MySecurityScanner is a cloud-based vulnerability assessment service that focuses on three major attack vectors to help organizations maintain their security posture:
- Network and Infrastructure Vulnerability Assessments
- Web Application Vulnerability Assessments
- Security Awareness Assessments
In today's connected world, many organizations are finding new ways to extend the accessibility of their products, services, and business processes, by leveraging the Internet and cloud services to reach their customers, employees, and partners. This global access has revolutionized the way organizations conduct business, in that many organizations have based their entire business model on this accessibility and are realizing significant benefits from this global connectivity. However, this accessibility has increased attacks on sensitive systems and information exposed to the Internet, impacting company profits, customer confidence, and brand name. Attackers look for vulnerabilities and focus their attacks based on one or more of the three attack vectors available to them:
- External networks or infrastructure
- Internet applications (web and mobile)
- Users (via email and social networks)
Organizations have discovered significant value in performing comprehensive penetration testing of their information systems, web applications, facilities, and employees, as well as business policies, processes and procedures, to identify vulnerabilities and make corrections before attackers discover them. These tests provide an assessment during a point in time, typically on an annual basis, and are usually very comprehensive, nevertheless, they also can be invasive, time consuming, and expensive. However, any changes made to the environment, such as new applications, system upgrades, application enhancements, process changes, bug fixes, and patches, can introduce new vulnerabilities, or re-introduce old vulnerabilities, which may not be identified until the next penetration test. The risk increases over time based on the number of changes made to the environment, policies or procedures, which increases the chance for introducing new vulnerabilities that may go undiscovered for many months, providing attackers ample time for exploitation.
Attackers also know that not all vulnerabilities are technical. It has been said that humans are the weakest link when it comes to securing an organization. Attackers realize this and exploit weaknesses in human behavior by convincing employees to click on malicious links or to divulge sensitive information. To assess these weaknesses, many organizations are including social engineering as part of their periodic penetration testing. This type of testing helps identify lack of user awareness with good security practices, as well as gaps or lack of understanding with security policies and procedures. Most organizations address these weaknesses by requiring employees to complete privacy and security training each year. However, over time, organizations may change their operating procedures, new methods for social engineering are discovered, and employee awareness of security policies and practices decreases. All of these can degrade the overall security posture of an organization.
Secure Ideas recognized the challenges that organizations face with maintaining a strong security posture, identifying weaknesses, and remediating vulnerabilities in a timely manner. In response to this, Secure Ideas created MySecurityScanner. This service provides ongoing vulnerability assessments to increase the visibility of an organization's security posture between periodic comprehensive penetration tests. While these vulnerability assessments do not replace full-scale penetration testing, they do provide organizations with an "early warning system" that identifies new vulnerabilities introduced into their environment due to changes and enhancements. Secure Ideas leverages many years of experience in performing penetration testing, using automated tools, scripting, and manual testing techniques, all of which have been combined into an efficient and repeatable process for performing effective, yet affordable, vulnerability assessments. The result is a series of services wrapped around automation and manual assessment methodologies provided under the MySecurityScanner brand name.
As a subscription-based service, assessments can be scheduled and performed weekly, monthly, quarterly, or as needed, based on a frequency that aligns with the frequency of changes introduced to the organization. As a cloud-based service, MySecurityScanner is able to scale along with the demands and growth of an organization. Reports are provided shortly after testing is completed, providing organizations with timely results of the assessments, allowing for quick action to resolve identified vulnerabilities. The MySecurityScanner service compliments comprehensive penetration testing, as well as existing security monitoring solutions, by providing organizations with continuous monitoring of those areas within their environment that are exposed to potential external attacks.
For more information on how MySecurityScanner can help your organization, we invite you to explore each type of assessment using the menu items at the top of the page. Feel free to contact us to setup an appointment with one of our experienced security consultants to discuss how Secure Ideas can best assist your organization.
Start your subscription today.