The Intruder Service (Essential, Pro or Verified Plan) will consist of Intruder Systems Ltd ("Intruder") performing monthly security assessments of the customer's internet-facing infrastructure and applications.
Monthly Assessment (ALL PLANS)
The monthly assessment will cover all internet-facing systems in-scope, as agreed between Intruder and the customer.
The assessments will aim to identify weaknesses which may be used to breach the customer's network, or otherwise compromise the confidentiality, integrity, or availability of their systems or information.
The assessment will be primarily delivered using the automated Intruder platform. However where deemed necessary by Intruder, manual techniques may be deployed to to offer the highest quality service possible.
Perspective (ALL PLANS)
Weaknesses will be identified from the perspective of an internet-based attacker, with publicly available access to the customer's systems.
Reporting (ALL PLANS)
Intruder will report the security issues discovered through each monthly assessment or ad-hoc test, and provide advice for remediation.
Ad-hoc Testing & Emerging Threat Notifications (PRO AND VERIFIED PLANS ONLY)
Outside the scheduled monthly assessment, the service will also include ad-hoc testing of any issues deemed by Intruder to merit special treatment, for example where vulnerabilities such as Heartbleed or Shellshock are disclosed and exploitation is known to be happening in the wild. Notifications will also be issued for vulnerabilities that are identified as posing a direct threat to the customers' systems.
False Positive Reduction & Potential Issue Investigation (VERIFIED PLAN ONLY)
Intruder consultants will attempt to reduce false positives by investigating and confirming issues found during the monthly assessment. Where issues could potentially be more damaging than they appear in the assessment, these will be investigated.