Vulnerability scan with professional evaluation and recommendations for action

Your IT from an attacker's perspective.

Know what's going on and prevent it in time.

Are we vulnerable via the internet?

To answer this question, you can perform IP-based vulnerability scans. The aim is to examine your IT infrastructure or your websites over the internet for known security vulnerabilities. To do this, the systems are scanned and it is checked whether the vulnerabilities found are exploitable. Even though automated scans cannot replace a manual penetration test, they already provide valuable insights into the security of the systems under test.

The issue:
You need to perform regular network scans e.g. because an end customer demands it or because you need evidence of security tests for your ISMS or for your compliance. Or you need support in evaluating the scan results or selecting remedial actions.

The solution:
Use my scanning service. The security tests are prepared and carried out individually for your infrastructure. The results are evaluated by me and communicated to you with recommendations for action to close security gaps and mitigate risks. The regular repetition of vulnerability scans ensures that no dangerous new gaps emerge and remain under your radar.

Approach

Vulnerability scans are carried out with the help of current scanning software: OpenVAS (Open Vulnerability Assessment Scanner). The scanner runs on my own secure and data protection compliant infrastructure. Of course, the service is properly contractually secured in advance.

Individual preparation
In order to achieve the most effective and realistic identification of security problems and to avoid disrupting the normal operation of your systems during scanning, the scans are carefully planned and coordinated in advance. This includes coordination with all parties involved, such as IT managers and support staff, as well as fine-tuning the scans on the target systems and the respective networks. This service is billed via a one-time setup fee. The actual scans are then charged monthly at a fixed price.

Prepared results and recommendations for action for you
Vulnerability scans provide a large amount of technical information and often false positives. Therefore, a manual verification of the found vulnerabilities is essential for the assessment of the actual threat situation of the examined systems. The assessment of the threat potential, as well as valuable information on necessary countermeasures, are an integral part of the reporting. This service is included in the monthly fee.

Automatic scan repetition
To ensure that you maintain the level of security you have achieved, you should have your systems scanned regularly, because new security vulnerabilities and attack vectors are discovered every day. Together we plan sensible intervals for the automatic scans. Common intervals are weekly or monthly scans. If new vulnerabilities are found that were not yet assessed in earlier scans, these are communicated to you separately, again with an assessment of the risk and with instructions for countermeasures. In this way, we keep an Argus eye on your systems over time. This service is also included in the monthly fee.

Automated compliance scans
If desired, a special scan configuration can be selected during setup. This is useful, for example, if you need to check and prove the compliance of system settings on the network.
Examples of such compliance scans are:
• Regular firewall and network tests for PCI-DSS compliance (Payment Card Industry Data Security Standard)
• BSI IT-Grundschutz scans
• Individually configured compliance checks, e.g. checking compliance with baseline security policies of an ISO27001-certified IT environment

Intended audience, requirements and prices

Your benefits

• Individually designed port scans on TCP/IP basis
• Scanner configuration as well as scan depth and aggressiveness of the scans can be freely selected
• Regular repetitions
• Professional evaluation and reporting with recommendations for action
• Proof of independent security audits (e.g. for ISMS according to ISO27001)
• Secured and data protection-compliant infrastructure

Further information

Would you like a non-binding initial meeting or a personal consultation?
A simple request is all it takes!
Call me: 06423 963 410 or write to: info(at)vangestel.de