Introduction to CheckScan+

CheckScan+ is a new Managed Vulnerability Scanning Service from CommSec. CheckScan+ combines industry leading application / infrastructure scanning technology and security expertise from our consultants. This hybrid service is designed for those who seek the assurance that consultant guided testing can provide.

CheckScan+ has a sophisticated scanning engine designed and maintained by security experts. It supports all forms of authentication via a scriptable browser interface.

Service

CheckScan+ is fully supported throughout the scanning engagement, from scoping and configuring your scans, to helping you understand and analyse your results.

The service gives you access to technical support that is provided by our Security Analysts. We are available to explain the results in greater depth, remove false positives and provide remediation advice once initial testing is complete.

GoScript

GoScript is a simple scripting language that defines application workflows, so that the scanner can interact with your application, allowing for complex workflow testing. It can also be implemented to complete multi-stage authentication.

Support to create basic GoScripts for your application is included in the service. More complex scripts may need to be developed separately by one of our consultants.

Benefits

The full benefits of CheckScan+ are:

  • Full access to unlimited CheckScan+ scans
  • Removal of false positives by our support team
  • Pre-defined scan templates
  • Basic GoScript writing support if required
  • Technical support from our Security Analysts
  • In depth explanation of results
  • High quality, detailed reports
  • Full management of the scanning process including scheduling, configuration and management

Automated Penetration Testing

Traditional penetration testing is an important part of security management. However, this testing can be expensive and only shows results from a point in time. Continuous security testing is required to give visibility on an on-going basis.

CheckScan+ can give continuous visibility of vulnerabilities in your environment. Scans can be scheduled to run regularly, and additional scans can be run on-demand. By continuously scanning your environment, vulnerabilities can be spotted and remediated quickly, instead of waiting for an annual penetration test to find them.

CheckScan+ Process

CheckScan+ follows a simple 4-step continuous process:

  1. Scan
    Once a scan profile has been configured, it can be scheduled to run regularly. An on-demand scan can also be run whenever it is required. Scans can be scheduled to run outside of business hours or during specific testing windows.
  2. Detect
    CheckScan+ will use industry-leading technology and the latest intelligence on threats to detect vulnerabilities in your IT environment.
  3. Analyse
    Once the scan has completed, the results will be available to our team of Analysts. The results will be reviewed for false positives and the findings will be validated.
  4. Report
    A report will be produced which gives concise results in a meaningful format. Findings will have a detailed explanation and suggested remediation steps.

cyber security

What our customers say about CheckScan+

“We had been using a legacy vulnerability scanning service provider for several years and were pretty happy with its performance. However, when we did a free trial of the CheckScan+ service from CommSec and tested it head to head against the incumbent solution we were very impressed by the additional performance.
The CheckScan+ solution found more issues and more vulnerabilities than our older system – which was a shock to us as the old system was very good. However the CheckScan+ solution proved to be more advanced and in addition to its powerful scanning, it proved to be a very easy system to integrate into our software development lifecycle and it has actually reduced our costs in this area too. We would highly recommend it.”

Stephen Bishop, CTO for Time Data Security Ltd (TDS)

“When we were looking for a vulnerability scanning tool we had expected the best solution to be one of the traditional vendors that have been established a long time in this space. We liked the CheckScan+ story from CommSec but we needed to test it in practice, so we gave the solution a real technical exam, head to head with the leading scanning tool in the market.

The outcomes surprised us to say the least. Not only did the CheckScan+ solution from CommSec find more vulnerabilities than the market leader; even when we told the other vendor what vulnerabilities CheckScan+ had found and where they were – the other platform still couldn’t find them! In addition, the CheckScan+ service also proved better in the sense that with the legacy vendor’s product, we would have had to assign the scanning process and remediations to our internal team, using valuable time and resources. The CheckScan+ service allows my team to focus on our core function – which is software development and enhancing our offering to our customers. We can do this now, assured that the CheckScan+ system is continuously scanning our environment and captures all potential vulnerabilities we may have.”

Philip Thompson, Head of IT and Security for MyComplianceOffice (MCO)