Managed Vulnerability Scanning
Identify and remediate vulnerabilities by continuously scanning your technology estate to reduce the potential window of exploitation for attackers.
WHAT IS MANAGED VULNERABILITY SCANNING?
JUMPSEC's Managed Vulnerability Scanning regularly scans your technology estate to proactively identify vulnerabilities. Using industry-respected vulnerability management software combined with our own custom toolset, our in-house cyber security analysts help you to manage and remediate vulnerabilities as they emerge.
Managed Vulnerability Scanning provides cost effective security protection and vulnerability alerting, developed to bridge the gap between 'automated only' vulnerability scanning and hands on penetration testing. It provides a regular assessment of an organisation's public facing infrastructure to regularly identify exploitable vulnerabilities and reduce the potential window of exploitation for attackers.
Regularly scanning for vulnerabilities is complementary to manual Penetration Testing, enabling organisations to maintain a current view of their exposure to 'known-bad' vulnerabilities throughout the testing cycle. This ensures that emerging exploits affecting your assets can be identified and remediated early without relying on the next scheduled test to discover.
An organisation's risk profile can vary depending on the size and complexity of the IT estate, their attitude to risk, the nature of their online presence, the amount of customer data they store, and the nature of their business operations. Because no two organisations are the same, JUMPSEC's Managed Vulnerability Scanning service is available in three tiers to ensure the level of service is aligned to the client's need and budget.
WHY SHOULD YOU UNDERTAKE VULNERABILITY SCANNING?
JUMPSEC recommends Managed Vulnerability Scanning for any organisation with changeable public facing servers or websites. Managed Vulnerability Scanning enables continuous visibility and management of vulnerabilities, and helps reduce the risk posed to assets through the introduction of vulnerabilities as a result of internal development and external changes to the threat landscape.
One of the key limitations of Penetration Testing is that it is performed at a single point in time, typically conducted on an infrequent 6-9-month cycle. Because vulnerabilities are continually emerging, this can leave organisations exposed to emerging issues in the window between tests. Managed Vulnerability Scanning reduces the risk posed by new threats and vulnerabilities as they emerge over time. That said, scanning alone will not uncover the same depth of vulnerability as with manual testing and is not a substitute for a robust security assurance programme.
Ready to find out more?
WHAT OUTCOMES WILL JUMPSEC MANAGED VULNERABILITY SCANNING PROVIDE?
- Regular, proactive vulnerability identification and classification
Driving prioritised vulnerability remediation activities optimised to reduce risk exposure.
- Optimise your security operations and drive efficiency
Through access to our analysts, providing deeper insights and filtering false positives to improve the efficiency of remediation activities.
- Reduce your exposure to emerging vulnerabilities and threats
To prevent attackers from leveraging critical-risk exploits in your external assets and any third-party technologies present on them.
- Improved security posture
Increase confidence in the security posture of your digital assets. To build the trust of your internal stakeholders and external authorities, customers, and partners alike.
- Satisfy compliance requirements
With a detailed report, highlighting vulnerabilities identified and recommended remedial actions prioritised by risk.
- Augment point-in-time penetration testing
With continuous scanning for emerging vulnerabilities to reduce the risk of attackers bypassing your cyber defences
JUMPSEC is CREST Vulnerability Assessment accredited, giving you the assurance that our Managed Vulnerability Scanning services maintain the highest technical and professional standards.
Yes, JUMPSEC can perform internal network scanning. To deploy internally, JUMPSEC must deploy an on-site installation of Nessus to gather internal network data.
JUMPSEC primarily relies on public tooling such as Nessus, combined with bespoke tooling and scripts to perform additional data gathering and analysis.
JUMPSEC performs daily scans of external IP addresses and URLs in-scope.
Internal scanning is performed on a monthly basis.
The data from these reports is prioritised by risk and aggregated via a report delivered on a monthly basis.
Where critical risks are identified JUMPSEC will escalate the issue to ensure swift remediation without waiting for the scheduled monthly report to be issued.
Vulnerabilities are presented to the client through a risk-prioritised view.
JUMPSEC vulnerability scan reports are delivered in HTML format and can be downloaded from a secure portal.
JUMPSEC analysts are available to respond to queries regarding any findings and can offer advice and support around remediation on an ad-hoc basis.