The Intruder Service
Overview
The Intruder Service (Essential, Pro or Vanguard Plan) will consist of Intruder Systems Ltd ("Intruder") performing monthly security assessments of the customer's internet-facing infrastructure and applications, as well as internal systems.
Monthly Assessment (ALL PLANS)
The monthly assessment will cover all internet-facing systems in-scope and any internal systems that have an agent installed and a license to cover the scanning, as agreed between Intruder and the customer. The assessments will aim to identify weaknesses which may be used to breach the customer's network, or otherwise compromise the confidentiality, integrity, or availability of their systems or information. The assessment will be primarily delivered using the automated Intruder platform. However, where deemed necessary by Intruder, manual techniques may be deployed to offer the highest quality service possible.
Perspective (ALL PLANS)
For external systems, weaknesses will be identified from the perspective of an internet-based attacker, with publicly available access to the customer's systems.
For internal systems, weaknesses will be identified from the perspective of an attacker that has been able to bypass perimeter defences.
Reporting (ALL PLANS)
Intruder will report the security issues discovered through each monthly assessment, as well as any ad-hoc tests; and will provide advice for remediation.
Ad-hoc Testing & Emerging Threat Notifications (PRO AND VANGUARD PLANS ONLY)
Outside the scheduled monthly assessments, the service will also include ad-hoc testing of any issues deemed by Intruder to merit special treatment, for example where vulnerabilities such as Heartbleed or Shellshock are disclosed, and exploitation is known to be happening in the wild. Notifications will also be issued for vulnerabilities that are identified as posing a direct threat to the customers' systems.
False Positive Reduction & Potential Issue Investigation (VANGUARD PLAN ONLY)
Intruder consultants will attempt to reduce false positives by investigating and confirming issues found during the monthly assessment. Where issues could potentially be more damaging than they appear in the assessment, these will be investigated.