Cyber Strategies is a certification body for Cyber Essentials Plus and during our testing we see a lot of issues. In fact, when we test for vulnerabilities, we find vulnerabilities that clients did not know were there. The most alarming fact is that we find issues every year in every clients’ system.
Why do you need Vulnerability Monitoring?
Some of the vulnerabilities have not been present for long but many have been waiting for cyber criminals to exploit for weeks and even months. We report the issues we find on annual basis and the feedback we receive from clients is that they want to know about these vulnerabilities when they evolve and not once a year – this is why we offer this service.
What are vulnerabilities?
There are many different types of vulnerabilities although there is a common thread, namely, the potential to allow cyber criminals to exploit weaknesses in software installed. The nature of an exploit varies from readily exploitable to theoretically exploitable, and as such the vulnerabilities are all scored as a way of demonstrating the potential risk.
A successful exploit can render systems inoperable; allow attackers to gain control over systems; and allow manipulation of data, to name just a few of the worse outcomes.
We use vulnerability assessment software as part of the security testing process and this software is the foundation to our new software. In essence, instead of testing a sample of systems once a year, we can now test all systems on a 24/7/365 basis. The software we use is a Cloud based accredited vulnerability assessment software hosted by Qualys.
We are offering this service to our existing clients and many have already seen the types of reports that can be produced. The vulnerability reports draw upon information each agent has delivered to the platform.
The service is priced either as a i) One-month Vulnerability Assessment or ii) Regular Vulnerability Monitoring as noted in the table below.
The One-month assessment options allows reports to be provided daily for up to a calendar month and the charge is invoiced upon commencement.
The Regular monitoring reports are sent depending upon the frequency selected, the charges are invoiced quarterly in advance.
The rates vary depending upon the number of systems connected and the frequency of reporting as follows: -