Vulnerability Management.
External vulnerability scanning & analysis

ReScan X – Remote Vulnerability Scanning as a Service

A ReScan X analysis impartially identifies whether your IT systems are vulnerable and susceptible to potential hacker attacks.

When an analysis is performed for the first time, it will form the baseline for all future actions and for many it becomes an important management tool that provides a full overview of their vulnerability level.

The analysis is conducted by our security consultants via the Internet and is based on the vulnerability scan of your services that are exposed to the outside world.

More than just a scan

In the full ReScan X analysis, we look at more than the vulnerability scan data. We also perform a number of manual checks:

• A port scan that is set up to make it easy to keep track of what is open. Here we mention, for example, if we see SMB, RDP and other administrative services.
• We screen all your websites and review them to decide if there is anything you should take action on. We find systems that should not be accessible, such as a monitoring site or test servers. Information leaks, such as internal IP addresses, server names etc. – things we would exploit ourselves in a penetration test.
• We check for password leaks and provide updated lists from time to time.

Reporting

Once the security consultant has completed the vulnerability scan, they will interpret all data and prepare a detailed written report.

The report will be in two parts, a management summary describing your current level of IT security in non-technical terms and then a technical section describing the vulnerabilities found and, most importantly, how to fix them to make a potential attack more difficult.

Get in touch with us below to receive a dummy report.

Rescan X light reports

The frequency of external vulnerability scans can be increased by adding ReScan X Light reports. Here the full vulnerability scan is performed, but analysis and reporting is limited to:

• Onepager summary of upcoming critical vulnerabilities (short analysis with highlights)
• Excel report with dashboard and all vulnerabilities
• Scan file (for possible import into your own product)

X Surveillance – External Vulnerability Monitoring

(Add-on for ReScan X)

Response time and the time it takes to mitigate a new cyber threat is crucial for your digital security.

With this add-on to your ReScan X service, our consultants will scan and monitor your network for emerging vulnerabilities on a weekly basis.

They alert and advise you when a new vulnerability occurs in the “high/critical” category.

Why get external vulnerability scanning assistance?

Vulnerability management is basically about maintaining good hygiene in your systems and networks. There are various products that can solve the technical part, the actual vulnerability scans. It’s the process – having the time and resources to run them and deal with all the vulnerabilities that is a challenge for many.

That’s why various organizations see opportunities in having this essential but time-consuming part of the IT security program delivered as a service.

How we perform an external vulnerability scan

In collaboration with you, the relevant network segments (IP ranges) are selected. The segments are examined for active devices, which are then tested with different scanning tools.

The results of the scans are then manually verified and a report is produced with a prioritized list that explains each vulnerability in easy-to-understand language.

For each vulnerability, there will be suggestions on how to fix them.

How often is a vulnerability scan performed?

A vulnerability scan is network-based and will only include devices that are connected to and active on the network at the time of the scan. In other words, it’s a snapshot that should be repeated continuously.

Ideally, a vulnerability scan should be run once a month or more often, as new vulnerabilities are constantly being discovered and your environment may change.

However, not everyone has the resources to follow up on detected vulnerabilities every month, and as a result, some choose to engage our security consultants in a permanent agreement where we monitor the vulnerability landscape and notify you if something critical occurs.

The in-depth analysis and reporting can be varied to fit into your workday and avoid an information overload scenario.