Internal Vulnerability Assessment
Proactive MSPs should conduct internal vulnerability assessments to help clients secure their networks from the inside — especially if they are subject to PCI DSS requirements. External attacks and network breaches have become so publicized, many organizations may overlook the importance of internal security and risk analysis.
Adding internal vulnerability assessments to your product portfolio allows you to identify where your clients are most vulnerable to insider attacks while bringing another revenue stream into your company.
The Importance of Internal Vulnerability Management
Unlike external vulnerability assessments, which focus on outside attackers trying to penetrate into a company, an internal vulnerability assessment evaluates IT security from the inside. It looks at ways that individuals located inside the company can exploit a company’s network and data assets.
Conducting an internal vulnerability assessment empowers companies to remediate vulnerabilities against:
- Intentional inside attacks (for example, by disgruntled employees, partners, etc.).
- Unintentional attacks (such as accidental deletion of sensitive data).
- Viruses, malware, and other outside attacks that were able to breach the network security boundary.
Vulnerability Scanning: A Can’t-Miss Opportunity for MSPs
Offering internal vulnerability assessments can open a lucrative revenue stream for MSPs — so long as they choose the right solution. Choose the wrong tool and MSPs can encounter a tough road with a lot of hard selling to convince clients of the value associated with vulnerability scanning.
Sure, having a solution that identifies systems and data at risk, who has access to them and how much it will cost to fix vulnerabilities is powerful. But having an intelligent solution that not only fully identifies risk, but quantifies it in dollars, demonstrates the monetary value of the scan in terms of real risk reduction. Having such a significantly compelling aid strengthens your hand immeasurably when it comes to pitching internal vulnerability assessment services to clients.
MSP Risk Intelligence from SolarWinds MSP (Formerly LOGICnow)
MSP Risk Intelligence from SolarWinds MSP allows MSPs to simulate the identity of someone with normal privileges within a client’s IT infrastructure. Using that persona, MSP Risk Intelligence actively tries to expose sensitive data, vulnerabilities and access permissions, and then exploits them in order to breach client systems and gain access to sensitive data.
Using the information collected from the scan, MSP Risk Intelligence calculates, balances, and prioritizes the clients’ financial risk. Then it generates a color-coded, dollar-based risk assessment report that shows, down to the dollar, the financial liability being carried by client systems. By putting risk in monetary terms, you can convince key stakeholders of the importance of investing in security.
With MSP Risk Intelligence, you can take advantage of:
- Vulnerability scanning
- Risk intelligence reports
- Permissions discovery
- Payment data discovery
- PII and PHI discovery
MSP Risk Intelligence's thorough vulnerability scanning tools help you develop a comprehensive internal vulnerability assessment. Discover where the holes in client networks reside to stop exploits before they start.
Scans are lightweight and host-based, so you don't run into permissions issues or eat up a lot of bandwidth. You can search across virtually any type of device, from servers down to mobile devices. And thanks to a nightly sync with the Common Vulnerability Scoring System (CVSS) database, you can rest assured that you'll always be on top of the newest threats.
With MSP Risk Intelligence, you'll find:
- Unpatched software
- Email vulnerabilities and threats
- OS vulnerabilities
- VPN connection threats
Risk Intelligence Reporting
MSP Risk Intelligence makes it easy to show key client stakeholders the financial impact of investing in security. With our reporting feature, you can clearly and powerfully make the case for your services and your value. It allows you to get as granular as you need to demonstrate improvement. And it puts a dollar figure on risk, so it's simple to understand.
With MSP Risk Intelligence, you can:
- Discover how many vulnerabilities are out there and then track them over time, showing improvement or recognizing increases.
- Figure out which devices are a risk for exposing credit card data and discover how much a breach would cost.
- Show changes in risk liability over time to further signal improvement
Export reports as a CSV, PDF or Excel file. You can even brand them with the logo of your choosing.
You don't want data falling into the wrong hands — even if that person happens to be a client's employee. Even if it's not malicious, allowing access to sensitive information can spell bad news. MSP Risk Intelligence allows to you find permissions issues before they become a headache.
Our permissions discovery solution:
- Scans for sensitive data to root out permission mismatches and ensure the appropriate people can access that data.
- Drills down to the file type so you know who has access to what.
- Finds the types of permissions — read, write, etc. — employees have.
Payment Data Discovery
PCI DSS compliance is a must for client's handle credit card information. MAX Risk Intelligence helps by finding payment card information in hard-to-reach places. Search servers, workstations and mobile devices — it can handle all types of technologies, operating systems and file types.
It takes care of required PCI DSS scans (Primary Account Number and internal vulnerability scans). And all data in transit and at rest are encrypted with IPsec or SSL VPN tunnels.
PII/PHI Data Discovery
As with payment card information, personally identifiable information and protected health information must be safeguarded at all costs. A breach could tarnish your client's reputation and lead to potentially expensive consequences because of regulations like HIPAA. That's why our PII and PHI Data Discovery scans are invaluable.
MSP Risk Intelligence helps you find all kinds of PII — email addresses, Social Security numbers and more — in-transit and at-rest. It will even put a dollar figure on each piece. It also helps secure all kinds of PHI — medical records, insurance information, patient charts — to help you stay in compliance with HIPAA.
Trusted by MSPs and IT Professionals Worldwide
When it comes to internal vulnerability assessments, accuracy is king. Accurate results ensure that all windows of opportunities — including those with the highest vulnerabilities and financial exposures — have been sealed shut against possible attacks. On the flip side, inaccurate results distort a company’s real security posture by leaving it exposed to threats that were missed or overlooked while having resources chase down rabbit holes in search of bogus vulnerabilities.
SolarWinds MSP solutions boast unparalleled levels of accuracy. That’s why:
- SolarWinds MSP solutions are trusted by over 12,000 companies worldwide.
- SolarWinds MSP customers run over 260 million remote monitoring checks every day.
- SolarWinds MSP solutions intercepted 8 billion spam messages over the past year.
- SolarWinds MSP solutions stop 1 million quarantined threats every month.
While these benchmarks are impressive, the true key to our success is the way we empower MSPs to take managed services to the next level with our extensive portfolio of leading-edge IT solutions and unique pricing model.
Whether it’s using MSP Risk Intelligence to obtain a hacker’s view of vulnerabilities inside your clients’ networks behind their firewall or any of our other state-of-the-art solutions, we are dedicated to protecting your clients’ networks from top to bottom, inside and out — while enabling you to focus on growing your business.
Sign up for a free trial of MSP Risk Intelligence today!
About SolarWinds MSP
SolarWinds MSP delivers the only 100% SaaS, fully cloud-based IT service management (ITSM) platform, backed by collective intelligence and the highest levels of layered security. SolarWinds MSP’s products including Risk Intelligence, Remote Management, Backup & Recovery and Mail Protection – comprise the market’s most widely trusted integrated solution.
Deployed on millions of endpoints across hundreds of thousands of networks, the platform has the industry vision to define and deliver the future of the market. SolarWinds MSP provides the most comprehensive IT security available as well as LOGICcards, the first ever IT notification feature powered by prescriptive analytics and machine learning.
SolarWinds MSP's passion is helping IT professionals secure and manage their systems and data through actionable insights, rewriting the rules of IT.
For more information, visit www.solarwindsmsp.com.
PCI Compliance Guide: https://www.pcicomplianceguide.org/internal-vs-external-vulnerability-scans-and-why-you-need-both/