What is vulnerability scanning?

A vulnerability scan is an automated scan that is designed to look for areas of potential exploitation on a computer, network, or application to identify security holes. The scan looks for, and classifies, system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures.

A vulnerability scan allows you to identify the risks of your computer systems and allow you to easily detect which areas have vulnerabilities associated. These may be made up of unpatched software, security misconfigurations, default credentials and more. Using a scan regularly, you are ensuring that the risk of compromise is reduced.

Benefits of a vulnerability scanning

By performing a vulnerability scan, you can check for known vulnerabilities and provide exploit protection capabilities within your systems before it’s too late. Vulnerability scanning also helps to ensure that there is a repeatable process to scan against your systems and give you piece of mind that you are aware of any potential threats within your system.

Depending upon your contractual agreements, it may be necessary to perform regular scans to satisfy legal requirements.

Our vulnerability testing, tests for critical vulnerabilities which are known to be exploitable and publicly available for use by malicious attackers. The tests are scored against the standard CVSS scoring system, which ranges from 0 – 10.

Once scanned, you can review your risks, where necessary, update your risk register accordingly and help to keep your systems protected.

Why should I have a scan as a managed service?

Having regular vulnerability scanning as part of a managed security service across your infrastructure and/or web applications is good practice. This helps to ensure that you are helping to protect your business and reputation against external threats.

A managed vulnerability scan service allows InfoSec Governance security consultants to perform a remote based monthly scan and report upon the findings in an easy-to-understand traffic light styled report. This allows you to receive regular vulnerability security scans for a small monthly fee saves you money and resources by not having to employ additional staff or tie staff up in other activities.

Every month you will receive a scan across the devices which have been agreed upon, then once complete a traffic light styled findings report, which has been checked manually will be provided detailing any findings, and where appropriate remediation advice to resolve the issues. Not only do you have a scan and report, but you will also have access to an experienced consultant who can help you understand what needs to be resolved.

Where a remote scan via your Virtual Private Network (VPN) is not possible, InfoSec Governance will look to place a small device on your network to allow us to connect and scan from within the network. This will be at a small additional cost of £100 + VAT upon deployment.


The cost for a managed vulnerability scan is based upon the following rate and will be payable via monthly Direct Debit payments:


Number of devices Cost (ex VAT)

Per month

0-254 £200

If you have more than 254 devices or would also like your wireless network scanned for rouge access points on a monthly basis, please contact us at [email protected] for further information.