Vulnerability Assessment

Know what you don’t know, secure your business, secure your future, protect your brand!

How well do you know your environment?

Networks today are complex and generally boundaryless. Your business runs and relies on technology, from customer communications through to logistics, supply and production, technology acts as the veins which transport your business’s life through to its customers. With miniaturization, consumerization and the exposition of internet connected devices knowing what you don’t know got just that bit harder. How many devices does your business think it has? How many nodes should be on your network? Are they running a secure configuration and are they patched against the latest threats? Are we in compliance with regulated standards such as PCI DSS or other standards such as Cyber Essentials?

If your starting to get the feeling that you should know these answers, then we are here for you! Our technology asset discovery and vulnerability assessment services are designed to answer exactly those questions!

PCI DSS Compliance – “Run internal and external network vulnerability scans at least quarterly and after any significant change in the network.”

PCI DSS Standards

A no nonsense approach

Our vulnerability assessment services take a direct and pragmatic approach to understanding your environment and highlighting key risks and outlining a sensible prioritized remediation strategy to help you manage cyber security risks to your business.

We combine tool-based discovery with expert human analysis to identify your network assets, dive deep to find security weaknesses and report back in a humanly consumable manner. You won’t hear any jargon like ‘military grade encryption’ or ‘next generation A.I’ from us. Just simple facts, business context and easy to follow remedial guidance. After all, our job is to help protect you, it’s even in our name (pwnDefend!)

Assessment Method

Our method is simple, yet effective. We won’t bore you with every detail but here’ a quick summary:

  • Plan
  • Discover
  • Analyze
  • Report

During the planning phase we work with you to understand your challenges, your technology deployments and the scope of service. We work out details for scope (internal/external or both) and access (that’s usually remote VPN) so we can deploy our team (assisted by some top-notch tools) to discover your environment and we agree dates and sign the authorization forms (we use digital signatures so it’s straight forward). Once we are locked in we hand over to the technical phases!

The discovery phase is where we get into your network, probe for services and weaknesses using authenticated and unauthenticated scans. We also dump metadata from additional sources such as Active Directory, Azure/Office365 and endpoints.

Once or robots have done their thing (supervised by a human of course) we then take all the data and compile this into a report and contextualize the threats, risks and create a remedial plan.

Now the final phase is where the interesting part is, we conduct a remote video conference to walk you through the findings, but most importantly we work with you to contextualize the risks and outline a roadmap for remediation.

Security shouldn’t break the bank

We spent a while doing market research, the costs we found in the industry were varied and complex. So, with our mission of helping improve technology security for the world we decided to make the commercial part simple! Per internal assessment we charge £22 per IP address scanned.

To give you an idea of this let’s show an example. A 25-employee company has a simple internal network which includes staff and guest wireless access. Our vulnerability assessment completed over a two-day period and there were 86 IP addresses discovered. That worked out as £1,892.00 + VAT. So, in short, per internal assessment, per IP it’s £22 + VAT for a remote assessment.

External scans for customers who require PCI DSS ASV Scanning require a subscription service. Pricing for this is available upon request.

Benefit Summary

We believe that this service not only provides great technical value but also helps your business keep on top of managing security. We see some of the benefits as follows:

  • Discovery what’s in your network with a clear and simple report
  • Understand your risk profile from an internal and/or external perspective
  • Finding gaps in your security configuration or patch management processes
  • Assists with compliance effort (it counts towards the PCI DSS requirement 11)
  • Simple pricing model which scales with your business
  • You receive a technical report but also an executive briefing in a clear and simple jargon free manner

Spend more time doing business and less time worrying about cyber security

In today’s world security isn’t a second-class citizen, your customers demand both security and data privacy. The law requires it and quite frankly, your business doesn’t need the loss of availability, confidentiality or integrity when its busy deliver value to its customers. There’s no silver bullet in cyber security but as NCSC and NIST show, the first step on the journey is to identify where you are, this service is designed to do exactly that with regards to your network

We detect, we protect, we care!

At PwnDefend our mission is to improve cyber security for the world through sharing of knowledge, education and through delivery of services to protect and enable our customers. Whilst our technical capability is second to none, the part that makes us unique is that we care. We take pride in the work we do, so our customers can operate safe in the knowledge that they are on the right track. If this assessment service or cyber security services in general are of interest to you, please don’t hesitate to contact the team and we’ll be glad to be getting you on your journey to a more secure future!

Call Now!