Comprehensive Management of Any Technical Vulnerabilities
Almost all software systems contain various hidden technical vulnerabilities, in other words, weaknesses. These vulnerabilities can be a reason of incidents causing the reduction of productivity, outages, business disruptions, and data leakage. This is particularly true for public websites. Due to global accessibility, a website can become a target of deliberate attacks any time. The attackers have different goals, e.g., to seize resources to make attacks and send spam.
In fact, the vulnerabilities are defects found in the code and/or configuration of websites and hosting software and hardware. The security analysts and malefactors continuously search for the weaknesses in various systems and discover them every day.
Many security standards and regulations such as ISO 27001 and PCI DSS require vulnerability scanning and penetration testing to be obligatory baseline security processes. A proper vulnerability management considers regular efforts on handling weaknesses and enforcing the infrastructure.
Comprehensive Vulnerability Management Service
In addition to a usually provided vulnerability scanning, our specialists:
- perform the review of compliance with ISO 27001 and PCI DSS vulnerability management requirements
- analyze customer IT infrastructure and track changes within vulnerability management
- offer not only external port scanning, but also internal scanning and security configuration analysis
- maintain customer vulnerability knowledge base that significantly increases the vulnerability analysis efficiency
- analyze and verify every found vulnerability manually
- make recommendations on vulnerability mitigations according to the specific customer infrastructure
- control timely mitigation of vulnerabilities
Even a comprehensive Technical Vulnerability Management is rather the detective, reactive process that solves the problems as they appear. A proactive approach becomes reasonable as maturity of the security management grows. It is always better to prevent any disease than to heal.
So, to get synergy and make the Vulnerability Management as profitable as possible, we propose its integration into the enterprise security management system and combination with other security processes and activities, such as:
- Penetration Testing
- Security Event Monitoring
- Security Incident Response Planning
- Security Incident Management
- Information Risk Management
- Configuration Management
- Change Management
- Release Management
Technical Vulnerability Management Service options
|Compliance review||Audit of compliance of vulnerability management with ISO 27001:2013 and PCI DSS 3.0|
|Technical Vulnerability Scanning||Regular finding weaknesses using automated tools|
|Security Configuration Analysis||Internal scanning and security configuration analysis performed for Windows-based systems|
|Vulnerability Monitoring||Daily monitoring vulnerability alerts from independent providers. Monitoring updates from software and hardware manufacturers|
|Analysis and Verification||Ranking of the weaknesses, evaluate their severity and screen false positives|
|Mitigation of the vulnerabilities and their causes||Patching the vulnerable service, reconfiguring it or the related environment, or implementing compensatory measures|
|Integrity Maintenance||Ensuring that any important files including system and application software, configurations and data files are unchanged unless the authorized action. Providing input for incident response process.|