Scanning appliance for vulnerability assessments and network scans

9th August 2019 | Posted in Cyber Security, IT Services


CYFOR Secure’s Pulse Scanning Appliance incorporates a proprietary software stack within a small, portable storage device. This delivers comprehensive network scanning, vulnerability assessments and covert security assessments.


Typically, these technical assessments would require onsite attendance from a technical expert to connect, navigate and analyse the retrieved data. With Pulse, CYFOR Secure can connect to networks remotely and perform a variety of scans, varying in focus and depth.

The Pulse Scanning Appliance is simply connected to a network which notifies CYFOR Secure to initiate the required scan procedure. All that’s required is an active internet connection and a mains power connection. Pulse ideally plugs into the router/firewall or a network switch.

Pulse Scanning Appliance

Assessment for Networks

Do you wonder what time each user logs in of a morning? Our network assessment allows data to be extracted easily from your server or from each desktop. We can also create an inventory of all your computer hardware, network hardware and all their configurations. This makes reviewing system upgrades and identifying system bottlenecks an easy process by presenting the data in our easy to use web portal or via our generated reports.

 

Assessments for SQL

Do you have multiple SQL servers which you need to manage? We can take the pain out of SQL Management by extracting all the SQL configurations and presenting them in an easy to read format. This helps you see which accounts have elevated permissions and identify configuration issues faster as all servers are included in the single report. If you utilise CYFOR Secure’s Managed IT Support service we can look after the monitoring of your SQL databases and extract the data as required. It can take an IT administrator hours to extract the required information for department heads to review. This service allows reports to be printed on request and all the data can be reviewed directly from our web portal, saving many hours of work.

 

Assessments for Exchange

Do you use Office 365? Gaining statistics through Office 365 can be a complicated process if you are unsure of what you need to do. Our Exchange assessment tool can extract the data from Office 365, Exchange 2013, 2010, 2007 and 2003. We can generate easy to read reports detailing mailbox usage, traffic and usage reports, mobile device connectivity, distribution lists, mailbox permissions and more. These reports make it easier for the technical details to be reviewed without worrying about accidentally changing an important setting.

This is also the perfect tool to use while migrating services from an old exchange server to Office 365, our reporting tools allow permissions and mailbox details to be reviewed and checked in a simple report format.

 

Assessments for PCI-DSS

This is a one-off assessment that prepares your company for PCI-DSS Compliance. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. Our compliance assessment allows you to run a scan on your network to determine what work is required for you to meet the standard prior to running a full compliance scan. We can walk you through the process from initial request through to full compliance.

There are many people that will offer advice on what answers are required to pass the self-assessment questionnaire, but this can put your Insurance at risk if you do suffer a data breach and the conditions have not been met. It also helps avoid the £35 per month charge that can be applied to your card processing account for non-compliance.

  • Helps you achieve compliance standard
  • A simple automated process that is controlled from our head office.
  • Complete a pre-scan questionnaire and leave the rest to us.
  • Post initial report meeting to discuss the findings and plan remediation works.
  • Final scan to confirm the compliance standard. All final reports can be submitted to your bank as proof of compliance.
  • Helps avoid unnecessary charges
  • Can be run ad hoc when required (Annually with Quarterly External Scans) or continuously to alert you when you have fallen out of compliance.

 

PULSE Scanning Appliance for Security

Our security assessment runs a Dark Web scan on your company’s domain and checks your router externally for exploitable security holes. All collected data is reviewed from the other scans to generate security warnings, such as no Anti-Virus installed, and Account lockout disabled. Our report generation process allows easy to read reports to be generated detailing all your security concerns so they can be reviewed as often as required. All you need to do is request a new scan to take place and we will courier the PULSE Scanning Appliance to you and the portal data will be updated. Normally this data is hard to extract or is not even looked for, we make it as simple as pressing print. If you want us to manage your security, then our Managed IT Support service is perfect for you as we will generate and review this report on a monthly basis.

 

PULSE Compliance

Whether it is GDPR, ISO 27001, PCI or Cyber Insurance, our compliance automation is here to help. Our onsite appliance scans your network daily and extracts the required technical data to ensure you meet the required standards.

Pulse Compliance for GDPR: Let us guide you through the GDPR Compliance process to make sure the required policies are in place and up to date and your computer systems comply with the regulations. Once you have achieved the required levels the appliance continues to scan your network daily and alerts you when you fall outside of the compliance guidelines. The scans include detecting PII on individual systems so you can make sure it is stored securely.

Pulse Compliance for ISO 27001: This can help you improve your systems and policies to achieve ISO 27001 level of compliance before starting the official compliance process, saving time and money. Once you have achieved ISO 27001 or if you’re already certified PULSE makes sure you maintain the required standards and makes the annual review easier as the compliance reports can be generated and presented to the assessor.

Pulse Compliance for Cyber Insurance: Cyber Insurance is gaining in popularity and helps safeguard your business against the costs of investigations and remediation work in the event of a malware attack or data breach. Each cyber insurance policy has its own requirements and meeting these requirements is essential to a successful claim. PULSE can monitor your network and advise you on issues that fall outside of your Cyber Insurance policy, this makes sure you are in the best position to receive 100% of your pay-out if a breach was to occur.

 

Cyber Assessment

Do you know where your Cyber Risks are within your business? Our Cyber Risk assessments are an easy way to check what your current risks are and what you need to do to remediate them. This assessment includes elements of PCI-DSS, Cyber Insurance and GDPR and can provide the first idea of where your compliance level is at.

Level 1:

Our Cyber Risk Assessment runs internal and external vulnerability scans on your network to determine what digital ‘holes’ exist which can be exploited by a hacker. We also conduct a Dark Web assessment against your domain to find which email addresses and passwords have been compromised. The results of the scans are analysed by our experts and a report created highlighting the discovered security risks and issues. The report is easy to read and provides you with an overall Risk Score.

Level 2:

We generate the same report as level 1 but also include a full 1-hour consultation with our cyber security team to go through our security questionnaire. The questionnaire is based on the Cyber Essentials self-assessment so you can get an idea of how closely you comply with the governments recommended standards. The answers are reviewed carefully, and a separate risk score is generated for each section of the questionnaire. This is then combined with the physical scans and an overall risk score is provided.

Level 3:

This is an extension to the level 2 report and includes a full-day onsite. This allows our team to review your physical security, staff practices and identify additional security risks such as tailgating and bad password management. The data from the onsite visit is added to the level 2 report to provide a complete picture of your company’s cyber compliance.

 

Internal Threat Monitoring Service

The Pulse Scanning Appliance attaches to a network to run daily network security scans and weekly internal and external vulnerability scans with enhanced malware detection. This service requires a dedicated Pulse Scanning Appliance that stays connected to the target network, allowing scans to be conducted daily. The cost of the hardware can be paid upfront or added to the monthly fee, this provides options for deployment and makes it cost-effective for most clients to deploy. The scans that are run are the same as the scans that are used for the on-off assessments but are run every day to generate a complete security profile and to identify security changes over time.

Our cyber security and internal threat monitoring system collates all the data together from the completed scans and applies a series of policies to the data to create alerts which can indicate potential security risks and malware, new vulnerabilities and user configuration issues. The generated alerts are delivered by email or viewed in our web portal. The web portal provides access to all generated alerts, the collated data in an easy to navigate interface and provides instructions on remediation steps.

The policies used to create alerts in the cyber and internal threat monitoring are a complex set of rules that can delve deep into the collected data and run comparisons and searches faster than any other method. Previously the data had to be manually collected, processed and searched to create these alerts, this process could take weeks. By using our PULSE Scanning Appliance this process is completed within hours and to a more thorough standard.

To provide a flexible monitoring solution for each client we have 4 levels of our monitoring service. The scans that are conducted are that same for all levels, the only adjustment is the number of automatic alerts that are generated. A full policy list is provided to the client, and with our assistance, we select the alerts that are needed for their environment. Most clients will have a one-off scan completed before we roll out the monitoring service so we can use the report to advise on the best policies to be applied.

A full list of our current 30 policies can be provided on request.

 

Remote Forensics

Do you think you have an insider threat? Staff members behaviour or reports from other people can indicate that something isn’t right. Normally these issues don’t get investigated until the staff member has already left, and if they have stolen company data then it can be hard to prove. Our Forensic Data Collection service allows an investigation to take place without the user’s knowledge. This can help in obtaining valuable evidence if it reaches court.

We can analyse their PC or Laptop to find information such as installed applications, specific files, download their internet history and obtain their email records to track conversation history before vital data can be deleted. We can provide a retention service where we forensically image devices and emails prior to employees leaving and can be stored for 12 months. This allows any required information to be extracted whilst the hardware can be repurposed to a new member of staff. This can drastically cut costs as hardware and software licences can be reused.

 

Dark Web Assessment and Monitoring:

Do you know which of your passwords have been compromised?

We can run a search of the Dark Web to find out which of your passwords are in the hands of hackers. This is an important service as a compromised password can put your corporate data at high risk from a breach or allow even more specific phishing attacks. Our Dark Web Assessment and Monitoring service allows a one-off scan to be run to find out what your initial exposure is. We provide you with a document that has a full hit count and the latest 100 compromised passwords. The passwords only have the first four characters visible for security purposes.

Our full monitoring service scans the Dark Web every day to identify new credential leaks which are then reported directly to you. You can log in to our secure web interface and review the latest results. In our web interface, the full compromised password is visible. A basic dark web scan is included with our Security Assessment and PULSE cyber service.

 


Share:

REQUEST A CALL BACK

CONTACT US

contact@cyforsecure.co.uk

0330 133 1250

Cyfor Secure
PO Box 266
Manchester
M24 0BY

contact@cyforsecure.co.uk

0330 133 1250

Cyfor Secure
PO Box 266
Manchester
M24 0BY