In 2021, the US-CERT Vulnerability database recorded 18376 vulnerabilities. That’s an average of more than 50 common vulnerabilities and exposures (CVEs) per day.
With cyber criminals constantly scanning the internet looking for CVEs to exploit, if your organisation doesn’t have the internal skills and resource to monitor and alert for these CVEs, your business needs a Continuous Vulnerability Scanning (CVS) service to alert you in time and prevent you falling victim to breaches.
Having a properly targeted penetration test is an excellent thing to do but lots of organisations still think that by having just one annual penetration test, they’ll be safe. However, from the sheer volumes of exploitable CVEs being generated, waiting a year to discover that you’ve been breached is not a good strategy to adopt.
Since penetration testers use vulnerability scanning tools to perform a significant proportion of their tests, a Continuous Vulnerability Scanning service will complement regular penetration testing performed on your networks.
Deploying continuous vulnerability scanning sounds great but that doesn’t mean you want to be inundated with alerts. You want it to run constantly but only be alerted when something is a priority.
That’s where Falanx Cyber’s CVS service delivers real benefits:
Our cloud-based service is always-on and will carry out daily vulnerability scans across your entire external estate. You will be notified of new vulnerabilities quickly after they appear. This allows you to mitigate vulnerabilities that may otherwise be present for weeks or months if you only conduct monthly or annual testing.
Our vulnerability database also allows us to provide you with reports that include a detailed analysis of a vulnerability, along with likelihood and impact of exploitation, and of course remedial advice. We provide you with full reports on a monthly basis and in the interim we notify you of any new vulnerabilities.
We use industry-leading commercial vulnerability scanning software to scan your estate for vulnerabilities. We match this against our proprietary vulnerability database so that we only report real and applicable vulnerabilities to you. On the rare occasion false positives are identified, report them to us and they will be dismissed from future results.
Our vulnerability scanning software relies on a plugin database which is updated daily with identifiers for any new published vulnerabilities.
