Vulnerability Scanning
Having world class security software, hiring the best people and deploying the best policies and procedures to secure your business is great, but if you don’t regularly evaluate the effectiveness of those processes you have in place your security will not last long and will be less effective over time. In order to maintain a good security posture, businesses need to continuously assess and improve their security measures.
What is a Vulnerability Scanning?
A vulnerability assessment is a process that defines, identifies and classifies a wide range of vulnerabilities in an environment. This can be a combination of both manual and automated processes conducted by a technical engineer with an information security background.
Vulnerability scanning can be used as the first step to improving the security posture of an organisation. Therefore suitable for businesses that understand they already have weaknesses in their security systems and need help identifying and prioritising the remediation tasks. We will produce a detailed report on a prioritised list of vulnerabilities and how they can be fixed.
These scans are just a point-in-time snapshot of the environment in a constantly changing landscape where new vulnerabilities can arise. To ensure constant improvements to your organisation's security posture, these scans should be carried out regularly. Better-protected, lower-priority and less-at-risk parts of the environments may need less scanning. Sometimes only once or twice a year. Highly-vulnerable or high-priority systems should be scanned nearly continuously.
What We Offer
-
One off Vulnerability scans for your infrastructure and applications where we provide you with a detailed report on a prioritised list of vulnerabilities and how they can be fixed.
-
Subscription based Vulnerability scanning is a service that can run on an agreed schedule and can be done daily weekly or monthly. This process is highly recommended as it is more cost effective and helps you improve your company’s security posture.
-
Web application vulnerability monitoring is an offering that includes monitoring of your company’s web applications for vulnerabilities and evaluates how severe the potential impact would be should an attacker decide to exploit the system.
-
Vulnerability Management for Secure Software Development Life Cycle (SDLC) - Many organisations are extremely concerned about potential cyber attacks for their own organisations and their suppliers. As application development becomes more complex and incorporates more features than ever before, it is critical to make sure security testing is embedded in the security development life cycle. The appetite for faster release cycles has never been greater, but even if organisations rush to production, code needs to be secure before it is deployed. Vulnerability management programme will primarily address vulnerability scanning, penetration testing and developer training on secure coding to address the challenges & requirements of our clients.
As new vulnerabilities are announced regularly, Meta Defence Labs preferably offers these services are run on an agreed regular schedule. We recommend remediation steps and can even implement them for you if agreed, to address any new vulnerabilities discovered.
FREE SSL and cipher suite test
Call us for a FREE SSL and cipher suite test to identify the current level of security on your internet facing https services. We will send you a customised security report with our recommendations based on the results of the test.
Why should you run an SSL and cipher suite test against your web servers?
To answer this question we need to remember that the Internet as we know it today did not start like this. There were a few versions developed over the years of the hypertext transfer protocol or http as it’s more commonly known. On top of this https was developed which was supposed to be the secure encrypted version of http. But this also had many versions of something called Secure Sockets Layer, more commonly referred to as SSL. SSL in turn had many different ciphers introduced over the years.
The reason for all these iterations of HTTP and SSL is that there were many bugs discovered in the previous versions, additionally computing power has advanced so much over the years that what was top of the line encryption back then is now possible to crack in minutes on a common PC.
So we have all these previous versions of SSL that by default are still enabled on most of today's web servers for compatibility and ease of use reasons.
To answer the original question, we need to test what SSL versions and ciphers are allowed to run on our servers today, because if an old version has been left enabled, a hacker could use this to decrypt all your traffic running through that server.