Vulnerability Management-as-a-Service

Services » Managed Security » Vulnerability Management-as-a-Service

Security flaws and misconfigurations no longer a weakness.

That’s the power of actively IDENTIFYing and managing vulnerabilities.

One of the most common means that threat actors use to compromise your security is taking advantage of systems with lingering security flaws and weak configurations. With Assura’s Vulnerability Management-as-a-Service (VMaaS), you keep the bad guys from finding and exploiting those weaknesses, in addition to ensuring compliance with all industry standards. VMaaS includes ongoing vulnerability scans, detailed vulnerability reports, a guided explanation of what it all means, and more. Each VMaaS client is assigned a dedicated service Concierge from our Offensive Security Operations team. Your expert will facilitate a monthly conference to highlight trends and make treatment recommendations. These added insights provide you with an “attacker’s eye view” of your attack surface.

VMaaS has two service options.

Basic

  • Vulnerability scans with industry-leading tools
  • All vulnerabilities reported into our unified vulnerability management platform for remediation assignment and status tracking
  • Each vulnerability is enriched by Mandiant Advantage vulnerability intelligence so you know whether it’s being used by real attackers
  • Receive risk-based remediation guidance from our experts to prioritize most immediate needs first
  • Compliance with all applicable industry standards

Advanced

Get all the goodness of Basic in addition to:

  • Scans to assess compliance with major standards such as HIPAA, PCI DSS, and Center for Internet Security benchmarks
  • Compliance and vulnerability scanning of workloads in AWS, Azure, and GCP
  • Integrations with over 100 scanners and external tools for unified vulnerability management
  • Integration with major service desk platforms
  • Deeper integration into your technology tool chain

Compare our plans.

Basic Advanced
Identify vulnerabilities powered by Tenable.io X X
Vulnerability management and automation portal X X
Exploitability data enriched with Mandiant vulnerability intelligence X X
Risk scoring contextualized based on CVSS score, exploitability, and system criticality X X
Integration with major service desk platforms X X
Notifications to Teams, Slack, Email, Webhooks, and SMS X X
Dashboard and Analysis X X
Monthly reporting conference with Concierge from Assura’s Offensive Security Operations team with guidance on remediation X X
Full integration with Assura’s Virtual ISO service X X
Custom Vulnerability Management Policy and Procedure if the organization does not have them X
Compliance audits with major frameworks such as PCI DSS, HIPAA, and CIS Benchmarks X
Integration with over 100 different products including asset management, bug bounty, and application security products X
Initial and semi-annual asset discovery scans that can be imported into organization’s CMDB X
Add PCI DSS scans from Approved Scanning Vendor X
SAML Single Sign-on (SSO) X
Learn More Learn More

Compliance and security for any industry.

Guaranteed compliance with the following standards and regulations.

CJIS

FFIEC

CMMC

HIPAA/HITECH

HITRUST CSF

ISO 27001/27002

IRS 1075

NIST CSF

NIST SP 800-53

NIST SP 800-171

PCI DSS

SOX

SSAE-18/SOC 2 & SOC for Cybersecurity

State-level data breach reporting and cyber security standards and data protection laws

If you get audited, Assura has you covered. Our AuditArmor™ Guarantee means that we guarantee our work to be compliant with the identified cybersecurity frameworks and regulatory requirements (unless waived by you). We defend our work at no additional cost. Yes, we’re serious. And yes, we’re that confident in the quality of our work. We have you covered from entrance conference to exit conference and will work with your auditor or regulator to defend our work. On the off chance that a change needs to be made to the deliverable, we’ll do that for free. It’s that simple.

How we’ve helped to protect industries like yours.

Education
Protecting a university’s network against both hackers and a student workforce.

A university approached Assura with a unique challenge that most other organizations don’t have. Because they employ students to help run various aspects of the school, they needed a way to ensure these work-study employees didn’t accidentally put the university’s data at risk.

Government
Delivering cybersecurity solutions to 11 Virginia government localities at one time.

The Federal Emergency Management Agency (FEMA) challenged the Commonwealth of Virginia with helping to secure elections and making government localities cyber secure. Assura was approached by nearly a dozen together needing to overcome the same challenge in the same timeframe, yet each with its unique path to reaching success.

Business
ProDefense™ XDR: Quickly securing a global company's all-new virtual data call center.

A U.S. government contractor tapped a global company that specialized in workforce mobilization and staffing to create and staff a call center. Typically, this would not have been a significant challenge. However, this happened at the peak of the COVID-19 global pandemic, which meant the data center needed to be 100% remote while still being 100% compliant with Federal cybersecurity regulations – seemingly incompatible requirements. Assura had the solution.