first*defense® Vulnerability Scanning
first*defense® "white glove" vulnerability scanning service was designed to stand apart from "hit the button and get a report" scan services. The service is aimed at organizations desiring to outsource the regular maintenance, configuration, and labor around producing useful scan results. Clients without the personnel to run scan engines, with higher priorities than sifting through large reports for false positives, with complex security needs, or who already require significant report review time for risk mitigation will all find the service a significant step up. It is a "white glove" service for those with other priorities.
The technology we use to provide the service is Rapid7's Nexpose, on our first*defense managed services platform. We have chosen to use Nexpose on our own MSSP platform because Nexpose provides:
- Internal and External scan capabilities
- Multiple scan engines available for internal scans to avoid scanning across firewalls, congested WAN links, etc.
- Useful and executive-facing reporting
- Easy-to-understand key performance indicators to show remediation progress
- Excellent and adjustable vulnerability priorities (is it publicly published; are there active exploits; is an exploit part of widely-distributed exploit kits; what is the threat intelligence, etc.)
- Exceptional trending and trend reporting
- Web application intelligence not normally found in general vulnerability scanners
- Monthly and Quarterly scan options available
- On-demand scans available on a per-scan cost basis
Nexum's first*defense team configures and runs the scans, prioritizes the discovered vulnerabilities based on your prior feedback, and improves the efficiency of your remediation process by removing obvious false positives.
By directing your attention to the most problematic
issues for prompt attention, and noting lower-impact vulnerabilities for later, our "white glove" vulnerability scanning service can help you make the most of your employees' time.