Data Vulnerability Assessment

The context
   
In an increasingly complex environment – both in terms of technical equipment exploitation and increasing threats – managing and controlling vulnerabilities are key success factors.
In 2016, for example, an estimated 78% of business compromises were based on the exploitation of known vulnerabilities.
Knowledge of the level of protection of the company's infrastructure has therefore become a core element of the CISO's concerns. This issue presents a double challenge:  
- Securing applications and infrastructures
- Assessment by relevant indicators of the evolution of the overall level of protection of the company

Alternative

Recurring pentest campaigns are one of the solutions envisaged to detect vulnerabilities affecting infrastructures and applications. However, whether these intrusion tests are carried out by in-house teams or external service providers, the cost of this approach remains a deterrent to its systematic adoption. Pentest can be used for advanced analysis but it is not recommended as recurring method.

Did you know?
Furthermore, companies found that in the vast majority of cases (92%), attacks against them were not the result of the exploitation of a 0 day but of unpatched vulnerabilities, often which had been published for more than 6 months (as this was the case with WanaCry and Petya / NotPetya ransom software).
Being protected against such attacks is now a MUST for operators, ISPs or Content providers.

The pragmatic solution
Automatic vulnerability scanning solutions enable recurring and frequent updating of the most critical and often exploited vulnerabilities present on a client's network and applications.

This automated approach makes it possible to optimise the level of detection and the frequency of diagnostics performed with regard to a financial investment that remains acceptable.

   
The Data Vulnerability Assessment offer of Orange International Carriers

Data Vulnerability Assessment enables you to detect, quantify and prioritise vulnerabilities in a system (an IP address or a website). Based on an easily deployable SaaS solution, it scans the selected systems on a regular basis and delivers expert reports allowing you to consider remedial action or additional analysis studies.

This managed solution offers, as an option, reports of several levels of depth in the technical analysis of vulnerabilities and global indicators of the state of the park. Therefore, it addresses not only technical players (management, operations...) but also experts. It takes into account the criticality of applications and infrastructures to provide you the most effective recommendations (prioritisation, analysis, solution).

  
Offer Key points

The service offered by Orange allows to:

assess the level of protection and to detect the vulnerabilities present on your information system in a recurring way
    
   

provide global indicators tailor-made by the Orange experts to enable your CISO and your management to follow the evolution of the level of security of your assets

to delegate the administration, configuration and implementation of the vulnerability scan solution to the Orange expert teams thanks to our managed service solution.
    

   
Peace of mind

Thanks to its strong experience on cyber security, Orange ensures you a peace of mind:

- The partnership with Qualys, the recognised world leader in Vulnerability Assessment
- Our offer protects ISPs and critical web sites of the French government

     
Reporting Options

In order to contextualise the analysis of vulnerabilities, recommendations and global indicators allowing patch management monitoring, Orange chose to propose 3 types of reports tailored to the customer needs:

- A monthly managerial synthesis, providing the CISO and its management with global indicators on the state of security of the equipment of its fleet and its evolution over time,
- A monthly technical report, integrating context and clarity into the analysis and solutions for the main vulnerabilities detected,
- A quarterly recommendation report, describing a complete remediation plan adapted to the Client context for the 10 most critical vulnerabilities.

   
Here below are some examples of reports:

- Managerial Synthesis -

- Technical Report -

- Recommendation Report -

   
Reseller Option

If you are an operator or an ISP, but also a reseller on your local market, our Data Vulnerability Assessment service can be easily resold to  your local ISPs or Corporate customers thanks to our B2B option.

    
How it works

Following a period of setup where Orange collects the list of assets you would like scanned (external IP addresses, external web sites), on a regular basis we provide you with industrialised and optionally customised reports according to your needs via a secured web portal, to which you will have access.
   

     
Benefits

- We maintain a reference database versus cybercrime actualities ensuring an optimal assessment, which is continually updated. Orange owns the first European private CERT (Computer Emergence Response Team)
- This solution is 100% SaaS without infrastructure to deploy or software to maintain for the customer.
- We propose 2 advanced reporting options fully customisable: Level 2 managerial and technical (2 monthly reports) and Level 3 recommendations (1 quarterly report).
- We offer you the possibility to resell Data Vulnerability Assessment to local ISPs/B2B clients. As such, this solution can be a profit center for you and not only a cost center.
- This is a managed service: Orange takes care of everything! There is no need to worry about learning a new tool or granting additional skilled resources.
- This automated approach makes it possible to optimise the level of detection and the frequency of the diagnostics performed with regard to a financial investment that remains acceptable.

  
Awarded

Orange International Carriers has collected various awards in the recent past. Among them:

- Winner of 2015 Global Telecom Business Innovation Award
- Winner of the 2016 Global Carrier: Best Global Wholesale carrier Data

Our partner, Qualys, has been awarded the 2017 Global Vulnerability Management Market Leadership award by Frost & Sullivan which recognised Qualys among:

- its market leadership: “Frost & Sullivan has monitored VM technology since 2009 and in all subsequent reports, Qualys has been identified as the market leader.”
  
- its product quality: “The availability of different products and strength of reporting platforms has pushed Qualys to the top of global VM market share.”

Don’t wait for an attack… Get your vulnerabilities assessed now!