Thursday, April 16, 2015

Security as a Service / MSS.....Why?

Security as a Service / MSS.....Why?

A number of factors are driving the need for managed security services (MSS) which are namely expertise, cost and consistency. 

Key concerns when considering an MSS should be included as detailed below:

Cost: The associated cost benefits of using some MSS providers may appear a very attractive proposition. 
MSS provides the ability for a company to have deep security expertise without the associated cost of full time employees. 

For example our edgescan™ service gives our clients access to our security engineering team whom manage the security posture of their assets. A managed service should give you the ability to reduce your Capital Expenditure and control your security-spend without sacrificing quality.
Using an MSS, you can maintain your security posture but reduce overall Cost of ownership.

Accuracy: Security is about covering all the bases; a defender needs to manage all vulnerabilities, whilst an attacker needs to exploit only one (vulnerability).

Accuracy covers two aspects of MSS;
  1. Firstly the ability to detect and manage discovered vulnerabilities with confidence
  2. Secondly to reduce the time required by the business to patch, fix or configure due to the quality of the vulnerability information delivered via the MSS provider.

For example, our clients value the hybrid approach we have to vulnerability management which involves human validation of every discovered vulnerability and results in virtually “false positive free” security intelligence.

Your MSS should provide you with accurate, actionable security information.
Compliance and continuous management

Threat & Vulnerability management and meeting compliance requirements via  a 24/7 security assessment remain the primary drivers for considering an MSS. 
Your MSS should assist with demonstrating compliance and continuous improvement via management information dashboards and extensible API calls for integration into your technology “stack”.

MSS can also assist you in reallocating existing resources to other security areas, or the need to engage deeper or broader expertise than is available in-house. 
Your MSS should address requirements where you don’t have in-house expertise. is a managed security service developed, managed and delivered by BCC Risk Advisory. It's a cloud based vulnerability management platform and helps clients discover and manage system vulnerabilities on an ongoing basis. 

It significantly reduces the cost of ownership while increasing cybersecurity resilience significantly. 
edgescan provides continuous vulnerability assessment coupled with a customized reporting portal and APIs set to help you understand what vulnerabilities your business faces.

edgescan assesses the security of both web/mobile applications and associated servers, or indeed any deployed systems, giving you “full-stack” vulnerability management.

Tuesday, April 14, 2015

Red Herring European Top 100 & edgescan v3.0

Our edgescan managed penetration testing service, today announced it has been selected as a Finalist for Red Herring's Top 100 Europe award, a prestigious list honoring the year’s most promising private technology ventures from the European business region.


The Red Herring editorial team selected the most innovative companies from a pool of hundreds from across Europe. The nominees are evaluated on 20 main quantitative and qualitative criterion: they include disruptive impact, market footprint, proof of concept, financial performance, technology innovation, social value, quality of management, execution of strategy, and integration into their respective industries.

This unique assessment of potential is complemented by a review of the actual track record and standing of a company, which allows Red Herring to see past the “buzz” and make the list a valuable instrument for discovering and advocating the greatest business opportunities in the industry.

Being a Red Herring Europe Top 100 finalist has verified to us that our solution is being viewed as a strong contender in the vulnerability management marketplace and solves a very common issue in a unique and robust way

"This year was rewarding, beyond all expectations" said Alex Vieux, publisher and CEO of Red Herring. "There are many great companies producing really innovative and amazing products in Europe. We had a very difficult time narrowing the pool and selecting the finalists. BCC Risk Advisory shows great promise and therefore deserves to be among the finalists. Now we’re faced with the difficult task of selecting the Top 100 winners of Red Herring Europe. We know that the 2015 crop will grow into some amazing companies that are sure to make an impact."

edgescan v3.0 - soon to GoLive:

Major improvements of edgescan 3.0 include:
  • Better integration of third-party tools and products – an API (application program interface) extension allows users to integrate with JSON, XML, AVDL and CSV. 
  • An API which now allows for integration with third-party GRC, bug tracking, and is supported by a rich query language and customisable metrics.
  • Configurable vulnerability alerting – users can set up and receive alerts via email and SMS to keep up-to-date with vulnerability scans. In addition, so-called asset delta alerts inform customers whether servers are down, newly introduced, if a port or system has been enabled without knowledge or if a vulnerable system/service is exposed to the Internet. 
  • Improvements in scheduling – users benefit from an improved visibility into defined vulnerability testing schedules and a calendar control that displays schedules.
  • Multifactor Auth (MFA) is available for all users
  • Better user experience – a new dashboard user interface facilitates dynamic graphing and visualization as well as “one-click” image capture for reporting

v3.0 Administration Dashboard: to be deployed as "edgescan Lite" in 2015

More about edgescan on