Discover Our Expertise
Our on-demand or scheduled Vulnerability Assessment (VA) service assists to preserve your applications and network more securely at an affordable price.
Our VA offering compromises of key components of vulnerability management process starting from Preparation through to Vulnerability Scan to recommending Remedial Actions and Rescan.
This is achieved through industry’s most advanced, scalable and extensive vulnerability management and compliance tool Qualys Cloud Platform which allows our security analysts to prioritise tasks and focus on critical vulnerability remediations. Qualys has been consistently rated by Gartner, Forrester and IDC as a Leader in vulnerability management market place that provides continuous scans and identifies vulnerabilities with six Sigma (99.99966%) accuracy, protecting IT assets on premises, in cloud and mobile endpoints.
Our Vulnerability Assessment (VA) Service Offering
Our vulnerability assessment service assesses systems from an external perspective (e.g. from the Internet) and from an internal perspective to provide a comprehensive security testing on IT infrastructure (e.g. servers, databases, storage units, firewalls, routers, end point systems) and Web Applications.
As part of our VA assessment, we will also identify security architecture, design and configuration issues - a major source of recent breaches.
Our IT Infrastructure Vulnerability Assessment service will answer questions like:
Is the IT infrastructure as a whole (e.g. routers, firewalls, servers, databases, storage units) susceptible to cyber-attacks?
Can a malicious user access, modify, or destroy data or system?
Our Web Application Vulnerability Assessment will answer questions like:
Does the web site expose the underlying servers and software to attacks?
Can a malicious user access, modify, or destroy data or services within the system?
Once vulnerability assessment is completed, we will deliver you a report that describes vulnerabilities, ranked by risk and remediation actions that you need to undertake. Our reporting follows a standard format with two sections:
Executive report - A jargon and buzz-word free true executive-level summary with high level findings, root causes, and recommendations based on potential risk to your organisation
Technical report – Specific technical details of the assessment and raw data, targeted to technical staff.
Our VA engagement is performed remotely through our 24 x7 ISO27001 accredited Security Operation Centre (SOC) in Chennai, India. Security threat and risk analysis, recommendations and reporting are conducted in London, UK.
Our pricing model is simple, flexible and usage based. In simple words, we provide a subscription or Operational Expenditure (OPEX) based charges that covers,
Ad-hoc on-demand scan
Fully managed service with monthly or quarterly scan
Our charges are based on few key criteria’s:
Is it infrastructure scan and/or web application scan?
How many IP addresses (for infrastructure scan), and URLs (for web application scan) you want us to scan?
Is there a specific compliance requirement e.g. PCI DSS, HIPAA?
Is it external (internet facing) scan or internal scan? For internal scan, we charge a small one-off fees to set up IPSec VPN for remote connectivity, and to install scanner in your data centre.