In an increasingly complex environment – both in terms of technical equipment exploitation and increasing threats – managing and controlling vulnerabilities are key success factors.
In 2016, for example, an estimated 78% of business compromises were based on the exploitation of known vulnerabilities.
Knowledge of the level of protection of the company’s infrastructure has therefore become a core element of the CISO’s concerns. This issue presents a double challenge:
Recurring pentest campaigns are one of the solutions envisaged to detect vulnerabilities affecting infrastructures and applications. However, whether these intrusion tests are carried out by in-house teams or external service providers, the cost of this approach remains a deterrent to its systematic adoption. Pentest can be used for advanced analysis but it is not recommended as recurring method.
Did you know?
Furthermore, companies found that in the vast majority of cases (92%), attacks against them were not the result of the exploitation of a 0 day but of unpatched vulnerabilities, often which had been published for more than 6 months (as this was the case with WanaCry and Petya / NotPetya ransom software).
Being protected against such attacks is now a MUST for operators, ISPs or Content providers.
The pragmatic solution
Automatic vulnerability scanning solutions enable recurring and frequent updating of the most critical and often exploited vulnerabilities present on a client’s network and applications.
This automated approach makes it possible to optimise the level of detection and the frequency of diagnostics performed with regard to a financial investment that remains acceptable.
Data Vulnerability Assessment enables you to detect, quantify and prioritise vulnerabilities in a system (an IP address or a website). Based on an easily deployable SaaS solution, it scans the selected systems on a regular basis and delivers expert reports allowing you to consider remedial action or additional analysis studies.
This managed solution offers, as an option, reports of several levels of depth in the technical analysis of vulnerabilities and global indicators of the state of the park. Therefore, it addresses not only technical players (management, operations…) but also experts. It takes into account the criticality of applications and infrastructures to provide you the most effective recommendations (prioritisation, analysis, solution).
Assess the level of protection and to detect the vulnerabilities present on your information system in a recurring way
Provide global indicators tailor-made by the Orange experts to enable your CISO and your management to follow the evolution of the level of security of your assets
To delegate the administration, configuration and implementation of the vulnerability scan solution to the Orange expert teams thanks to our managed service solution.
Thanks to its strong experience on cyber security, Orange ensures you a peace of mind:
In order to contextualise the analysis of vulnerabilities, recommendations and global indicators allowing patch management monitoring, Orange chose to propose 3 types of reports tailored to the customer needs:
Here below are some examples of reports:
If you are an operator or an ISP, but also a reseller on your local market, our Data Vulnerability Assessment service can be easily resold to your local ISPs or Corporate customers thanks to our B2B option.
Following a period of setup where Orange collects the list of assets you would like scanned (external IP addresses, external web sites), on a regular basis we provide you with industrialised and optionally customised reports according to your needs via a secured web portal, to which you will have access.