Skip to main content

Managed Vulnerability Scanning

Identify and remediate vulnerabilities by continuously scanning your technology estate to reduce the potential window of exploitation for attackers.

What is Managed Vulnerability Scanning?

JUMPSEC’s Managed Vulnerability Scanning regularly scans your technology estate to proactively identify vulnerabilities.

By combining industry-leading vulnerability management software with our own custom toolset, our in-house cyber security analysts can help you manage and remediate vulnerabilities as they emerge.

Managed vulnerability scanning provides cost effective security protection and vulnerability alerting, developed to bridge the gap between ‘automated only’ vulnerability scanning and hands on penetration testing. This provides you with a regular assessment of your organisation’s public facing infrastructure to regularly identify exploitable vulnerabilities and reduce the potential window of exploitation for attackers.

JUMPSEC’s Managed Vulnerability Scanning service is available in three tiers to ensure you have the appropriate level of service for your business needs and budget.

Why should you undertake Vulnerability Scanning?

JUMPSEC recommends Managed Vulnerability Scanning for any organisation with changing public facing servers or websites.

Managed Vulnerability Scanning allows for continuous visibility and management of vulnerabilities, helping to reduce the risk posed to assets as a result of internal development and external changes to the threat landscape.

One of the key limitations of Penetration Testing is that it is performed at a single point in time, typically conducted on an infrequent 6-9-month cycle. Vulnerabilities however are constantly emerging, and this can leave organisations exposed to emerging issues in the window between tests.

Managed Vulnerability Scanning reduces the risk posed by new threats and vulnerabilities as they emerge over time. That said, scanning alone will not uncover the same depth of vulnerability as with manual testing and is not a substitute for a robust security assurance programme.

What outcomes JUMPSEC Managed Vulnerability Scanning provide?

Managed vulnerability scanning will provide regular, proactive vulnerability identification and classification, driving prioritised vulnerability remediation activities which are optimised to reduce your business’s risk exposure.

You can reduce your exposure to emerging vulnerabilities and threats and prevent attackers from leveraging critical-risk exploits in your external assets and any third-party technologies present on them. Access to JUMPSEC analysts will also provide deeper insights by filtering false positives and improving the efficiency of remediation activities.

With a detailed report, highlighting vulnerabilities identified and recommended remedial actions prioritised by risk, managed vulnerability scanning will also help to satisfy compliance requirements and build organisation-wide confidence in the overall security posture of your digital assets.

Discuss your cyber challenges?

Frequently Asked Questions

Can you deploy the service to internal networks?

Yes, JUMPSEC can perform internal network scanning. To deploy internally, JUMPSEC must deploy an on-site installation of Nessus to gather internal network data.

What toolsets does JUMPSEC use?

JUMPSEC primarily relies on public tooling such as Nessus, combined with bespoke tooling and scripts to perform additional data gathering and analysis.

What is the reporting schedule and frequency?

JUMPSEC performs daily scans of external IP addresses and URLs in-scope, which internal scanning is performed on a monthly basis.

The data from these reports is prioritised by risk and aggregated via a report delivered on a monthly basis. Where critical risks are identified JUMPSEC will escalate the issue to ensure swift remediation without waiting for the scheduled monthly report to be issued.

Achieve the cyber security outcomes you need.

We work to enable effective cyber security for our clients; helping them to future proof their cyber defences and realise genuine improvement over time.