Vulnerability Management
What Is Vulnerability Scanning?
If we imagine that your application or network device is a locked door, a vulnerability scan tries to identify all the known keyholes that exist on that door. The most crucial role for an IT security team involves comprehensive vulnerability management – assessing, mitigating, and reporting security weaknesses and cyber threats within the organisation’s portfolio of technical solutions.
Left undetected, vulnerabilities can theoretically be exploited to impact the confidentiality, integrity and/or availability of your corporate data or services.
Vulnerability scanning does not attempt to open the locks…that is what penetration testing does.
Introducing VIPER
VIPER is an acronym for Virtual Penetration Test and Report.
The VIPER solution is an innovative, automated and fully managed vulnerability scanning service.
The solution detects vulnerabilities within the network infrastructure and web applications on the day they are listed on the vulnerability database.
The solution allows you to scan what you want when you want and how you want. This includes daily scans against critical systems.
How Does VIPER Work?
VIPER uses multiple scripts to gather data, sorting and transforming it into information that can be easily understood and actioned.
VIPER deployment is simple, it can be deployed on-premise or hosted on our own servers at our secure head office location. If you prefer the cloud, then it can also be hosted in AWS.
How Does VIPER Detect Vulnerabilities?
The scope, the frequency and the report delivery mechanism are all agreed with you at the pre-implementation phase.
This means that VIPER runs at times determined by yourself, detecting services that are vulnerable, elements of web applications which are vulnerable and importantly, what the security implications are.
The scanning engines identify undocumented security vulnerabilities, SQL injections, vulnerabilities behind authentication, input sanitisation problems, SSL and encryption misconfigurations and many more types of vulnerability.
Once vulnerabilities are identified, they are then automatically cross checked for analysis and verification. False positives and false negatives are removed and the report is created and made available.
Once verified, the reports can be sent directly to the named individual via encrypted email or accessed through authenticating to a secure dashboard.
Once you access your report, it’s reassuring to know that you have the technical team of qualified testers available to support your remediation plans via our dedicated helpdesk.
Benefits Of Deploying VIPER
Innovative Functionality
VIPER is not only concerned with identifying vulnerabilities. It produces useful management information and tracks the time difference between a vulnerability being identified and a solution being applied.
Personalise, adapt and change the service in real-time. We call this the “Mean time to Resolution”.
Frequently Asked Questions
An automated vulnerability scanner can help form the foundation of a robust vulnerability management program. This is because using an automated vulnerability management solution is a proactive way to enable the identification and discovery of potential weaknesses.
Vulnerability scanning involves using applications that help teams create an inventory of all systems and devices connected to your organisation’s network.
A vulnerability scanner can also identify operating systems, patch levels, software versions, and other details relevant to security management for each inventory asset within scope.
Left undetected, vulnerabilities can theoretically be exploited to impact the Confidentiality, Integrity and/or Availability of your corporate data or services.
30-day evaluations are available.
Each evaluation takes about 30 minutes to deploy and the results start immediately.
If you’d like to find out more, please contact your account manager
Please complete the form below to find out more.
What Our Clients Say
“CyberWhite have been a pleasure to deal with by repeatedly demonstrating their professionalism and technical knowledge throughout the procurement process and execution of our project. From initially exploring our goals to a consultant working with us on-site and remotely, we’ve enjoyed a positive experience that has ultimately benefited our organisation and helped to improve our Cyber Security posture.”
“I would like to say a thousand “thank you’s” to CyberWhite after rescuing us from the commercial disaster we faced after being subjected to a very sophisticated fraud. Without the timely involvement and expertise from CyberWhite, we would undoubtedly have faced catastrophic consequences including a significant financial loss and possibly a forced closure of the business. We will always remember the kindness and professional approach taken by the CyberWhite team. They were able to successfully recover the critical data which was the life blood of our business. This expertise has allowed us to continue trading and provided us with the additional benefits of ensuring that we are more cyber risk aware and we now have a security partner to support us.”
“As an Operator of Essential Services, PX Group comply with advice provided by recognised security bodies such as NCSC. The advice is relevant to all organisations who provide infrastructure or support to the UK’s critical national infrastructure. PX Group engaged CyberWhite to undertake Third Party Security Audits (aligned to ISO28000:2007) against key suppliers who had access to information assets within the PX Group domain. CyberWhite created a comprehensive audit document set and supported this with interviews and visits in order to validate responses. The output from CyberWhite was comprehensive and provided security assurance to PX Groups stakeholders and interested parties that the key suppliers had a focus on security and understood and could demonstrate best practices in relation to the handling of PX Groups information assets. This process has been invaluable in validating what we believed and providing a platform from which we will continue to assess, review and benchmark all parties in our information supply chain.”
