Now comes another one that has its market well thought out and provides real value for its customers. While it is true that there are a couple of remote scanning services available in the market, this one has some really unique plusses that we liked a lot.
First, it is priced to be attractive to small and midsize businesses. Second, and this might be the most important feature, it does not require a vulnerability expert to make sense of its findings. Now, if you happen to be a vulnerability guru, you still get a lot of detail if you want to use it. But to keep that 200-employee automotive parts supplier secure, this is a big step in that direction, even if the security person is also the one-and-only IT person as well.
The results of the scans include prioritization and enough details to allow remediation - actionable is the keyword here. False positives and trivial vulnerabilities (port 80 is open on this web server) are always a problem for vulnerability scanning services. That is because these services generally use canned vulnerability scanners and just repackage and brand the reports. For example, there are more than 180 certified PCI scanning vendors. There certainly are not 180 scanners. (nCircle has a certified PCI scanning service too, by the way.)
If one needs to have a vulnerability scanning service, this one is well worth looking at. It is one of the best uses of the cloud that we can think of. It doesn't matter where one is located, the service can get to the user when needed.