Most security breaches exploit known and well documented vulnerabilities. It is therefore important to have a well-defined process in place to manage vulnerabilities. Vulnerability management is an ongoing process of identifying, classifying, prioritising, remediating or mitigating against weaknesses.
​
Organisations that deploy scanning solutions very quickly recognise the challenges:
​
-
There are a massive amount of vulnerabilities in any significant operational environment
-
There is never enough time, resources or service windows to be able to patch them all
-
Generic rating systems like CVSS do little to assist with meaningful prioritisation. They lack contextual information, are often not aligned with what attackers are doing and often occur in such volumes that there is never enough time to address them all
-
Scanning consistently and continuously to collect vulnerability data to drive remediation without causing disruption is itself not trivial and requires high levels of skill and care
-
Systems owners and other consumers of vulnerability reports are often resistant and sceptical of the findings. False positives, poor ratings and excessive volumes degrade trust and strain working relationships, often rendering the vulnerability management program ineffective
​
Using a combination of machine-driven and human analysis, our Managed Vulnerability Scanning service provides comprehensive management, consulting and support, focused on identifying the vulnerabilities that exist within our customers’ environments and making it easier to prioritise responses with practical recommendations around remediation. Using a broader set of intelligence to identify the real risk, rather than simply relying on static metrics like CVSS and exploit availability, allows the service to deliver vulnerability intelligence that continuously adapts alongside the ever-changing customer environments that we oversee.
Service Components
If you don’t know where your organisation is vulnerable, how can you defend it? To protect business-critical assets and ensure compliance, a company needs to identify, prioritise and mitigate against important vulnerabilities before cybercriminals can exploit them. However, with new weaknesses constantly being created by changing systems, services, applications and threats, vulnerability scanning needs to be an on-going process. Regular scheduled scanning is the most effective way to manage network vulnerabilities.
​
Off-the-shelf vulnerability scanners can create more issues than they solve; hampering network availability and inundating already overstretched security teams with reports that contain multiple false-positives, are either too vague or too detailed to be easily actionable. Meanwhile, unnecessary or poorly planned mitigation efforts only add to the burden on security teams.
​
In contrast, our cloud-based Managed Vulnerability Scanning (MVS) services ensure you have experienced analysts armed with industry-leading tools on hand to identify, classify and prioritise weaknesses as needed. Without interrupting business-as-usual, we provide meaningful intelligence on verified vulnerabilities and the best route to remediate or mitigate against them via clear, personalised reporting.
IPOptions Managed Vulnerability Scanning service offers automated, on-demand scanning using up to seven best-of-breed scanning engines supplemented by IPOptions custom developed tools to scan both internal and external networks. Scans are reviewed daily by IPOptions ethical hacking team to minimise false positives and to review and prioritise the vulnerabilities discovered. Our Managed Vulnerability Scanning services are a cost-effective, accurate solution for detecting and managing vulnerabilities in or brought about by:
-
Networks, hosts and devices
-
Active directory
-
DNS insecurities or misconfigurations
-
Databases (DB2/Oracle/MS-SQL)
-
Web application failures
Key Benefits
-
Planning, design, deployment and tuning of the scanning technology
-
Guidance and support regarding the ingestion and processing of scan data within the client’s organisation
-
Guidance regarding vulnerability management processes and procedures
-
Direct on-demand support from Vulnerability Management specialists regarding scan outputs, findings and their potential impact on the organisation
-
Ongoing fine-tuning of discovery scanning as well as scanning techniques and parameters to maximise the effectiveness of the vulnerability management service
-
Regular service reviews including strategic analysis of vulnerability risk posture and remediation actions