICS applications
• PII (e.g. credit card numbers, SSNs)
Remediation action priority and scan tuning recommendations.
• After a scan, re-scan all or a subsection of previously scanned hosts.
• Detect Viruses, malware, backdoors, hosts communicating with Botnet-Infected systems, known/unknown processes, web services linking to malicious content
• HIPAA/ HITECH
• DISA STIGs
Other Cyber Security Services