Network Vulnerability Assessments are critical in securing an organization’s network. Most organizations perform these assessments annually or quarterly at the most. The difficulty with this level of frequency is that new network vulnerabilities are discovered daily. Since networks often change due to patching, new machine installations, and many other reasons, your vulnerability posture can change just as often. Also, many regulatory bodies recognize the value of vulnerability assessments, including the PCI Council which published the PCI-DSS regulation. With so many reasons to scan, it makes sense to consolidate all these scans inside one easily accessible location that includes scan scheduling, report review, and remediation recommendations.
The Problem Overview
– Multiple Threats – Threats to an organization’s network can come from many different sources
– Internal Vulnerability – Many organizations only test from an external perspective, leaving them vulnerable to internal threats
– Infrequent Testing – Many organizations test for vulnerabilities once a quarter or year – not nearly enough for adequate protection
– New Threats – Organizations need to test for exposure early and often to keep up with the growing number of threats
We offer many scanning services to best fit your needs. Scanning services are divided into the following types:
- External – this vulnerability scan uses hardware outside of your network to scan the outside of your network for vulnerabilities. The same web-based portal is included for easy service management and reporting with this service as is included in the Internal service.
- Internal – this option allows you to turn any supporting hardware into an internal scanner that searches for vulnerabilities within your network. The same web-based portal is included for easy service management and reporting with this service as is included in the External service.
- PCI – this external scan is customized to include the required Statement of Attestation and Self-Assessment Questionnaire. In addition to the management and reporting portal, this option provides additional reporting options including an overview of your PCI compliance status and more insight into any areas that may fall out of compliance.
Within each service listed above there are two versions to select from to provide the optimal solution for your needs.
- On Demand – this version gives you complete control over scan scheduling and allows you to schedule unlimited scans for unique hosts.
- Managed – this version brings our expertise to you. We will configure and schedule a monthly scan for you. Our security experts will then review the outcome and discuss the findings with you. Additional consulting is available upon request as well.
The benefits of our solution
|Meets Regulatory Requirements||Our PCI scanning service is specifically designed to help you become PCI-DSS compliant.
However, other regulatory bodies (including FINRA, SOX, GLBA, and HIPAA) all require scanning as well. Our scanning services can help in achieving compliance with these regulations.
|Simple, Single Interface||All reporting and service management is accessed through one portal with a simple, customizable interface.|
|Self-Updating Threat Database||Every 12 hours the threat database is updated to reflect the latest exploitable vulnerabilities.|
|Unlimited Scanning||service offers unlimited scans, as frequently as you’d like (for the On Demand versions).|
|Experts Ready to Assist||Our security experts will plan and schedule the scans with you and will provide remediation guidance after the scan is complete to rid your network of the discovered vulnerabilities (for the Managed versions).|
|Flexible Scan Scheduling||“Restricted times” can be scheduled when scans will not run.|
The dashboard shows executive level summaries for previous scans, historical trends, most vulnerable hosts, total threats, and several other scan reports. Depending on which services are subscribed to, up to 30 different dashboard widgets can be displayed. The screen is customizable to include or hide widgets.