Solving key challenges with attack surface management

  • Automate asset inventory.

    The first step in risk management requires an understanding of the organisation's assets. Automatic discovery and categorisation of assets maintains a trusted source of truth of what is deployed in the IT environment.

  • Going beyond software vulnerabilities.

    The Talanos view on vulnerabilities goes beyond detecting software to patch. Architectural flaws and misconfigurations are just as likely to result in devastating breaches.

  • Risk lifecycle management.

    Does you MSSP hand you 1,000+ page vulnerability reports? Using our knowledge of your environment, Talanos helps to assess, prioritise and remediate findings on your behalf, regularly reporting on mitigated risks.

  • Support for hybrid environments.

    Detect assets, misconfigurations and vulnerabilities in your IT environment—including on-premises devices and applications, mobile, endpoints, clouds, containers, OT, and IoT.

The Talanos Qualys VMDR Platform.

Talanos helps customers quickly deploy, manage and operate a Vulnerability Management, Detection and Response capability within their organisation at scale.

Vulnerability detection tools generate huge amounts of data that must be analysed and prioritised. Our 24/7 team of analysts work through the data to quantify risk, allocate remediation tasks and track progress - alongside and embedded into your own IT team. Often, policy deviations are also detected which can be raised to further improve security posture.

Compensating security controls put in place to mitigate certain vulnerabilities can be measured for efficacy, when combined with the Talanos MDR service.

Complete compliance for PCI DSS 4.0.

PCI DSS 4.0 introduces a more flexible and risk-based approach to cybersecurity compared to its predecessor, PCI DSS 3.2.1. This updated standard emphasizes continuous monitoring and allows organisations to tailor their security measures to align with their unique risks and business priorities.

Under PCI DSS 4.0, firms are encouraged to adopt a risk-based approach to cybersecurity implementation. By leveraging robust threat intelligence, organisations can better understand and prioritise their true risks, ensuring efficient resource allocation and faster resolution of critical issues.

The Talanos Qualys VMDR Platform delivers a capability that can help ensure audit ready compliance with PCI DSS 4.0. This proactive stance enhances overall security posture and helps businesses stay ahead of evolving cyberthreats.

To get started, speak with our specialist team.

Get in Touch

The Talanos difference.

We're working to embed our values into everything we do and our customers notice.

No surprises!

  • Transparent pricing, no hidden costs and focused on measurable ROI.
  • Streamlined contract lifecycle, ensuring ease of doing business.

Talented People.

  • Exceptional people backed by robust accredited infosec and quality delivery systems.
  • Passionate about cyber, demonstrated by industry-leading certifications and groundbreaking research.

Always There. Always Caring.

  • Named analysts who become an extension of your team, offering expert advice and proactive recommendations.
  • Global 24/7 team delivering resilience and diverse thinking, supported by regional teams for the local touch.

Questions

Frequently Asked Questions

Which requirements do you support in the PCI DSS v4.0 and how?

Requirements 6.3.1, 6.3.3: The Talanos Qualys VMDR platform enhances risk-based analysis and prioritisation for vulnerability management and patching requirements by using the Qualys TruRisk score and comprehensive threat intelligence.

Requirements 7.2.4, 7.2.5, 8.3.6, 8.6.3: Qualys Policy Compliance (PC) continuously validates privileged account access. Inappropriate accounts can be identified and removed using remediation capabilities. Qualys PC includes controls for password complexity and password history settings to ensure that passwords are sufficiently complex and cannot be used indefinitely.

Requirements 11.6.1, 6.4.1: Qualys Web Application Scanning (WAS) provides a change-and-tamper detection mechanism to alert for unauthorized modifications to the HTTP headers and contents of payment pages as received by the consumer browser.

Requirements 11.3.1.1, 6.3.3: Qualys Patch Management (PM) ensures adherence to PCI DSS 4.0 timely patch requirements by providing one console to patch everything using a prioritized risk-based approach.

Requirements 10.2.1.1, 1.2.2.c: The Talanos Qualys VMDR Platform extends File Integrity Monitoring (FIM) with real-time monitoring of unauthorised access to sensitive data and configuration change detection on network devices.

Requirements 12.5.1, 2.2.3: Qualys CyberSecurity Asset Management (CSAM) discovers all assets with complete business context for all cardholder data environment (CDE) external facing assets.

Requirement 11.3.2.1: Qualys Vulnerability Management, Detection & Response (VMDR) includes Qualys PCI ASV. Requirements for external scanning can be met as Qualys is an Approved Scanning Vendor (ASV). Qualys VMDR also covers all the new requirements for internal scanning authentication.

Who owns the license for the tooling used in the Managed Service?

Talanos has procured a multi-tenant MSSP license where the data of each tenant is logically separated on their instance. This gives Talanos' customers the flexibility to grow and shrink the service dynamically as required without committing to long-term license agreements. The service, composed of people, process and technology is delivered as a complete vulnerability management capability.

Customer's looking to buy their own licenses (separately or through Talanos) can opt to have Talanos manage and operate those on their behalf, as part of the service.