Robust cyber security is universally accepted to be good business practice. Vulnerability assessment is listed by the globally renowned Center for Internet Security (CIS) as one of the 18 technical controls to help keep your IT systems secure. That’s because it will help you to identify and rectify weaknesses before they can be exploited.
Ascentor’s Managed Vulnerability Assessment Service schedules, plans and manages monthly or quarterly scanning and reporting on an agreed set of systems. We use industry best practice tools to run the scans, then interpret and share the results in a report with recommended actions to mitigate vulnerabilities.
This service will give you, your customers and partners the evidence and peace of mind that you have taken an additional step to de-risk your cyber threat to an acceptable level.
A regular independent vulnerability assessment will improve your cyber security standing and add to your evidence bank to show you are a responsible supply chain member.
As well as best practice, the need for cyber security throughout every supply chain is becoming mandated – a weak link can affect the security of the whole chain. Members of the UK or US Government supply chains are coming under increasing pressure to prove they are taking appropriate, consistent and responsible cyber security action.
Cyber Essentials certification is already a minimum requirement to do business with the UK Government. In addition, the UK MoD assesses risk for every contract using its Cyber Security Model and requires its suppliers to self-assess their compliance to the requisite level. Commissioning a vulnerability assessment regime will assist in the identification of missing, critical security updates, which must be applied within 14 days of release – see Changes to Cyber Essentials requirements – April 2021 update – Iasme, for more information.
We are now seeing a move to more stringent measures, with the US Department of Defence introducing a Cybersecurity Maturity Model Certificate involving an external audit. Non-compliance carries the threat of removal from the supply chain – the consequences of such an outcome are unthinkable for most businesses.
Before subscribing to the Managed Vulnerability Assessment service, we understand your overall infrastructure and communications environment and determine whether a monthly or quarterly cycle is most suitable. We also agree the internal and Internet-facing IT systems (up to 50 IP addresses) that are in scope. We then plan, scan and report based on the agreed cycle.
Armed with the scanning range and frequency, we will schedule the service. Prior to each scan, our service desk will contact you to confirm a scan is scheduled to take place and that the scanning range is acceptable. This step allows us to adjust the scanning range to cater for activities that may require certain IT systems to be excluded.
Our cyber experts will perform the scan on the agreed IT systems on the scheduled date and time. They will then review, analyse and interpret the results. This can be complex if you do not have the relevant technical knowledge.
We will compile a report comprising:
- An Executive Summary outlining new and extant vulnerabilities
- Our view of the potential impact to your business of these vulnerabilities
- A detailed list of identified vulnerabilities and potential mitigation actions
The report will be delivered electronically, and the service includes a conference call for clarification questions and answers.
The Managed Vulnerability Assessment Service is sold as an annual subscription with automatic renewal. The service is payable monthly in advance and can be cancelled with a minimum of four weeks’ notice in advance of the annual anniversary.
Full service Subscription fees are:
- Monthly service: £6,000 per annum plus VAT
- Quarterly service: £3,500 per annum plus VAT
Subscription fees for the introductory pilot are:
- Monthly service: £750 for 3 months plus VAT
- Quarterly service: £500 for 6 months plus VAT
Transition to the full service pricing model, to be discussed, upon completion of the Pilot.
Want to know more about vulnerability assessments and their role in cyber attack resilience? Our blog explains what they are, why you need one and why your customers increasingly expect it. We also cover how a vulnerability assessment differs from penetration testing and discuss the frequency they should be run.