Vulnerability scanners are great at locating thousands of known weaknesses, but they can never fully replace the human eye. With Verified vulnerability management, our certified professional hackers can verify the severity of your scan results, reduce the number of false positives, and more.
How does it work?
There has historically been a gap between an external penetration test and an external vulnerability scan. Vulnerability scans happen regularly, whereas penetration tests are performed once or twice per year. This leaves six to twelve months where weaknesses can be left undiscovered and exploitable.
Intruder’s Verified service reduces this gap in order to provide continuity of security through a combination of automated vulnerability scanning, manual reviews by penetration testers, and freeform bug hunting: Enterprise-grade vulnerability scanning Get protection against the ~20,000 new vulnerabilities that are discovered throughout the year with our high-quality vulnerability scanning service. In addition to the scheduled scans performed each month, Intruder will also automatically scan your systems for emerging threats, without you needing to monitor the news. Manual reviews by penetration testers To provide an extra level of security, Intruder's qualified penetration testers will rigorously investigate scan results for you, highlight serious weaknesses, and combine vulnerabilities to add business context beyond what an automated scanner can provide. Freeform bug hunting You can also opt-in for a set number of days dedicated to Freeform Bug Hunting. The purpose of this type of test, is to uncover the most serious vulnerabilities that can appear between tests. Read more about it.
Key benefits of the Verified service
Intruder includes expert penetration testers in the Verified assessment process, adding value beyond the capabilities of automated vulnerability scanning. This hybrid approach provides numerous benefits:
• Eliminate false positives Automated scanners often identify lots of issues, but due to the limitations of automation, there are always false positives - wasting precious time for your security team. Intruder investigates scan results to confirm, where possible, that the result is valid. • Reveal serious weaknesses with the help of manual investigation Automated scans can discover services that when investigated manually, can reveal serious weaknesses. For example, publicly accessible file-shares may contain sensitive company information that is only apparent to the human eye. • Find dangerous vulnerabilities with combined security issues Sometimes two distinct security issues can be mild in nature, but when combined, can have a far more severe impact. Intruder’s Verified team are skilled at combining issues discovered by automated tooling, ensuring that dangerous weaknesses do not slip under the radar. • Learn the real impact of discovered vulnerabilities Automated solutions don’t understand context – the circumstance of a vulnerability can affect the overall impact of a weakness if successfully exploited. For example, vulnerabilities detected on a server hosting sensitive data will be reported with an increased severity rating; whereas a partially-exploitable vulnerability, with measures in place to protect it, will have its severity rating lowered to reflect the threat. • Receive regular assessments of your internet-facing systems Intruder provides regular assessments of your internet-facing systems; and stores custom Proof of Concepts, for issues such as Cross-Site Scripting or SQL Injection.
• Analyse your systems from an attacker's perspective The standard Verified assessment is performed from the perspective of an internet-based attacker, with no credentials or prior access to systems beyond that available for regular users. Testing from this perspective will help you understand your cyber security posture as viewed by an external attacker.
Want to find out more about the Verified service and how it can benefit your company? Get in touch today.
"With cyber-attacks on the rise, keeping our servers secure and protecting our customers is of paramount importance to us. The support we've had recently from Intruder has been superb and has more than justified our decision to invest in third-party testing for security."
Chris Lynch, Founder & CTO at Gravit-e
Start your 30 day free trial
of Intruder's effortless vulnerability scanner, to provide continuous protection for your systems today!