Ervalex offers two (2) managed services to assist an organization with managing the cybersecurity posture of the organization’s network. The services include scheduled vulnerability assessments and patch management. Combined together, these services provide continuous monitoring of an organization's cybersecurity posture from a technical perspective.
Patch Management is the process of monitoring the patch levels of each system on the network. Vulnerabilities in software exist and continue to be discovered daily. When the software vendors release a patch to the software, the patch must be installed in a timely manner to defend against threat sources exploiting the vulnerability.
Vulnerability assessments scan the network to find non-inventoried systems on the network, unpatched systems, vulnerable ports and protocols, and mis-configured systems.
Continuous monitoring is a risk management approach to cybersecurity that maintains an accurate picture of an organization’s security risk posture, provides visibility into assets, and leverages use of automated data feeds to quantify risk, ensure effectiveness of security controls, and implement prioritized remedies. A well-designed and well-managed continuous monitoring program can effectively transform a static control assessment into an on-going process of vulnerability detection and mitigation.
Ervalex will come on-site and work with your IT department to configure the Nessus scanner to connect and scan your network. After the scan, a detailed report is provided listing the vulnerable systems and steps to remediate the vulnerabilities.
Using this service allows your network to be scanned with a professional vulnerability scanning tools without having to purchase an annual Nessus software license ($2195).
Ervalex will provide the organization with a pre-configured computer to attach to the organization network. The computer is a Windows 10 Professional system with the Nessus Professional vulnerability scanning software installed. The machine is configured with the latest security patches and anti-virus software. The system is remotely managed by Ervalex.
Ervalex can connect remotely to the scanning system and configure and run the vulnerability scans. After the scans are complete, Ervalex will analyze the results, prepare reports, and then work with the organization to mitigate the vulnerability findings.
A Memorandum of Understanding (MOU) is signed by Ervalex and the organization to set expectations for security, configuration, and management of the scanning system.
Ervalex has the ability to manage the security of your computers remotely. ITARIAN software allows the remote deployment of critical security patches and 3rd party software updates.
While many vendors, like Microsoft and Oracle, release patches on a regular schedule, there are patches that may be released out-of-cycle. Ervalex can assist with monitoring patch releases and installing the patches on the organization’s network. Ervalex can perform this service remotely using the ITARIAN IT Management software.