Secure is built with the business owner, not the IT professional, in mind. Secure helps small businesses achieve a base level of cyber security and frees them up to run their business.
Secure of [secure] is a 12-month subscription service available in basic and plus levels. The basic level looks at your public facing services. The Plus level looks inside too, and addresses Cyber Essentials and Cyber Essentials Plus certifications from the UK Government.
The system is simple and practical to use regardless of your technical abilities; and at the base level all you need to know to get up and running are three things:
Secure provides you with monthly vulnerability scanning of your public facing systems and vulnerability scanning of your internal systems every six months. During your 12 months subscription we will provide you with 12 hours of engineering time to fix identified vulnerability, 12 hours of CISO time to perform audits, review policies and we will perform the UK Governments Cyber Essentials certification audit on or after month 4.
Secure+ builds on Secure to provide you with a well-balanced Cyber Security program for your business. With internal vulnerability scanning every month and twice the engineering and CISO time, coupled with guaranteed Cyber Essentials Plus certification and £20k of Cyber Liability Insurance, Secure+ puts you firmly in a safer connected world.
Your internet exposure is the sum of all possible security risks your business faces from the public internet. It can also be explained as the aggregate of all known, unknown, and potential vulnerabilities, and controls across all hardware, software, and network components. Accessing different locations, components, and layers (including hardware/software) of your exposed systems and applications, an attacker can exploit one or more vulnerabilities and mount an attack. In other words, your exposure can be described as the sum-total of all “attackable touch-points” on the network.
We have grouped these “attackable touch-points” into seven common areas and graded them from A to C using the easy to understand Red, Amber and Green colours.
For a modern business, exposure is complicated and difficult to track. It is constantly expanding, and the threats that target it continuously shape-shift and adapt to the latest in network defenses. By understanding your exposure and working with a secure partner to limit it, you will be in a good position to survive the ever increasing threat from cyber attack.
Vulnerabilities are weaknesses in applications, operating systems or firmware at a hardware level. They exist everywhere are each weak more vulnerabilities are published. Most get fixed. Some do not. With all of our subscription levels, there is an element of internal and external vulnerability scanning and an amount of engineering time included to help with fixes.
We track vulnerabilities at two levels. The first, as shown below, is at an overall level. This is a sum total of all vulnerabilities and then it is broken down into individual risk areas.
Tracking the total number of vulnerabilities is useful, but it is important to know which applications or systems have the vulnerabilities. From your account you can view this, in the Vulnerabilities by Host section. Here you can see the number of Critical, High, Medium and Low vulnerabilities. You can also request a report on a particular host so you can understand the vulnerabilities better. You can also request the host be rescanned following any remediation work.
While our competitors use the term “Vulnerability Management” to mean the scanning, monitoring and reporting of vulnerabilities found, we are still the only Cyber Security firm to offer a fix service.
For every host within your account that you scan, you can generate a PDF report for it. The report will include the overall risk level that host poses to your business along with the vulnerabilities and a short description on host to fix the issue.
There are important for your business in a number of ways. You can use these to prove your level of security to customers, leveraging the service to provide you with a competitive edge and a better chance of securing further business.
These reports are essential for proving compliance during audits. Useful in GRA, Financial, PCI-DSS and RTS audits, virtually every regulatory standard now requires vulnerability scans to prove compliance.
Vulnerability scanning is even required by GDPR, and the reports are the evidence that you are doing this.
In preparing to meet GDPR compliance requirements, you must observe a minimum set of security controls to avoid both penalties and loss of customer trust. Those related to and delivered by Secure are:
To attain GDPR compliance readiness, you need complete visibility into your IT assets through blind spot detection and an assurance that your applications are hardened against exploits and misuse.
Secure helps you on the way to demonstrating your GDPR compliance.
Secure+ is a complete solution to help you address both known and unknown vulnerabilities hidden in your applications, assets and networks to meet any compliance challenge.
To help demonstrate the value that [secure] can bring to your business, we put together this 2 minute video.
We have three options for [secure]. You can purchase it for a one off use to create adhoc Vulnerability and Attack Surface analysis reports or you can sign up to a 12 month subscription paying monthly for either the base level [secure] or the in-depth [secure]+ platforms.