Get that baseline of Security
We believe that we exist to secure the connected and grant the opportunity of a better online life. Penetration testing helps you achieve that.
We demonstrate this in the way we conduct our Penetration Testing. Just running a bunch of scripts from a Kali installed laptop is not pentesting. We us experience, skill, research and human intuition to provide the best penetration testing on the market.
What is SECURE GI
Secure GI is a subscription service designed to bring your business inline with the UK Governments minimum level of security. We have two subscription levels, Secure GI and Secure GI+
Secure GI provides you with monthly vulnerability scanning of your public facing systems and vulnerability scanning of your internal systems every six months.
During your 12 months subscription we will provide you with 12 hours of engineering time to fix identified vulnerability, 12 hours of CISO time to perform audits, review policies and we will perform the UK Governments Cyber Essentials certification audit on or after month 4.
Secure GI+ builds on Secure GI to provide you with a well balanced Cyber Security program for your business.
With internal vulnerability scanning every month and twice the engineering and CISO time, coupled with guaranteed Cyber Essentials Plus certification and £20k of Cyber Liability Insurance, GI Secure Plus puts you firmly in a safer connected world.
The Secure GI platform is built with the business owner in mind, not the IT professional. While there are a number of advanced features to help monitor and secure any business, at the base level all you need to know to get up and running are three things:
- your company name;
- your domain name; and
- your email address.
From there, the system can work everything else out for you.
Monitoring your Exposure
Your internet exposure is the sum of all possible security risks your business faces from the public internet. It can also be explained as the aggregate of all known, unknown, and potential vulnerabilities, and controls across all hardware, software, and network components. Accessing different locations, components, and layers (including hardware/software) of your exposed systems and applications, an attacker can exploit one or more vulnerabilities and mount an attack. In other words, your exposure can be described as the sum-total of all “attackable touch-points” on the network.
We have grouped these “attackable touch-points” into seven common areas and graded them from A to C using the easy to understand Red, Amber and Green colours.
For a modern business, exposure is complicated and difficult to track. It is constantly expanding, and the threats that target it continuously shape-shift and adapt to the latest in network defences. By understanding your exposure and working with a secure partner to limit it, you will be in a good position to survive the ever increasing threat from cyber attack.
Vulnerabilities are weaknesses in applications, operating systems or firmware at a hardware level. They exist everywhere are each weak more vulnerabilities are published. Most get fixed. Some do not. With all of our subscription levels, there is an element of internal and external vulnerability scanning and an amount of engineering time included to help with fixes.
We track vulnerabilities at two levels. The first, as shown below, is at an overall level. This is a sum total of all vulnerabilities and then it is broken down into individual risk areas.
Tracking the total number of vulnerabilities is useful, but it is important to know which applications or systems have the vulnerabilities. From your account you can view this, in the Vulnerabilities by Host section. Here you can see the number of Critical, High, Medium and Low vulnerabilities. You can also request a report on a particular host so you can understand the vulnerabilities better. You can also request the host be rescanned following any remediation work.
While our competitors use the term “Vulnerability Management” to mean the scanning, monitoring and reporting of vulnerabilities found, we are still the only Cyber Security firm to offer a fix service.
For every host within your account that you scan, you can generate a PDF report for it. The report will include the overall risk level that host poses to your business along with the vulnerabilities and a short description on host to fix the issue.
There are important for your business in a number of ways. You can use these to prove your level of security to customers, leveraging the service to provide you with a competitive edge and a better chance of securing further business.
These reports are essential for proving compliance during audits. Useful in GRA, Financial, PCI-DSS and RTS audits, virtually every regulatory standard now requires vulnerability scans to prove compliance.
Vulnerability scanning is even required by GDPR, and the reports are the evidence that you are doing this.
In preparing to meet GDPR compliance requirements, you must observe a minimum set of security controls to avoid both penalties and loss of customer trust. Those related to and delivered by Secure GI are:
- Visibility of your IT environment
- Asset criticality rankings
- Reporting with full support for GDPR compliance
To attain GDPR compliance readiness, you need complete visibility into your IT assets through blind spot detection and an assurance that your applications are hardened against exploits and misuse.
Secure GI helps you on the way to demonstrating your GDPR compliance.
Secure GI+ is a complete solution to help you address both known and unknown vulnerabilities hidden in your applications, assets and networks to meet any compliance challenge.
We have worked hard to ensure that the solution is affordable for every business and we beleive our pricing model is very fair.
SECURE GI WebSecuring Outside
Weekly Website Vulnerability Scan
0.5 hr of engineering time*
False positive removals
SECURE GIThe Baseline
External Vulnerability Scanning 8 IP's
Annual Internal Scanning
1 hr a month of engineering fix
1 hr a month of CISO time
Cyber Essentials certification assured in month 4
Free Online Awareness Training
20% discount on penetration testing
SECURE GI+Deeper Cyber Security
Everything from GI Secure
External Vulnerability Scanning 24 IP's
Monthly Internal Scanning of 50 IP's
Extra hr of engineering fix time
Cyber Essentials Plus assured by month 6
Password Breach Notification for your Business
£20k Cyber Liability Insurance*
* Additional engineering time is available at £25 per 30 minutes.
** Additional CISO time is available at £75 per 30 minutes.
*** Cyber Liability Insurance in issued on successful completion of Cyber Essentials Plus
Do you need something a little more bespoke or complex? Not a problem. Read on to the next section.
secure GI+ Custom
Many businesses have complex regulatory needs and we have been working with those businesses for more than a decade now. We can create you a custom annual subscription that will fit your precise needs and include exactly the services from our CISO team that you need. While not an exhaustive list, here are some of the most common services included along with the price per month:
WANT to Talk?
Need a call to discuss Secure GI and how it can work for you?
Simply use the calendar on the right to select the date and time that best suits you. Let us know the best phone number to reach you and a short description of what you are looking for and the team will call you on the date and time you have specified.
It couldn’t be simpler than that.