Bring solid security to your infrastructure through vulnerability scanning with confidence
Gain complete visibility of your attack surface, including assets, services, and applications. Identify critical vulnerabilities exploitable by threat actors. Managed Vulnerability Scanning enables organisations to identify the issues, misconfigurations and weaknesses that are most likely to result in a breach, with our experienced security analysts and engineers in the Brightsolid SOC, adding business and risk context to help prioritise and remediate the most urgent and critical issues.
Achieve complete visibility into your critical infrastructure.
We assess and assign value to your assets and infrastructure, based on their usage, role and importance and undertake vulnerability scanning exercises on your infrastructure. If vulnerabilities are identified, it helps us deliver important insights into business-critical areas that helps to prioritise and remediate the most urgent vulnerabilities.
Detect the gaps and identify the weaknesses.
We scan your infrastructure to identify vulnerabilities derive from asset loss, exposing weaknesses exploited by threat actors. We highlight outdated systems, exploitable web applications and remote access services. Our scans will cover new applications, systems and software to uncover potential vulnerabilities.
Prioritise vulnerabilities for immediate remediation.
Vulnerability scanning often surfaces a high volume of vulnerabilities that require remediation. We condense findings into meaningful groups, articulating identified gaps and prioritising remediation efforts based on our initial assessment of your critical infrastructure and processes. We leverage the Common Vulnerability Scoring System Calculator version 3 (CVSSv3) to provide critical business threat, exploitation and risk context for critical or high-severity vulnerabilities.
Remediate and reduce the risks to your organisation.
Gain critical insights through a secure portal, accessing insights around vulnerabilities that have been identified. Within the portal, access comprehensive custom reports and dashboards on identified and remediated risks and vulnerabilities to help plan remediation efforts and to provide insight on common trends, targeted vulnerabilities and industry-specific risks.
Your questions, answered…
How often are vulnerability scanning exercises conducted?
Vulnerability scanning can be conducted weekly, quarterly or monthly, depending on your requirements.
What types of vulnerabilities will be covered in the scanning service?
We partner with Tenable, who provide coverage for more than 76,000 vulnerabilities and has the industry’s most extensive CVE and security configuration support to help you understand all of your exposures.
How will vulnerabilities be prioritised and reported on?
Brightsolid SOC will condense findings into meaningful groups, articulating identified gaps and prioritising remediation based on the risk to your organisation. Our focus is on critical or high-severity vulnerabilities, leveraging the Common Vulnerability Scoring System Calculator version 3 (CVSSv3) for risk context. These PDF reports will be securely shared with key stakeholders within your organisation, as well as access to critical reports and dashboards that highlight the vulnerabilities identified and the risk to your organisation.
Is the vulnerability scanning service capable of scanning both on-premises and cloud environments?
Brightsolid will scan your infrastructure to identify and expose vulnerabilities that are derived from our asset lists, whether they be on-premises or in the cloud. Brightsolid will identify and expose common vulnerabilities that are surfaced by typical threat actors, identify outdated and unsupported systems and services, web applications and identify new applications, systems and software and scan for potential vulnerabilities.
What measures are in place to ensure the confidentiality and security of our data during the scanning process?
Data within Tenable is encrypted in transit and storage using TLS Encryption ciphers and AES-256. Encryption is applied to various application infrastructure layers with highly restricted access to securely stored encryption keys. Moreover, there are comprehensive network and access controls in place, with network controls such as container isolation, inbound/internal traffic restrictions and data access controls such as SAML, two-factor authentication and account lockout after 5 failed login attempts.
Vulnerability scanning can be conducted weekly, quarterly or monthly, depending on your requirements.
We partner with Tenable, who provide coverage for more than 76,000 vulnerabilities and has the industry’s most extensive CVE and security configuration support to help you understand all of your exposures.
Brightsolid SOC will condense findings into meaningful groups, articulating identified gaps and prioritising remediation based on the risk to your organisation. Our focus is on critical or high-severity vulnerabilities, leveraging the Common Vulnerability Scoring System Calculator version 3 (CVSSv3) for risk context. These PDF reports will be securely shared with key stakeholders within your organisation, as well as access to critical reports and dashboards that highlight the vulnerabilities identified and the risk to your organisation.
Brightsolid will scan your infrastructure to identify and expose vulnerabilities that are derived from our asset lists, whether they be on-premises or in the cloud. Brightsolid will identify and expose common vulnerabilities that are surfaced by typical threat actors, identify outdated and unsupported systems and services, web applications and identify new applications, systems and software and scan for potential vulnerabilities.
Data within Tenable is encrypted in transit and storage using TLS Encryption ciphers and AES-256. Encryption is applied to various application infrastructure layers with highly restricted access to securely stored encryption keys. Moreover, there are comprehensive network and access controls in place, with network controls such as container isolation, inbound/internal traffic restrictions and data access controls such as SAML, two-factor authentication and account lockout after 5 failed login attempts.