Data Vulnerability Assessment

In an increasingly complex environment – both in terms of technical equipment exploitation and increasing threats – managing and controlling vulnerabilities are key success factors.

In 2016, for example, an estimated 78% of business compromises were based on the exploitation of known vulnerabilities.
Knowledge of the level of protection of the company’s infrastructure has therefore become a core element of the CISO’s concerns. This issue presents a double challenge:  

• Securing applications and infrastructures
• Assessment by relevant indicators of the evolution of the overall level of protection of the company

Alternative

Recurring pentest campaigns are one of the solutions envisaged to detect vulnerabilities affecting infrastructures and applications. However, whether these intrusion tests are carried out by in-house teams or external service providers, the cost of this approach remains a deterrent to its systematic adoption. Pentest can be used for advanced analysis but it is not recommended as recurring method.

Did you know?
Furthermore, companies found that in the vast majority of cases (92%), attacks against them were not the result of the exploitation of a 0 day but of unpatched vulnerabilities, often which had been published for more than 6 months (as this was the case with WanaCry and Petya / NotPetya ransom software).
Being protected against such attacks is now a MUST for operators, ISPs or Content providers.

The pragmatic solution
Automatic vulnerability scanning solutions enable recurring and frequent updating of the most critical and often exploited vulnerabilities present on a client’s network and applications.

This automated approach makes it possible to optimise the level of detection and the frequency of diagnostics performed with regard to a financial investment that remains acceptable.

The Data Vulnerability Assessment offer of Orange International Carriers

Data Vulnerability Assessment enables you to detect, quantify and prioritise vulnerabilities in a system (an IP address or a website). Based on an easily deployable SaaS solution, it scans the selected systems on a regular basis and delivers expert reports allowing you to consider remedial action or additional analysis studies.

This managed solution offers, as an option, reports of several levels of depth in the technical analysis of vulnerabilities and global indicators of the state of the park. Therefore, it addresses not only technical players (management, operations…) but also experts. It takes into account the criticality of applications and infrastructures to provide you the most effective recommendations (prioritisation, analysis, solution).

If you are an operator or an ISP, but also a reseller on your local market, our Data Vulnerability Assessment service can be easily resold to  your local ISPs or Corporate customers thanks to our B2B option.

Following a period of setup where Orange collects the list of assets you would like scanned (external IP addresses, external web sites), on a regular basis we provide you with industrialised and optionally customised reports according to your needs via a secured web portal, to which you will have access.