Continuous Vulnerability-as-a-Service

The issue with vulnerability assessments in general is that as a snapshot view in time, the results become obsolete very...
CVaaS: The Pain We Address

The issue with vulnerability assessments in general is that as a snapshot view in time, the results become obsolete very quickly. As can be seen in the diagram below, as soon as a vulnerability assessment is performed and recommendations executed upon, the risk exposure starts to rise once again. Recommendations don’t get the proper follow-up and execution due to resource constraints, new vulnerabilities creep into the infrastructure. We can’t ever be sure how secure we are until the next vulnerability assessment to check on execution progress of the last series of exposures and what new vulnerabilities have done to our security posture between check-ups.

Continuous vulnerability assessments in contrast lower the risk profile since the time interval is very short. This ensures new vulnerabilities are found quickly and issues of remediation are better managed. Note that this has a profound effect on the lowering of the cost of control, since we gradually eliminate the overhead of the vulnerability assessment process and eliminate revisiting the same unmitigated vulnerabilities in the next cycle.

CVaaS: The Solution We Provide

CVaaS is a service offering that on a continual basis looks at all externally facing IT assets for security vulnerabilities and leakage.  By performing this task continually the potential exploit window is lowered, but without incurring the exorbitant high costs normally associated with real time security monitoring services.  The service consists of three main continual service components.

  • Asset Management
  • Scanning Systems
  • Configuration / Log Reviews

 

CVaaS: The Benefits

The following key benefits are realized with CVaaS from 360Secure:

  • CVaaS is a great fit for Small/Medium Business which may not be able to afford MSSP (Managed Security Service Provider) real time monitoring
  • CVaaS generates a better security posture at less risk for fewer impacting business issues
  • CVaaS generates less risk at less cost than regular interval VAs
  • CVaaS removes wasted effort of set-up / tear-down times involved with periodic assessments
  • CVaaS spreads out mitigation over time into more manageable chunks of time
  • CVaaS provides less disruption to existing business operations and support