Penetration Testing & Vulnerability Scanning

Your infrastructure and connected systems hold critical data for your business. Regular evaluations of your environment through vulnerability scanning and deeper penetration testing of your infrastructure are key to assurance of a secure environment.

For many smaller organisations penetration testing has historically been too prohibitively expensive and inaccessible to be considered as a key element of their IT security eco-system. Evolve North have changed that and developed a series of bespoke SME infrastructure security and penetration testing packages that remove the hurdles and allow all organisations to build it into their IT security strategy. In carrying out penetration testing and vulnerability scans, we analyse the systems and networks you rely on by conducting a number of tests designed to identify any weaknesses, utilising publicly known vulnerabilities and common configuration faults. Our experienced technicians review the output from the testing, evaluating and analysing the results to create a comprehensive report provided to you with relevant advice on addressing the areas of concern and developing a remediation strategy.

For our PCI compliance clients we offer a PCI SSC Approved Scanning Vendor (ASV) service to carry out your external vulnerability scans and adheres to requirement 11.2.2. The service is easy to configure and schedule, running against your external IP address base and selected hosts to detect known vulnerabilities and provides quick access to compliance reports that can be submitted to your acquiring bank. Of course, we can also offer vulnerability scanning to our non-PCI clients, and the same flexibility and ease of configuration makes regular monitoring of your infrastructure a breeze.

Additionally, we provide internal SIEM, file integrity and log management solutions to give your organisation a comprehensive approach to security monitoring. With these tools, you get unparalleled visibility, accurate alerting and incident response as well as continuous threat intelligence against emerging exploits and attacks. Deploying this technology on your internal network is an essential when it comes to meeting the continuous monitoring and threat prevention requirements of GDPR, PCI DSS and ISO27001.