VULNERABILITY MANAGEMENT SERVICE
EthicalHat’s customisable Vulnerability Management Service helps you identify, evaluate, and prioritize the vulnerabilities in your IT environment.
We use top-of-the-line scanning software from Rapid7, SAINT, Qualys and Tenable to run periodic vulnerability scans on your systems. While we recommend weekly or monthly scans to reduce exposure time between scans, the frequency of scans varies based on your particular risk environment and the service plan you opt for. After the scanning process, our team classifies the vulnerabilities detected into low, moderate, and high severity categories and creates a vulnerability tracking page to help you draw up a remediation plan. Remediation measures may include applying appropriate patches, making configuration changes, restricting network access where needed, and accepting the risk where remediation is not feasible.
We conduct periodic meetings with your IT and business teams to go over your risk profile and important threat vectors, and the measures you can take to mitigate risk. Our security team also helps you prepare a risk acceptance document for vulnerabilities that cannot be remediated and require compensating controls until complete remediation such as application or system upgrade becomes possible. These may also include vulnerabilities that are not relevant to your specific business needs.
If you need help with implementing remediation measures, you can opt for our Patch Management Service that covers both patch implementation and any configuration changes needed to harden your security posture.
PLANNING & DEFINING
The Scope of Vulnerability Management
Run the Scan on Selected Systems
Of The Vulnerabilities that are Detected
DOCUMENTATION & REPORTING
At the end of each step, our team will prepare a report that you can share with your business team and stakeholders to help them understand your risk exposure and remediation steps. You will receive:
- A vulnerability management scope document,
- A vulnerability summary and classification report,
- A remediation plan with a list of recommendations for vulnerability remediation and mitigation, and
- A risk acceptance statement, if needed
In addition to Vulnerability Management, we offer Patch Management, Web Application Scanning, PCI Scanning, and Policy Compliance services.