Risk management is a daily challenge.
Penetration Testing is a key element of risk management, but as infrastructure, configuration & applications change and new vulnerabilities are discovered, you could be exposed the very next day.
Combining the latest scanning technologies and expert advice, our continuous security monitoring service, Minerva, is designed to significantly reduce the risk of an external breach and provide peace of mind that your networks and applications are being monitored on an ongoing basis.
As part of a fully managed service, our specialist team continuously deploy powerful infrastructure and application vulnerability scanning tools across your network. You are allocated a Technical Account Manager who provides analysis, verification, alerting, reporting and advisory services – notifying you quickly of any new changes and new infrastructure/application vulnerabilities.
All results are verified by your account manager ensuring that you are only alerted where a potential issue exists.
Minerva also assists with planning for PCI ASV scanning compliance, providing forewarning of changes that may affect your PCI compliance status. This allows you to quickly identify where there might be the prospect of a non compliant scan, helping to reduce the likelihood of any unwanted surprises that might otherwise fail your ASV scan.
The Benefits of Minerva
- An improved security posture: Whilst Penetration Testing is necessary to give you an in-depth understanding of your weaknesses, we are also able to notify you of new vulnerabilities on a much more frequent basis
- A vital part of your change control process: If new hosts are added to your network or network configuration is changed, we will alert you meaning that changes will not happen under the radar
- Less hassle: If you are currently running vulnerability assessment tools yourself, then you will probably understand the time and effort that you have to devote to a repetitive task. As we provide this as a managed service we can remove that onerous activity freeing you to focus on higher-value activity... No more wading through false positives!
- Less cost: As the service is provided by our dedicated monitoring team we are able to provide it in a cost effective manner – and in many cases for less cost than if you carry out the task yourselves
- Latest technology: We continually evaluate the tools on the Vulnerability Assessment market and ensure that we are using the most appropriate and most effective technologies to scan your networks and your applications.
How the service works
- We will agree with you the scope of the service to be provided, defining: The range of IP addresses and applications to be monitored; the frequency of scanning; and the notification action to be taken
- We will carry out “baseline” scanning, tailoring the vulnerability monitoring toolset to your specific requirements, including identifying and tuning out false positives
- The ongoing service will include regular scanning depending on your requirements. Typically we would recommend the following frequency of scanning although this will be tailored to suit you:
- Daily Delta Scanning of your external facing network to identify changes
- Immediate rescanning of new hosts
- Weekly vulnerability assessment, in depth vulnerability scanning of all live IP addresses
- Quarterly scanning of web applications
- Quarterly re-setting of acceptable baseline security
- Optional PCI ASV report generation to DSS standards
- You will be allocated a Technical Account Manager who will assist you with all aspects of our service, including, proactive alerting to pre-defined communication levels; contract and service level management; on tap expertise – advice on remediation.
- We will provide alerts to agreed standards based on vulnerability severity and relevance to your network and infrastructure, combined with our knowledge and expertise of known vulnerability exploits.
Call +44 (0)161 209 5491 today for more information.