What is Vulnerability scanning?
It’s a way of looking at your devices/networks from the perspective of identifying known vulnerabilities. The combination of a vulnerability and a threat creates a risk, i.e. the threat may exploit the vulnerability.
Do I need vulnerability scanning, what does it do for me?
Would you leave the front door of your business open after you go home for the night? No. Only by closing and locking all the doors and windows, and giving them a push/pull will you be confident (assured) that the business is locked down. You might install an alarm for extra assurance, but what about the access you can’t see.
Internet and WiFi connections that your business uses or your website can provide a high level of access to information that you need to protect. Only by locking and closing doors in the digital/Cyber sense can you be assured that access is denied to those who should not have access.
Under GDPR and good business risk management testing that you don’t have any known vulnerabilities (open windows/easily picked locks) is required as you have an obligation to protect personal information that you hold be it customer or employee.
It makes good sense to protect your business from malicious types who may just want to damage your hard earned reputation or gain competitive advantage.
Having your systems tested frequently meets the requirement for Data Protection, may be required for cyber insurance. Over and above that it reduces the business risk, stops your business being the low hanging fruit hackers just love.
Our ethos is that security must support your business, and be relative to the real risk, so we won’t be suggesting that you spend a fortune to defend against a foreign state, or suggest that everything needs to be replaced. No, we don’t sell hardware or software so there is no up-sell from us, we will suggest practical steps that are effective and offer the best bang for your buck!
What happens during a vulnerability scan?
That depends, you can choice to have just your website, your external office internet connection, email, telephone, or all the devices in your business, or maybe you want to see just how far your WiFi goes (along way sometimes).
The tester will agree with you what is called the scope of test, this defines what, when and how the items you have decided will be tested. You can dictate what an how or we can work with you to guide you what’s important and what’s not.
At this stage you will discuss things that must not be tested, and if all hell breaks loose what happens. We need authorisation* to do any testing which may mean you will have to approach your web host to let them know that your site is going to be tested. They should be OK with this, if not it’s important you find out why, is it because they know that they have known vulnerabilities!
Once the scope has been sorted and authorisation is in place work will begin, this could take an hour or weeks, it’s best not to rush into these things so you get can get the best results.
*we will not scan devices, equipment and networks without authoritative permission as to do so would contravene the Computer Misuse Act 1990.
What do I get once the vulnerability scan has been finished?
The result of a vulnerability scan is hundreds of pages of gobbledygook! Some providers will give you this and that’s it, others like us will filter it so that the important details are brought to your attention i.e. the non important stuff is put to one side.
You still will get the gobbledygook as it’s yours, but in addition we will provide you a report that should be readable by a non-techy in the form of a executive summary, this is supported by the technical report, using this you can seek support from an external IT support provider or your own.
If all you really want is the gobbledygook we can provide just that.
You want to know your systems are as secure as possible, don’t you?
Nothing is ever 100% secure but it can have various levels of unsecuredness! In business you are accountable and responsible (think due care, due diligence) so it makes sense to reduce the risk, and protect what you have worked hard to achieve.
Services:
- Internal device scanning
- External IP address testing
- Foot-printing – determine what information is in the public domain about the business its projects or staff/directors
- Gain access – how easy can a stranger gain access to a secured area or site?
- Phishing test – email or voice lures
- Social Engineering – What information or access can a stranger get just from speaking or engaging with staff
Weekly, Monthly, Bi-Monthly, Quarterly, Bi-annually, yearly testing also available
Now what?
If you would like a scan or a conversation, email us at scan@aggress.co.uk or click the button below, include as much detail as you think is relevant and we will get in contact with you.