How it works
Secure of [secure] is a 12-month subscription service available in basic and plus levels. The basic level looks at your public facing services. The Plus level looks inside too, and addresses Cyber Essentials and Cyber Essentials Plus certifications from the UK Government.
The system is simple and practical to use regardless of your technical abilities; and at the base level all you need to know to get up and running are three things:
• your company name;
• your domain name; and
• your email address.
Your internet exposure is the sum of all possible security risks your business faces from the public internet. It can also be explained as the aggregate of all known, unknown, and potential vulnerabilities, and controls across all hardware, software, and network components. Accessing different locations, components, and layers (including hardware/software) of your exposed systems and applications, an attacker can exploit one or more vulnerabilities and mount an attack. In other words, your exposure can be described as the sum-total of all “attackable touch-points” on the network.
We have grouped these “attackable touch-points” into seven common areas and graded them from A to C using the easy to understand Red, Amber and Green colours.
For a modern business, exposure is complicated and difficult to track. It is constantly expanding, and the threats that target it continuously shape-shift and adapt to the latest in network defenses. By understanding your exposure and working with a secure partner to limit it, you will be in a good position to survive the ever increasing threat from cyber attack.
Vulnerabilities are weaknesses in applications, operating systems or firmware at a hardware level. They exist everywhere are each weak more vulnerabilities are published. Most get fixed. Some do not. With all of our subscription levels, there is an element of internal and external vulnerability scanning and an amount of engineering time included to help with fixes.
We track vulnerabilities at two levels. The first, as shown below, is at an overall level. This is a sum total of all vulnerabilities and then it is broken down into individual risk areas.
Tracking the total number of vulnerabilities is useful, but it is important to know which applications or systems have the vulnerabilities. From your account you can view this, in the Vulnerabilities by Host section. Here you can see the number of Critical, High, Medium and Low vulnerabilities. You can also request a report on a particular host so you can understand the vulnerabilities better. You can also request the host be rescanned following any remediation work.
While our competitors use the term “Vulnerability Management” to mean the scanning, monitoring and reporting of vulnerabilities found, we are still the only Cyber Security firm to offer a fix service.
For every host within your account that you scan, you can generate a PDF report for it. The report will include the overall risk level that host poses to your business along with the vulnerabilities and a short description on host to fix the issue.
There are important for your business in a number of ways. You can use these to prove your level of security to customers, leveraging the service to provide you with a competitive edge and a better chance of securing further business.
These reports are essential for proving compliance during audits. Useful in GRA, Financial, PCI-DSS and RTS audits, virtually every regulatory standard now requires vulnerability scans to prove compliance.
Vulnerability scanning is even required by GDPR, and the reports are the evidence that you are doing this.
In preparing to meet GDPR compliance requirements, you must observe a minimum set of security controls to avoid both penalties and loss of customer trust. Those related to and delivered by Secure are:
• Visibility of your IT environment
• Asset criticality rankings
• Reporting with full support for GDPR compliance
To attain GDPR compliance readiness, you need complete visibility into your IT assets through blind spot detection and an assurance that your applications are hardened against exploits and misuse.
Secure helps you on the way to demonstrating your GDPR compliance.
Secure+ is a complete solution to help you address both known and unknown vulnerabilities hidden in your applications, assets and networks to meet any compliance challenge.
Cyber Security for any size of business
CREST member company
Team of friendly certified experts
I so enjoyed Peter as a member of my Chief Information Security Officer Council at Microsoft Ltd UK. He always provided a unique insight into IT security issues of import to many global companies who were also members. A respected and senior member of the IT community, Peter and his business stands out as honourable and are the people you would want on your side.
Edward P. Gibson, Microsoft
We have used Hedgehog’s services for 7 years now. Always professional and leading in the field of Cyber Security, I have never looked back. Over the years they have regularly provided top tier penetration testing and cyber security consulting. I look forward to the next 7 years with them.
Maurice Whittaker, TWI
Peter and his company, Hedgehog Security, has been a fantastic partner/customer/advisor/anything else someone could be for me and Rapid7 sense I met him a few years ago. Their collective depth of knowledge and understanding of what's actually important in the security space & how to relate it to the business would make them a fantastic addition to any organisations IT/Executive group.
Jason PItzen, Rapid7
I original met Peter at an event where he was the guest speaker at a hacking workshop hosted by a supplier of ours. I knew from that moment I would work with him on many projects going forward. What Peter didn't know about gaining access to an organisations "crown jewels" wasn't worth knowing. He was instantly recommended by me to our then Head of IT at Towry and we proceeded to buy into everything Pete had to offer. A trusted partner and advisor whom I'd have no problem recommending to people who need to protect valuable data within their organisation.
Michael Golding, Towry
Peter is a total Internet Security guru! He can detect a threat to a website a mile off and I have never known him not to get right to the bottom of a security risk. Despite being one of the busiest people, Peter was always happy to help out with any concerns, queries or requests I had concerning security issues. He always resolved whatever had gone wrong within hours, and would always report back to let me know what had been done and what action I needed to take. He and his company are incredibly committed to their work and are a force for good for any company.
Louise, The Telegraph
I worked with Hedgehog on a very challenging project and was extremely impressed by their dedication to get the issues resolved. Hedgehog’s ability to come up with solutions while under extreme pressure is something I realised quickly and I will definitely appreciate their technical input when I am in a bind in the future.
Michael Reynolds, Aruba Networks
Peter is a rare breed of individuals who (like me) have a unique combination of heavy technical skills coupled with excellent managerial and other soft skills that make him a prize for any company. The brief time I worked with Hedgehog was great fun. Peter and his team are very practical but does not give in to any argument if they knows they are in the right. Brilliant person, brilliant company. Highly Recommended.
Amar Singh, Cyber Management Alliance
I worked closely with Peter and his fledgling company during a core network upgrade and found him to be a source of solid knowledge as well as a reliable, dedicated member of the team. The work carried out has proved very robust over the past year.
Duncan Reddish, Royal Botanic Garden Edinburgh
Hedgehogs approach focusses solely on doing what is best for the company as a whole. Completely professional, I always knew I could count on their support and advice when working on any project. A real benefit to the team, and Peter is a guy I hope to work with again in the future.
Alec, CEO Sapphire
Ask us a question, any question at all. As long as it has to do with Information Security / Cyber Security, we will get back to you with an answer.