Vulnerabililty Assessment (VA)

Netscylla are well versed and practiced in numerous Vulnerability Assessment (VA) platforms. Where you require testing as a one-of-assessment, or regular VA scanning for PCI-DSS compliance. We can help!

Why would VA help my organisation?
VA is an automated process of network reconnaissance, service enumeration and versioning. The VA application then cross references these applications with its internal database of known vulnerabilities. This is particular useful in identifying vulnerable services and applications that could be exploited by an attacker.

Regulatory purposes
There are several regulatory reasons for performing vulnerability assessments, but the top-most common reasons within Great Britain are:

• Cyber Essentials (CE)
• Cyber Essentials Plus (CE+)
• Payment Card Industry Data Security Standard (PCI-DSS)

These regulatory scans can become quite an expense for a small (or start-up) business: Cyber Essentials is a requirement for companies that wish to engage on contracts of work with the public sector, the scheme requires a minimum of yearly scans. But they do advise that quarterly scans are prefered; PCI-DSS is the regulatory scheme behind securing card payment systems, any online retailer that processes debit or credit are required to perform at a minimum quartly infrastructure and application scans and an annual penetration test.

Netscylla can help provide vulnerability assessments to your organisation or business, so that you can get early awareness of any software vulnerabilities or mis-configurations that may effect your certification. We can provide advice on dealing with false-positives, and help kick-start your certification.

Reporting
Sometimes these VA platforms don't have a great and fully featured reporting system, and it can be struggle re-writing reports and re-formating data tables in-order to present something meaningful to the board. We can help translate the VA assessment findings into a report that your CEO or board members can easily understand and follow, this can possibly benefit you through justifying the purchase of additional VA appliances for hard to reach places (depending on your network complexity or overseas offices), or even employing additional staff to help drive your Vulnerability Management Program.

VA Managed Service

If you have not currently got a vulnerability managed service; no problem, we can simply configure an appropriate service for you; set up scanning policies and audit files that can either on demand or through scheduled tasks, report on the current vulnerability and threats that may impact your IT infrastructure.

Self Managed VA Service

You may already have an on-site program, or wish to develop/update your existing VA platform. This is not a problem, we can visit your offices, assess your current platforms, perform a GAP assessment, and make recommendations for you or your team to follow up. If you wish, we could update your policies and audit files for you.