Vulnerability Assessment Services
The Vulnerability assessment and information service helps detect and manage internal and external vulnerabilities within your IT estate, helping you to manage your security risks, compliance and quality. The service is available as a single supplier framework agreement through Khipu Networks.
About the service
JISC procured the Vulnerability Assessment Service on behalf of the UK education and research sector, awarding a single supplier framework agreement with Khipu Networks. Following a rigorous OJEU competitive tender process, Khipu were selected to provide the following services:
- Vulnerability assessment: Provides automated, predetermined security vulnerability assessments of your IT assets.
- Vulnerability management: Produces reports which verify IT assets against new vulnerabilities and provide measurable information on improved IT security.
- Vulnerability information: Keeps track of announcements, vulnerabilities and patches in your IT infrastructure.
Key features and benefits
The service meets the highest security standards and is ISO9001 and ISO27001 certified. It helps your organisation to detect vulnerabilities such as Heartbleed and Shellshock.
The service is specifically tailored to meet the needs of the UK education and research sector and offers you the flexibility to scan your own networks and generate bespoke reports on known security vulnerabilities specific to your systems. These might include user owned devices and network enabled devices such as routers, printers, telephones and webcams.
This solution can be integrated into your organisation’s existing infrastructure easily, to significantly increase your broader security defences. Its service tools integrate well with other IT security functions and installations e.g. firewalls, ticket systems and SIEM.
The service automatically verifies whether your IT security policies are followed and implemented through compliance and secure configuration modelling. By identifying and resolving vulnerabilities on your network, the service helps your organisation reduce the risk of information security breaches and associated costs.
Saved purchasing time
Jisc selected Khipu Networks following a rigorous OJEU competitive tender process, saving you time and money so you don’t have to undertake your own procurement exercise.
David Willcox, Head of Networks, Birkbeck University of London
The implementation of Khipu’s Pro-Active Support Service ‘KARMA’ was straightforward and it highlighted potential problems the first weekend in operation, preventing a potential service outage. We welcome anything which improves our monitoring and notification capability, and KARMA has proved its worth a number of times since, while releasing staff from day to day monitoring and housekeeping tasks.
Head of Systems & Security, University of Nottingham
Using Khipu’s remote registration solution, the student move-in period for 2012 was our most successful in-take to date. We had over 5,500 students remotely register to our service so that upon arrival, they simply connected to our network as if they were at home, with no impact to their experience or to our helpdesk service team.
These services are combined into four different packages. The first three are provided as managed services and the fourth is a self-managed approach where Khipu Networks provide maintenance and support.
Scanning of named public-facing IP addresses for PCI compliance with self-assessment or PCI-DSS ASV Cert through a centrally hosted solution
External and URL scan
Scanning public-facing IP addresses and website URLS through a centrally hosted solution.
Scanning of internal assets through a deployed device/ sensor or tunnelled connection.
Includes all other packages except PCI-DSS ASV using a deployed appliance supported by Khipu networks.