Attack Surface Management (ASM)

Service Description

An active attack surface management solution that helps your organization actively discover, learn about, and respond to unknown risks in all connected systems and exposed services. MCNC’s Security Operations team will actively discover and index your unknown risks in all connected systems and exposed services, and will monitor the Xpanse environment for vulnerabilities. This will include regular (daily/weekly/monthly/quarterly) reviews and reporting on what your organizations should focus on through a vulnerability management lens.

External Continuous Vulnerability Scanning Efforts

Security Domain

CIS Control 7 – Continuous Vulnerability Management
NIST CSF – Detect: Continuous Monitoring (DE.CM)
NIST 800-53 – Assessment, Authorization, and Monitoring

• Safeguards against ransomware and cyber attacks
• Provides a detailed view of what the “bad guys” can see about the PSU’s network externally
• Provides continuous identification of vulnerabilities in the environment
• Offers actionable measurements that guide remediation efforts and resource allocation

PSU Time Commitment

Upfront/Setup: Varies based on the complexity of PSU – averages a couple of hours per PSU. 
Ongoing: Varies based on the complexity of PSU

How to get this service

NCDPI Contracts directly with MCNC and All PSUs are eligible, and all PSUs connected to NCREN are automatically enrolled.

Contact MCNC POC for more information.

Point of Contact

Name: MCNC
Email: securityservices@mcnc.org

Additional Resources

• The Ethics and Legality of Port Scanning – SANS GIAC Certifications