Secure GI

Get that baseline of Security

Secure GI

We believe that we exist to secure the connected and grant the opportunity of a better online life. Penetration testing helps you achieve that.

We demonstrate this in the way we conduct our Penetration Testing. Just running a bunch of scripts from a Kali installed laptop is not pentesting. We us experience, skill, research and human intuition to provide the best penetration testing on the market.

What is SECURE GI

Secure GI is a subscription service designed to bring your business inline with the UK Governments minimum level of security. We have two subscription levels, Secure GI and Secure GI+

SECURE GI

Secure GI provides you with monthly vulnerability scanning of your public facing systems and vulnerability scanning of your internal systems every six months. 

During your 12 months subscription we will provide you with 12 hours of engineering time to fix identified vulnerability, 12 hours of CISO time to perform audits, review policies and we will perform the UK Governments Cyber Essentials certification audit on or after month 4.

SECURE GI+

Secure GI+ builds on Secure GI to provide you with a well balanced Cyber Security program for your business.

With internal vulnerability scanning every month and twice the engineering and CISO time, coupled with guaranteed Cyber Essentials Plus certification and £20k of Cyber Liability Insurance, GI Secure Plus puts you firmly in a safer connected world.

 

The Secure GI platform is built with the business owner in mind, not the IT professional. While there are a number of advanced features to help monitor and secure any business, at the base level all you need to know to get up and running are three things:

  1. your company name;
  2. your domain name; and
  3. your email address.

From there, the system can work everything else out for you.

Monitoring your Exposure

Your internet exposure is the sum of all possible security risks your business faces from the public internet. It can also be explained as the aggregate of all known, unknown, and potential vulnerabilities, and controls across all hardware, software, and network components. Accessing different locations, components, and layers (including hardware/software) of your exposed systems and applications, an attacker can exploit one or more vulnerabilities and mount an attack. In other words, your exposure can be described as the sum-total of all “attackable touch-points” on the network.

We have grouped these “attackable touch-points” into seven common areas and graded them from A to C using the easy to understand Red, Amber and Green colours.

Seven Areas of Exposure

For a modern business, exposure is complicated and difficult to track. It is constantly expanding, and the threats that target it continuously shape-shift and adapt to the latest in network defences. By understanding your exposure and working with a secure partner to limit it, you will be in a good position to survive the ever increasing threat from cyber attack.

Vulnerability Management

Vulnerabilities are weaknesses in applications, operating systems or firmware at a hardware level. They exist everywhere are each weak more vulnerabilities are published. Most get fixed. Some do not. With all of our subscription levels, there is an element of internal and external vulnerability scanning and an amount of engineering time included to help with fixes. 

We track vulnerabilities at two levels. The first, as shown below, is at an overall level. This is a sum total of all vulnerabilities and then it is broken down into individual risk areas.

Vulnerability Count

 

Tracking the total number of vulnerabilities is useful, but it is important to know which applications or systems have the vulnerabilities. From your account you can view this, in the Vulnerabilities by Host section. Here you can see the number of Critical, High, Medium and Low vulnerabilities. You can also request a report on a particular host so you can understand the vulnerabilities better. You can also request the host be rescanned following any remediation work.

Vulnerabilities by Host

 

While our competitors use the term “Vulnerability Management” to mean the scanning, monitoring and reporting of vulnerabilities found, we are still the only Cyber Security firm to offer a fix service.

Vulnerability Reports

For every host within your account that you scan, you can generate a PDF report for it. The report will include the overall risk level that host poses to your business along with the vulnerabilities and a short description on host to fix the issue.

There are important for your business in a number of ways. You can use these to prove your level of security to customers, leveraging the service to provide you with a competitive edge and a better chance of securing further business.

These reports are essential for proving compliance during audits. Useful in GRA, Financial, PCI-DSS and RTS audits, virtually every regulatory standard now requires vulnerability scans to prove compliance.

Vulnerability scanning is even required by GDPR, and the reports are the evidence that you are doing this.

In preparing to meet GDPR compliance requirements, you must observe a minimum set of security controls to avoid both penalties and loss of customer trust. Those related to and delivered by Secure GI are:

  • Visibility of your IT environment 
  • Asset criticality rankings
  • Reporting with full support for GDPR compliance

 

Report Image

To attain GDPR compliance readiness, you need complete visibility into your IT assets through blind spot detection and an assurance that your applications are hardened against exploits and misuse.

Secure GI helps you on the way to demonstrating your GDPR compliance.

Secure GI+ is a complete solution to help you address both known and unknown vulnerabilities hidden in your applications, assets and networks to meet any compliance challenge.

Cost

We have worked hard to ensure that the solution is affordable for every business and we beleive our pricing model is very fair.

SECURE GI Web

Securing Outside
£ 95
00
Monthly
  • Weekly Website Vulnerability Scan
  • 0.5 hr of engineering time*
  • False positive removals
  • PDF Reports

SECURE GI

The Baseline
£ 195
00
Monthly
  • External Vulnerability Scanning 8 IP's
  • Annual Internal Scanning
  • 1 hr a month of engineering fix
  • 1 hr a month of CISO time
  • Cyber Essentials certification assured in month 4
  • Free Online Awareness Training
  • 20% discount on penetration testing

SECURE GI+

Deeper Cyber Security
£ 345
00
Monthly
  • Everything from GI Secure
  • External Vulnerability Scanning 24 IP's
  • Monthly Internal Scanning of 50 IP's
  • Extra hr of engineering fix time
  • Cyber Essentials Plus assured by month 6
  • Password Breach Notification for your Business
  • £20k Cyber Liability Insurance*
Popular

* Additional engineering time is available at £25 per 30 minutes.
** Additional CISO time is available at £75 per 30 minutes.
*** Cyber Liability Insurance in issued on successful completion of Cyber Essentials Plus

Do you need something a little more bespoke or complex? Not a problem. Read on to the next section.

secure GI+ Custom

Many businesses have complex regulatory needs and we have been working with those businesses for more than a decade now. We can create you a custom annual subscription that will fit your precise needs and include exactly the services from our CISO team that you need. While not an exhaustive list, here are some of the most common services included along with the price per month:

Additional external IP addresses

£0.50
Extra IP addresses for scanning, per IP address per month.

Additional internal IP addresses

£0.75
Extra IP addresses for internal scanning, per IP address per month.

PCI-DSS ASV Scanning

£6.50
Every online merchants must carry out external scanning from a PCI-DSS "Approved Scanning Vendor". This is called the PCI-DSS ASV Scan. We can perform this for you. Price is per scanned IP Address per month.

PCI-DSS SAQ Completion

£155.00
The majority of online merchants will need to complete the PCI-DSS Self Assessment Questionnaire. While simple for our CISO team to complete, they can be daunting to business owners. We can complete these for you and handle any issues that arise. Price is per SAQ.

UKGC Remote Technical Standards Audit

£395.00
We can perform your annual UK Gambling Commission Remote Technical Standards Audit for you. We will carry out the entire audit from start to completion, deal with the Management Comments from the audit and help you deal with any enquires from the UKGC. The RTS audit can be included within the ISO27001 Management Audit.

ISO27001 Managment Audit

£425.00
If you are an ISO27001 certified business then every year you will need to have a review of your Information Security Management System (ISMS). We offer this as an option within our Secure GI+ Custom plan, but is included in our Managed ISO27001 option as well. As part of the output, we can include the UKGC RTS report if required.

Phishing Testing

£100.00
Test the ability of your staff to spot a series of phishing emails sent over a month.

Web Application Penetration Testing

£call
Web application penetration testing following the OWASP methodology and covering all of the aspects of the OWASP top 10.

Infrastructure Penetration Testing

£call
Assuring the security of your infrastructure through a CREST approved penetration test following the Penetration Testing Execution Standard methodology.

Demo

Want a preview of the portal? Not a problem. Use the following credentials to log in:

Username: [email protected]

Password: !DemoUser!

Login using the link on the top right.

WANT to Talk?

Need a call to discuss Secure GI and how it can work for you?

Simply use the calendar on the right to select the date and time that best suits you. Let us know the best phone number to reach you and a short description of what you are looking for and the team will call you on the date and time you have specified.

It couldn’t be simpler than that.

Scroll to Top