Vulnerability discovery & management

Our portfolio of vulnerability detection and management services delivers rapid detection, monitoring and remediation of deep-seated vulnerabilities within external and internal systems as well as proprietary and bespoke applications.

Tens of thousands of endpoints, multiple networks, custom written applications, billions of lines of code and blurred lines between public and private access all have the ability to introduce unknown vulnerabilities into a network. It's these that cause the biggest risk as they can leave you with a false sense of security and an attacker with a powerful foothold into the very heart of your organisation's sensitive data. Our Vulnerability Management services provide organisations with powerful capabilities to help identify unknown vulnerabilities in internal and external systems.



Web App Scanning

You have made a routine update to one of your web applications that has introduced a vulnerability. How do you know that this is the case? A regular web application layer scan will alert you to this.

Our web application scanning services provide you with a fully managed, automated service that is designed to significantly reduce the risk of an external or internal breach.

Our automated web application scanning services enable you to assess, track and remediate your web application vulnerabilities on a continual basis. Whilst penetration testing is necessary to give you an in-depth understanding of your weaknesses, our web application scanning managed service notifies you of new vulnerabilities on a much more frequent basis.

The scanning frequency will depend on your requirements and will ensure that you are covered throughout the year in between your regular annual penetration test.

Regular application reports are provided which highlight vulnerabilities that have been discovered along with recommendations on how to remediate. All identified vulnerabilities are assigned a risk rating of high, medium or low depending on the level of assessed threat.

Web Application Scanning Diagram



  • Mitigated risk: Whilst penetration testing is necessary to give you an in-depth understanding of your weaknesses, our web application scanning managed service notifies you of new vulnerabilities on a much more frequent basis.
  • Fully managed service: If you are currently running vulnerability scanning tools yourself, then you know, at first-hand, how much time and effort is required for this repetitive task. As we provide this as part of our managed service we can remove that onerous task, freeing you up to focus on higher-value activity. We will work through your scanning results and validate these to provide you with genuine issues only by removing false positives.
  • Reduced costs: As the service is provided by our dedicated security monitoring team we are able to provide it cost-effectively - often at a fraction of the price than if you were to carry out the task yourself.
  • Improved security posture: We continually evaluate the tools in the vulnerability scanning market to ensure that we are using the most appropriate.



Security Monitoring

Our Managed Security Monitoring service provides an effective means to manage and monitor vulnerability risks on a more regular basis than standard penetration testing.

Our service is intended to supplement the comprehensive penetration testing you are already receiving and consists of daily infrastructure delta scanning coupled with monthly, quarterly or ad-hoc automated vulnerability assessments.

A regular status report is provided with all identified vulnerabilities assigned a risk rating of high, medium or low depending on the level of assessed threat.

Types of scan:

  • Daily Delta scanning: provides you with an initial baseline of your external infrastructure to highlight which services are visible. Should we detect any alteration to the services which have been agreed as a baseline, an alert will automatically be generated for review by the Managed Services team. Genuine changes will be reported to you within four hours of the start of the next working day. This gives you the ability to respond rapidly to unexplained changes in your network footprint, and assurance that your external infrastructures are not changing without your knowledge.
  • Automated Vulnerability Assessments: Vulnerability scanning provides you with the assurance that your infrastructure is being scanned at regular intervals. All results are again verified to ensure that you are only alerted where a potential issue exists, false positive findings are removed by the dedicated Managed Services team. Scans can take place monthly, quarterly or on an ad-hoc basis with all parameters agreed in advance.

How it works

  1. We define the scope of testing with you, be it single IP addresses or full IP ranges.
  2. Perform a baseline port scan to determine the services running on your external infrastructure.
  3. Define the frequency of your automated vulnerability assessment scans.
  4. We will appoint a technical account manager (TAM) who will assist with your contract, service levels, and remediation advice.
  5. We will provide alerts to your agreed standards.
  6. We will validate and remove false positives from your results and provide you with genuine issues only.



Secure Internal Scanning

Cyber-attacks won’t stop at your external perimeter, so why should your security testing?

Our internal security scanning services bring our comprehensive approach and enterprise grade scanning technologies to your networks. By becoming your internal security partner via our secure Firebase scanning appliance we can carry out assessments without needing to visit your site - improving both responsiveness and efficiency.

As part of any internal scanning service, you are assigned a Technical Account Manager (TAM) to oversee your tailored scanning program. We build your service to meet your requirements:

  • Infrastructure Vulnerability Assessments
  • PCI Internal Scanning
  • Web Application Scanning
  • Payment Card Data Scanning
  • Penetration Testing Services

Your TAM will assist in building a regular scanning schedule, as well as responding to ad-hoc needs such as after a significant change. This helps you to follow best practice in security testing and standards such as PCI DSS and GCSx CoCo.

How it works

  • The Firebase appliance is configured to suit your requirements
  • The appliance is shipped to your site and can be ready to go in minutes.
  • Under your full control, the appliance securely connects back to our Security Operations Centre.
  • Our consultants then operate through the appliance, as though they are sat with you.
  • All data and reports are held securely at our IS0 27001 certificated test facility.



DDoS Assured

DDoS Advisory Banner

Many organisations have attempted to address the increased threat of a DDoS attack by putting mitigation services in place. However, will they work should the threat of a DDoS attack become a reality?

Distributed Denial of Service (DDoS) attacks are capable of bringing all communication to and from their targets to a grinding halt, with a potentially devastating effect on revenue and reputation. 

Our DDoS Assured Services

With our DDoS Assured services you don't have to wait until you are actually attacked to find out how your defences or team would react.

DDoS Testing

  • Test your mitigation solution in a controlled, monitored and customisable cloud-based simulation of a real DDoS Attack
  • Customise various Network/Application Layer attacks and detection evasion techniques (ICMP, TCP-SYN, TCP, UDP, DNS, HTTP/HTTPS)
  • Assess the full capabilities of your Mitigation Solution and ensure SLA’s are being adhered to
  • Receive a concise report detailing the types and volumes of traffic generated, geographical locations and critical event timelines

DDoS Fire Drill

  • Test your businesses’ people, policies and processes in the event of a DDoS attack in a safe, and controlled way
  • Trigger DDoS alerts and mitigation to help you test your team’s DDoS incident response plan
  • Receive a concise report detailing the types and volumes of traffic generated, geographical locations and critical event timelines

DDoS Advisory

  • Help prepare your businesses’ people, policies and processes in the event of a DDoS Attack
  • Review your DDoS incident response plan. Identify and fix issues discovered through gap analysis exercises
  • Assess your infrastructure to identify and protect high-risk areas 
  • Advice on emerging threats and likelihood of coming under attack to assist your selection of the right defences

NCC Group is an Amazon Web Services (AWS) Technology Partner

AWS Partner Network Logo



PCI ASV Scanning

Any company that has to comply with the PCI Data Security Standards has to perform quarterly external vulnerability scans (performed by an Approved Scanning Vendor (ASV) as designated and certified by the PCI SSC) as outlined by requirement 11.2:

Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).

NCC Group is an approved PCI ASV scanning vendor with experience of this standard since its inception, have held this designation for 7+ years and have worked closely with the Mastercard SDP programme in Europe.

Consultant Led ASV Service

NCC Group prides itself on its consultant-led ASV service. Scrutiny of the ASV requirements outline that an automated approach to ASV services is unfeasible, so we have invested in a consultant led offering and managed service to provide the customer with a business led approach to achieve compliance.

ASV scans are performed by a dedicated team of security consultants as opposed to many of our competitors who run this as a cheap automated service. Our consultants will help identify the real vulnerabilities in your external infrastructure and our common sense based approach to false positive management and compensating controls wins us constant praise from our existing ASV clients.



User Driven Vulnerability Scanning

xstormlive is a highly secure, centrally managed vulnerability scanning service hosted on a global network of NCC Group data centre locations. Customers in any part of the world can simply schedule scans on the xstormlive platform via a browser, and xstormlive takes care of the rest, producing an automated security assessment report after each scan.

Designed to enable network managers to run scheduled or on demand perimeter scans, the xstormlive service is licensed for an unlimited numbers of scans on a defined number of external IP addresses or web URLs visible from outside the network. This means that any remedial action can be retested to confirm that the solution has been successful without incurring additional costs.

xstormlive can be accessed at any time via or the NCC Group portal.

Features & benefits

xstormlive, our cloud-based vulnerability scanning platform, is licensed on the number of IP addresses or web URLs scanned. Network administrators can use the xstormlive online service to run as many scans as necessary, whenever required, to identify vulnerabilities and confirm that critical vulnerabilities have been addressed.

Delivering preventative online security auditing, xstormlive combines non-intrusive state of the art scanning and advanced reporting techniques to ensure your network security posture is robust, as well as compliant with industry and government regulations.

xstormlive reports

xstormlive delivers technical and summary data in an easy to understand report format. Reports can be generated in XML or PDF formats using the intuitive web interface.

xstormlive reports summarise the security posture of each network device, including information about the scan, specific host information, and a list of detected vulnerabilities. These reports present a description of each security risk detected, the severity of the threat, the potential consequences of exposure and links to validated patches and fixes.

Why vulnerability scanning?

Changes and additions to the network, misconfigured servers, outdated software and human error are just some of the common causes of threat vulnerabilities being inadvertently introduced into the corporate IT infrastructure. Without regular scanning vulnerabilities can go unnoticed and could potentially be exploited.

External vulnerability scanning using xstormlive provides busy network managers with the tools needed to maintain a schedule of vulnerability scans. These scans can detect issues with critical network assets and web applications, providing detailed vulnerability reports per IP or URL. Issues can be detected and fixed quickly thus greatly reducing the risk of exploitation.

Aggregated scanning engines

xstormlive’s vulnerability scanning solution uniquely combines the power of multiple industry leading, commercial and open source scanning engines, with the results consolidated into a single comprehensive report. This approach leverages the different information pools of each engine to deliver one of the industry’s most accurate and reliable assessments of the network risk-threat status.

Download the xstormlive datasheet

Buy xstormlive now


Payment Card Scanning

Can you be certain you are not storing any payment card numbers on your internal systems?


Using our secure internal scanning firebase appliance, we can conduct sweeps of your internal systems to identify and validate any instances of payment card data currently being held in internal file systems, employee and system mailboxes as well as critical internal databases.


All findings from our scans are validated by one of our Technical Account Managers, helping you to save time and effort by allowing you to focus on removing genuine instances of payment card data.


Our comprehensive reports allow you to quickly and accurately identify files and locations within your internal systems that contain payment card data, assisting you with creating effective remediation plans.


  • Speed: Our scanner has a high data throughput and is capable of scanning multiple hosts concurrently
  • Flexible: We can perform both Agent and Network based scanning based on your requirements
  • Comprehensive: Our scanner is capable of analysing over 150 of the most commonly seen file types
  • Minimal-Disruption: Both scanning mechanisms use minimal resources, avoiding affecting day to day operations
  • Scalable Agentless scanning means target scope can be increased quickly and easily
  • Payment card scanning can be done as a one-off scan or on a more regular basis depending on the required level of continual assurance.

Education to ensure that employees know how to follow best practices. Including not storing unencrypted payment card data on their workstations and within corporate emails

Make an enquiry