Security Vulnerability Scanning Service

What You're Up Against

  • You need to minimize your investment in information security and compliance.
  • You’re in need of an easy way to discover the low-hanging vulnerabilities on your Internet-facing hosts.
  • You want to establish a good security baseline or perhaps you need to map your network environment based on how the outside world sees it.
  • You need help certifying your compliance with government regulations such as PCI DSS, HIPAA, and GLBA or your need a better way to report on your current security and/or compliance status.
  • You need help resolving your system vulnerabilities in a streamlined fashion.
  • You don't have the staff, or you want to keep your staff focused on more strategic projects, or, perhaps you've had a breach or not-so-good audit or assessment report and you need to tighten things up quickly. Basic security scans are becoming commoditized. Outsourcing this service can save you a lot of money compared to managing the process in house.

Why Use Me

  • You’ll get what you pay for. I can confidently say that I bring some of the industry's best expertise to this service that you’ll truly benefit from. My work is all about security assessments – day in and day out. I know what works and what doesn't. I can help take the pains and hassles out of your automated vulnerability scans and, at the same time, provide an unbiased an independent view of your security status.
  • I have over 21 years in the industry, over 14 years experience in information security, and over 10 years experience working with vulnerability scanners. You're not going to have some random business person jumping on the SaaS bandwagon because it's a money-making opportunity. You're going to get a seasoned information security veteran who understands both the technical and business aspects of vulnerability scanning.
  • I use a commercial vulnerability scanning tool - not freeware and not open source. Why? Because I’ve found that commercial tools find more of the vulnerabilities that count, they have less false-positives, they're well-maintained, and they generate nice reports you'll be proud to share among your peers and with management. Furthermore, the tool I use scans for over 7,000 known and potential vulnerabilities in your network devices, operating systems, and Web servers. You’re going to be hard-pressed to find that anywhere (commercial tool or otherwise).
  • I can provide you with both basic security scans and PCI Council ASV scans. I'm your one-stop shop for security vulnerability scans.
  • Given the uncertain times, whether you end up losing employees or adding new systems, if you need to tweak the scan services I provide it’s no problem. I’m flexible – all you have to do is say the word.
  • With my business model, I have the time and can afford to provide you the level of service you need.
  • You’ll know what you'll get going in. Period.

How My Scanning Service Works

  • Everything is accomplished via the Internet in 5 simple steps:
    • You tell me which IP addresses you want to scan.
    • You tell me when you want them scanned.
    • You pay for the scans (we can send you an invoice or you can pay online via credit card).
    • The scan(s) run.
    • I’ll send you the scan results in a PDF report. Here's a sample report so you can see what you'll get. We can also do trend reports if you need to share how things are improving over time.
  • You'll get up and running immediately. No hardware to setup. No licenses to buy. No systems to configure. No data center operational costs. No support costs. And no need to hire people with the right skill set to manage the process.
  • You can do a one-time scan or we can work out special pricing for recurring scans. Be it daily, weekly, monthly, whatever – it’s your choice. I’m flexible.

Additional Services I Offer

  • I’ll admit there is a downside to these security scans. As I wrote about here you have to take your security scan results with a grain of salt and not rely on them completely for your overall security.
  • If you want more expertise, insight, and context to your security scans, for an additional fee (contact me), I will review your scan results and create a prioritized summary report that outlines what’s exploitable and what’s important so you’ll know where to focus your efforts. I’ll provide email and telephone support for your vulnerability-related questions at no additional charge as well.

Pricing

  • I'll make it easy for you to buy. I won't have to talk to you over the phone or come onsite and do a lengthy assessment. You won't have to fill out an annoying questionnaire. The only requirements are that you give me permission to run the scans and you pay in advance. That’s it. I'm not going to lock you into a contract, charge you a monthly fee, or be inflexible on my terms. I know what it's like being on the receiving end of leases, memberships, and service contracts. I'm confident enough in what I do that I’m all for competition. If you ever feel that I'm not providing the level of service you shouldn't be held hostage until a contract ends.
  • For pricing and more details please contact me.

information security seminar, expert witness, computer security expert witness, information security expert witness, daubert, compliance expert witness, hacking expert, keynote speaker, security keynote speaker, well-known security expert, web security consultant, security training, web security assessment, independent web security audit, independent web application testing, network vulnerability scanning, network scan, security testing, penetration testing, software security expert, web application security, vulnerability testing, vulnerability scan, security scan, information security pre-audit, security gap analysis, qualysguard, qualys, webinspect, web inspect, PCI audit, PCI assessment, PCI scan, security saas, HIPAA consultant, GLBA consultant, web site security consultant