Advanced Vulnerability Management Service

Automated vulnerability scans are a critical first step, but they are not enough. To understand how vulnerabilities can be exploited and the true risk they pose when combined, penetration tests that reflect an attacker's perspective are essential. This requires a holistic approach that integrates continuous vulnerability management with targeted penetration testing.

At Cyberwise, we deliver this holistic approach through our Advanced Managed Vulnerability Service. We handle the selection, installation, and configuration of the appropriate tools, operate the system as a managed service, and perform necessary penetration tests for your organization. We provide end-to-end consulting and expert support—from vulnerability identification to remediation—and ensure the complete management of findings from both automated scans and penetration tests.

Service Scope

• Installation of the vulnerability management system and scanning tools.
• Remote operation and maintenance of the vulnerability management system.
• Allocation of expert resources to operate the system.
• 5/8 telephone and email support.
• Planning and execution of periodic vulnerability scans.
• Annual external and internal penetration testing.
• Evaluation of scan results, assignment to responsible parties, and delivery of solutions/recommendations.
• Execution of verification tests and evidence gathering.
• Participation in meetings required for the evaluation of penetration test findings.
• Monitoring of the defined asset inventory for new vulnerabilities.
• Manual entry and assignment of vulnerabilities identified outside of the scanning tool.
• Penetration testing for new systems deployed during the year.
• Preparation of required reports using the vulnerability management system.

Other Service-Related Details

• The vulnerability management platform used is Bizzy, developed by Cyberwise. The vulnerability scanning tool is a commercial or open-source tool selected by the organization that is compatible with Bizzy.
• All licenses are valid for 1 year.
• The Bizzy license is limited to 1000 assets.
• Penetration tests cover internet-facing and internal systems owned and managed by the organization. The scope of work is limited to the scope provided by the organization.
• Penetration tests are planned to occur once a year.
• Remote access to the management system is provided via VPN.
• Periodic scans are conducted monthly.
• Information on vulnerability or system ownership must be prepared by the organization beforehand to facilitate assignment.
• Vulnerability remediation is the responsibility of the organization's experts.
• The work item for penetration testing of systems deployed during the year is limited to 10 person/days. Requests exceeding this will be billed separately based on a determined person/day rate.

Manage known vulnerabilities and validate your resilience against real-world attack scenarios with Cyberwise's Advanced Managed Vulnerability Service.