© 2020 Content Security Pty Ltd.

Managed services

Vulnerability Management

If your applications are delivered with vulnerabilities attached – it won’t matter how good your network security is. This is true whether they’re hosted on-premise or in the cloud.

While patching will resolve the majority of vulnerabilities found on your network, others can have a bigger impact such as careless administration and use of IT equipment. These need to be managed as much, if not more than patches.

Continuously monitoring your network health

Examples of non-patch related vulnerabilities include:

  • A new printer is installed without changing the default password. This printer caches printed documents with the last 100 documents printed available to anyone on the network
  • A web developer turns on the ‘TRACE’ method on a production website to debug a problem and forgets to turn it off. Criminals can do ‘Cross Site Tracing’ on your website, allowing them to trick your visitors into thinking they’re seeing your trusted content when they’re really viewing the criminal’s content
  • A user installs a piece of software with a light database in the backend. The database has a well-known default SA password, and supports passing through shell commands. This creates a back door into your domain.

These types of events occur too frequently to be detected by an annual penetration test. Periodic vulnerability management, ranging from daily to quarterly per year, is an excellent measure to ensure your network doesn’t fall into an insecure state between penetration tests.

If you can’t say for certain that “all vulnerabilities on my environment create only minimal and tolerant risks” contact Content Security and find out what the true risk your vulnerabilities actually are.

Related post

How to select a Managed Security Service Provider (MSSP)

Why Content Security?

Our team are seasoned, experienced and business-minded security consultants with an average of 10 years experience across state and local government, health, finance, education, nonprofit organisations and more.

For more information please contact our cybersecurity professionals today.