Vulnerability Management

This service involves the selection, installation, and configuration of an appropriate tool for effective vulnerability management based on the organization's needs. It also includes the option for outsourcing the operation using external resources when necessary. Within this service, all necessary consultancy and expert support are provided from the moment vulnerabilities are identified until they are remediated. It involves generating reports in compliance with regulations, asset discovery and tagging, managing findings and processes, and prioritizing to ensure swift resolution of issues.

This service ensures the continuous discovery and testing of all systems that could pose risks to the organization. It involves conducting regular penetration tests and vulnerability scans at specified intervals. The service covers testing applications and systems before they go live, monitoring them in live environments after deployment, and providing other security testing and analysis services as required. All findings identified during the assessments are tracked through the vulnerability management system, aiming to keep the organization prepared for emerging threats, remediate vulnerabilities, and enhance resilience over time.

This service allows for the passive detection of vulnerabilities that may affect the organization's systems through inventory management and tagging. It utilizes software developed by Cyberwise and constantly tracks new vulnerabilities, vulnerability trends, and exploit databases to provide alerts and notifications. The service can be provided in conjunction with or separately from vulnerability management and continuous penetration testing.

By monitoring publicly available sources on the Internet, such as archives, search engines, deep web, and social media platforms using open-source intelligence (OSINT) techniques, this service delivers real-time alerts on potential threats related to the organization's brand, domain, email, IP addresses, social media accounts, and other areas of concern in terms of information security. It ensures continuous monitoring of these sources for the organization.

These services involve managing risks, vulnerabilities, and threats originating from business partners, members, or suppliers on behalf of the organization. Risk scoring is performed based on various categories using a vulnerability and threat management approach. Throughout the service, support is provided for asset management, prioritizing risks and vulnerabilities, and facilitating their remediation.

This service involves the selection, installation, configuration, and operation of an appropriate tool for effective vulnerability management based on the organization's needs. It also includes the option for outsourcing the operation using external resources. All necessary consultancy and expert support are provided within this service from the moment vulnerabilities are identified until they are remediated. The service ensures the organization's automated vulnerability scanning needs are met and manages the findings. The scope of the service includes:

  • Installation of a vulnerability management system and vulnerability scanning tool
  • Remote operation and maintenance of the vulnerability management system
  • Provision of expert resources to operate the system
  • 5x8 telephone and email support
  • Planning and execution of periodic vulnerability scans
  • Evaluation of scan results, assignment to responsible parties, and communication of resolutions/recommendations
  • Conducting verification tests and gathering evidence
  • Tracking an inventory of defined assets for new vulnerabilities
  • Entering and assigning vulnerabilities reported outside of the vulnerability scanning tool
  • Preparation of necessary reports using the vulnerability management system

Other aspects related to the service are as follows:

  • The Bizzy platform developed by Cyberwise is used as the vulnerability management platform, and Tenable Nessus Professional is used as the vulnerability scanning tool.
  • All licenses are valid for one year.
  • The Bizzy license is limited to 1000 assets.
  • Remote access to the management system is provided via VPN.
  • Periodic scans are conducted monthly.
  • Prior to assigning vulnerabilities, vulnerability or system responsibility information must be prepared by the organization.
  • The responsibility for remediating vulnerabilities lies with the organization's experts.

This service encompasses the selection, installation, configuration, and operation of an appropriate tool for effective vulnerability management based on the organization's needs. It also includes the option for outsourcing the operation using external resources and covers the organization's needs for penetration testing. All necessary consultancy and expert support are provided within this service from vulnerability identification to entry into the system and remediation. The service ensures the organization's automated vulnerability scanning and penetration testing needs are met and manages the findings. The scope of the service includes:

  • Installation of a vulnerability management system and vulnerability scanning tool
  • Remote operation and maintenance of the vulnerability management system
  • Provision of expert resources to operate the system
  • 5x8 telephone and email support
  • Planning and execution of periodic vulnerability scans
  • Conducting penetration tests once a year via the Internet and the local network of the organization
  • Evaluation of scan results, assigning responsibilities, and providing solutions/recommendations
  • Conducting verification tests and gathering evidence
  • Participating in meetings for evaluating penetration test findings
  • Monitoring the defined asset inventory for new vulnerabilities
  • Entering and assigning vulnerabilities reported outside of vulnerability scanning tools into the system
  • Conducting penetration tests for newly deployed systems throughout the year
  • Preparation of necessary reports using the vulnerability management system

Here are some additional points regarding the service:

  • The Bizzy platform developed by Cyberwise is used as the vulnerability management platform, and Tenable Nessus Professional is used as the vulnerability scanning tool.
  • All licenses are valid for one year.
  • The Bizzy license is limited to 1000 assets.
  • Penetration tests include accessible systems owned by the organization and managed by the organization. The scope of work is determined based on the scope provided by the organization.
  • Penetration tests are planned to be conducted once a year.
  • Remote access to the management system is provided via VPN.
  • Periodic scans are conducted on a monthly basis.
  • To assign vulnerabilities, prior vulnerability or system responsibility information must be prepared by the organization.
  • The responsibility for resolving vulnerabilities lies with the organization's experts.
  • The item for conducting penetration tests for newly deployed systems is limited to 10 person-days. If this limit is exceeded, the additional service will be charged separately based on a determined daily rate.