Managed VAS
Knowing the risks
Did you know? 999 out of 1,000 vulnerabilities exploited for attacks were known for more than a year!* Outsmart hackers and plug the holes in your IT infrastructure before they cause damage. We can help: with vulnerability scans and IT security experts who will put an end to the security holes in your company.
* Verizon Data Breach Investigation Report, NTT Global Threat Intelligence Report
What is Vulnerability Management?
Vulnerability management is an essential building block for IT security in companies. In essence, it is about checking IT systems for their vulnerability, i.e. quickly identifying risks from attacks as well as (unintentional) changes. Vulnerability management is an ongoing process in which the predefined systems are regularly checked. As a rule, this is done via a tool, the vulnerability scanner, which continuously keeps an eye on the IT systems. In the next step, the identified vulnerabilities must be assessed and, above all, the critical ones must be remedied immediately.
Hackers are clever!
Keeping track of current releases, missed updates and patches and thus of important vulnerabilities is a real challenge for many IT departments. In principle, modern vulnerability scanners can also be operated in-house, but in most companies this effort is no longer manageable in terms of personnel and time. In addition, dealing with the identified gaps requires a very high level of cyber security expertise in order to derive the right priorities and measures from them. As a result, things are often left undone in in-house operations. Cyber criminals take advantage of this to penetrate the innermost parts of companies through these unclosed security gaps. Dangerous vulnerabilities can be detected in good time through the automatic, continuous vulnerability scan and correctly classified and remediated with the help of our cyber security experts.
- More security through automation and expertise: You reduce the attack surface and close security gaps in your company.
- You get an overview of the existing vulnerabilities in your network.
- In the event of an incident (identification of a critical vulnerability), you will be alerted immediately.
- You will immediately learn what needs to be done to close the vulnerabilities.
- Scans are customised to your exact requirements.
- It becomes easier for you to fulfil compliance guidelines (e.g. BSIG, DSGVO, BSDG, SOX), e.g. through reports suitable for management and auditors.
"We're patching - that's enough, isn't it?"
Quite clearly: no! Patch management is about the need to apply updates to systems to bring them up to the latest security level. This should be part of the standard routine in every company. Vulnerability management, however, goes beyond this: it not only checks whether the patches have been applied, but also whether there are any misconfigurations. These can lead to even the current software version having vulnerabilities. In addition, a vulnerability scan can also check a company's password policy and reveal, for example, standard access data that have not yet been changed as intended.
Automatic IT vulnerability analysis
Our Vulnerability Assessment Service keeps vulnerabilities in your infrastructure under control. The security status in the versions of the operating systems and applications used is regularly checked by a vulnerability scanner. The frequency for this and which of your system groups are scanned and when is determined in a joint workshop on a customer-specific basis. This "Scheduled Scanning Task" then runs automatically, taking into account, among other things, daily updated CVEs (Common Vulnerabilities & Exposures = vulnerability information), so that the scans can also immediately identify the latest cyber risks.
Typical vulnerabilities are e.g.:
- configuration deficiencies in software, services or protocols
- Insecure or outdated protocols (e.g. FTP, HTTP, Telnet)
- Errors in protocol parameterisation (e.g. SSL and TLS protocol family)
- Outdated versions of operating systems and software
- End-of-life software (EoL) for which security updates are no longer available
Interpret security vulnerabilities correctly
Identifying vulnerabilities - and then? Our support does not stop at the identification of vulnerabilities. Take advantage of the experience of our cyber security experts: they classify the risks uncovered by the vulnerability scanner in the context of your IT systems and assess the possible actual impact. All relevant information goes to your IT administrators with the corresponding recommendations for action.
Operation in the SOC
Prior to implementation, we conduct workshops together with you on the detailed planning and configuration of the vulnerability scanner (scan groups, scan policies, schedules, scan frequency, etc.). We operate the entire vulnerability management for you from our Security Operations Center (SOC).