Managed Vulnerability Scanning
The MTI vulnerability scanning service adopts a blended approach to testing, whereby both automated and, more importantly, manual testing is employed to discover vulnerabilities within your web servers, mail servers, name servers, routers, firewalls and other Internet facing hosts. Manual testing enables to us to identify vulnerabilities not discoverable by automated-only testing and to also rule out any false positives.
MTI Managed Vulnerability Scanning: Overview
The MTI scans consists of a network discovery assessment that sweeps your IP address ranges, polling on a set of common TCP, UDP services and also sending various ICMP probes. The purpose of this enumeration scan is to discover responding hosts in your address space, confirm your understanding of exposed services and enable the identification of candidate hosts to receive a full vulnerability assessment via our enterprise scanning service.
The service runs each month, quarter or at other agreed periods, and performs a very extensive number of vulnerability tests on your hosts to determine if they are open to attack or exploitation. It is also able to highlight any new issues or fixed issues to enable you to see at a glance when issues have been fixed from the previous scan and what new issues have been introduced. Optionally we also over a monthly or quarterly debriefing service using a secure conferencing facility and a desktop sharing application, whereby a CHECK qualified consultant can talk you through all of the issues that have been found and their impact, explain why new issues may have been introduced and why fixed issues may not have been fixed as intended.
Each assessment results in a comprehensive HTML report of our findings with suggested remedial actions, technical references, trends and metrics. We receive excellent feedback from clients on the style and structure of the scanning report; far exceeding those available from other suppliers. Reports are securely delivered to pre-approved contacts in your organisation.
- Independent and objective security assessment
- Acts as a management tool to drive a reduction in vulnerability exposure
- Ongoing protection against the latest security exploits
- Guards against human error, e.g. developers' software bugs or exploitable code, server and firewall mis-configuration
- Prioritised remediation plan
- Remediated vulnerabilities prevent security beaches and thereby
- Protect your company's reputation (reducing adverse media coverage, customer dissatisfaction, loss of public confidence etc.)
- Reduces costs (fewer security incidents from which to recover, fewer compensation or litigation claims etc.)
- Verifies effectiveness of your other security controls, such as firewalls, IDSs and policies
Included Service Features
- Blended approach to vulnerability assessment provides
- Improved vulnerability discovery that eludes automated-only testing
- False positive removal, saving you time and making the service more cost effective
- Reporting of 'root cause' vulnerabilities reduces report volume and simplifies remediation activities
- Personalised 'role driven' reports
- Ensures individuals focus on their area of responsibility
- Enforces a 'least privilege' view of organisational vulnerabilities
- Allows management to monitor remedial actions
- Hosts can be allocated a criticality rating, asset tags and descriptive information to make the results more meaningful to your business and better integrate with your information security programme
- Differential reports highlight changes in system or network behaviour
- Arbitrary grouping of system populations allow comparison of vulnerability results across organisational boundaries, e.g. by department, geographic region, system type, business unit, etc.
- Vulnerability trends, metrics and compliance targets clearly demonstrate remediation progress to regulatory bodies, board members and clients
If you would like more information regarding Managed Vulnerability Scanning, please contact the MTI penetration testing team to discuss your requirements.