Affordable monthly vulnerability scans to guarantee your peace of mind.

Prices for detecting vulnerabilities in websites, firewalls and other services exposed to the internet, start at £25 per month +VAT.

YOUR ALLY IN THE BOARDROOM

What is a Vulnerability Scan?

Vulnerability scanners are tools that are loaded with a database of thousands of known configuration, service and software application issues. It would take a human many months to manually test for all the known vulnerabilities, whereas an automated scanner can perform this in just a few hours.

What kind of issues are found?

The most common issues found include:

• Unsecured ports and services. Sometimes a firewall may have been reconfigured by the security team, but test services may not have been closed properly.
• Services that are no longer being supported by the vendor, so are therefore not receiving security updates, are accessible to anyone over the internet.
• Login forms require weak, often default, credentials that could expose access to sensitive information.

If these go unchecked, then it is just a matter of time before the publicly available scanners find these and publish this to the world

Can websites be scanned?

Yes – all the pages that the public can access, without credentials, can be scanned. In addition to this, the tools also look for the presence of other pages and resources that are possible to access without following the website’s hyperlinks. Typical findings include:

• Vulnerable web components that have not been patched.
• Old or backup copies of web pages that have been renamed to html.old for example.
• Unprotected directories that contain sensitive information.
• Pages that allow SQL injection or Cross Site Scripting attacks.
• The ability to upload malicious files to the site.

Are there any issues with vulnerability scanning?

• The tools do not exploit the vulnerabilities found, they only alert to the possibility of this happening. For example, if there was a vulnerability whereby the website could be defaced, no content has ever been amended by our scans.
• A key issue that most users find is the overwhelming results that are often difficult to decipher and prioritise – and this is where our ThreatSure service comes in.

What is ThreatSure?

• ThreatSure is our flexible vulnerability scanning service that is aimed at organisations of all sizes.
• We distil the findings to only those that matter to you in an easily accessible report that can be used fix the issues found – or convince stakeholders that more investment is required to bolster your cyber defenses.
• The service is also a great way to ensure that you are remaining compliant throughout the year with assurance standards such as Cyber Essentials, PCI DSS, ISO 27001 and the requirements of some insurance companies.

What scans are performed by ThreatSure?

The product comprises the following services that can be combined or purchased separately:

• External scanning of the company perimeter including websites
• Internal, authenticated, scanning of a sample of laptops, desktops and servers to ensure they are patched and free from serious misconfiguration.