Security Services
Penetration Testing & Vulnerability Management
Brocent's certified ethical hackers simulate real-world attacks against your IT infrastructure, applications, and people — identifying vulnerabilities that automated scanners miss. Every finding comes with CVSS scoring, Proof of Concept evidence, and step-by-step remediation guidance. Supports PCI DSS, HIPAA, NIST 800-53, and more.
72%
Organisations breached in the last year (Deloitte 2021)
CVSS
International vulnerability scoring standard
9 Reports
Standardised compliance report types
OSCP / GPEN
Certified ethical hacker credentials
Market Context
The Threat Landscape Is Escalating
Today's threat landscape evolves at an unprecedented pace — thousands of new vulnerabilities are reported annually, and the complexity of enterprise environments continues to grow. Technology innovation brings opportunity, but also an expanded attack surface, more data breach exposure, and tightening compliance requirements.
72% of organisations experienced between 1 and 10 cyber incidents or breaches in the last year alone
— Deloitte Global 2021 Future of Cyber Survey
Does your organisation face any of the following?
Do you store or process sensitive data?
Is your environment growing more complex day by day?
Is your organisation routinely targeted by attack attempts?
Do you have critical business applications?
Are you using multiple platforms and technologies?
Are you in a regulated industry with security compliance requirements?
Service Scope
Penetration Testing Service Types
Brocent covers external perimeter, internal network, web application, social engineering, and Active Directory — simulating a real attacker's perspective to identify vulnerability chains that automated tools miss.
External Network Penetration Test
Simulated attack against your internet-facing perimeter — firewalls, VPNs, email gateways, DNS, external web servers, and remote access portals. Identifies vulnerabilities accessible to any attacker on the internet.
Scope Includes
- Internet-exposed assets
- Open ports & protocols
- Remote access portals
- Publicly visible services
Internal Network Penetration Test
Assuming a compromised internal foothold (simulating a breached employee or contractor), testers attempt lateral movement and privilege escalation across your internal network — exposing how far an attacker could travel.
Scope Includes
- Lateral movement paths
- Privilege escalation flaws
- Network segmentation effectiveness
- Domain controllers & critical servers
Web Application Testing (OWASP Top 10+)
Manual and automated testing of web and mobile applications for OWASP Top 10 vulnerabilities — injection flaws, broken authentication, insecure direct object references, security misconfigurations, and access control weaknesses.
Scope Includes
- SQL / Command injection
- Broken authentication
- Cross-site scripting (XSS)
- Access control bypass
Social Engineering & Phishing Simulation
Targeted phishing campaigns and pretexting calls assess employee susceptibility to manipulation. Results reveal which departments and individuals represent the highest human risk — informing awareness training priorities.
Scope Includes
- Targeted phishing emails
- SMS phishing (Smishing)
- Voice phishing (Vishing)
- Employee awareness assessment
Closed-Box & Open-Box Testing
Closed-box (black-box) testing simulates an external attacker with no prior knowledge. Open-box (white-box) testing provides testers with architecture details to maximise depth and coverage within the testing window.
Scope Includes
- Black-box: zero-knowledge attack
- White-box: architecture-informed
- Grey-box: partial knowledge
- Flexible scope customisation
Active Directory Assessment
Local and cloud Active Directory security assessments identifying misconfigurations, excessive permissions, Kerberoasting paths, and Azure AD / Entra ID security issues.
Scope Includes
- On-premise AD assessment
- Azure AD / Entra ID
- Permission configuration review
- AD attack path analysis
Process
Vulnerability Management Lifecycle
Brocent's VM programme goes beyond scanning — we cover the complete loop from asset discovery and scan execution to analysis, reporting, and remediation tracking, ensuring every vulnerability is documented and closed.
Prerequisites
- Account creation
- VM service scope confirmation
- In-scope asset definition (Network / Server / Workstation)
Asset Discovery
- Asset inventory build
- Host special configuration identification
- Multi-protocol network asset probing
Scan Execution
- Policy compliance scan (PCI / Policy)
- On-demand scanning
- Data feed to management portal
Analysis Output
- Vulnerability data aggregation
- Vulnerability tracking status reports
- Remediation trend analysis
- Compliance report generation
Remediate & False Positives
- Remediation & risk control
- False positive asset review
- Integration with security patching, malware defences, and email/web browser protections
Service Packages
Three VM Service Tiers
Select the tier that matches your organisation's scale, compliance requirements, and security maturity — from basic compliance scanning to full SIEM-integrated enterprise threat management.
Basic Vulnerability Management
Standard service mode delivering the complete vulnerability management lifecycle to meet compliance needs. Ideal for organisations establishing a structured VM programme.
Includes
- Asset discovery & inventory
- Periodic vulnerability scanning
- CVSS-scored reports
- Compliance scanning (PCI DSS / HIPAA)
- Remediation guidance
Premium Vulnerability Management
Extends Basic VM with SIEM tool integration and incident management — linking vulnerability discovery with real-time security event response.
Includes
- Everything in Basic VM
- SIEM platform integration
- Security incident management
- Real-time threat correlation
- Elevated response priority
Advanced Vulnerability Management
Full correlation across SIEM, threat intelligence, and asset management — providing a complete view of the threat landscape. Suited for large enterprises and regulated industries.
Includes
- Everything in Premium VM
- Threat intelligence platform integration
- Asset management correlation
- Advanced threat landscape view
- Automated prioritisation
Why Brocent
Our Differentiators
Proof of Concept for Every Finding
Every major vulnerability is supported by a Proof of Concept, helping clients understand the business impact and the urgency of remediating critical and high findings.
24×7 Coverage
Brocent provides round-the-clock support. This is critical during major vulnerability outbreaks such as POODLE and Shellshock, where swift response is essential.
End-to-End Support
Unlike traditional VM programmes, we support clients from scan initiation to full remediation — managing the entire vulnerability lifecycle through a structured approach.
False Positive Analysis
Thorough false positive analysis eliminates noise, significantly reducing time and resources spent on unnecessary remediation efforts.
Remediation Tracking
Vulnerability management doesn't end at scanning. We track every vulnerability until it reaches closure, with corrective actions to prevent recurrence.
Infra 360 Services
Brocent's cyber security team delivers extensive Infra 360 services to continuously analyse and remediate security weaknesses.
Tools
Industry-Grade Scanning Tools
Nessus & Tenable
Industry-standard vulnerability scanning platform with 500+ pre-built scanning policies, covering network devices, servers, endpoints, and cloud assets.
Qualys
Cloud-native vulnerability management platform supporting external attack surface scanning, cloud infrastructure scanning, live results, and configurable compliance reports.
CyberCNS
Managed vulnerability platform with lightweight agent deployment — scans work-from-home and remote endpoints for vulnerabilities and compliance gaps, includes application baseline detection.
Certifications
Certified Ethical Hackers
ISO 27001
International standard for information security management systems
GPEN (GIAC Penetration Tester)
GIAC certified network penetration testing qualification
OSWE (Web Expert)
Offensive Security web exploitation expert certification
OSCP (Certified Professional)
Offensive Security's most respected penetration testing certification
Compliance
Supported Compliance Frameworks
Brocent's VM scanning and reporting directly supports the 'Identify' category of the following compliance frameworks, providing auditable evidence for compliance reviews.
PCI DSS
Payment Card Industry Data Security Standard
HIPAA
US Health Insurance Portability and Accountability Act
NIST 800-53
US National security controls framework
NIST 800-171
Controlled unclassified information protection
GDPR IV
EU General Data Protection Regulation
CIS / CIS 8.0
Center for Internet Security Critical Security Controls
ISO 27002
Information security controls practice guidelines
Cyber Essentials
UK government cyber security baseline certification
Essential Eight
Australian ASD eight mitigation strategies
Standard Compliance Report Outputs (9 Types)
Consolidated Summary Report
Executive-level overview of vulnerability posture for management and board
Vulnerability Report
Full vulnerability details with CVSS scores and PoC evidence
Firewall Report
Firewall configuration and rule set security assessment
Detailed Security Report Card
Detailed security scores broken down by asset category
Asset-Level Missing Patches
List of uninstalled security patches per asset
Installed Programs Report
Application baseline deviation and unauthorised software detection
External Scan Report
Internet-exposed vulnerability and open port report
Remediation Plan
Priority-ordered vulnerability remediation action plan
Remediation Summary
Remediation progress tracking and closure rate statistics
Scoring
Security Posture Scoring Dimensions
Brocent quantifies security posture across six dimensions for each asset — helping management visualise the highest-risk areas and prioritise remediation resources.
Anti-Virus / Anti-Spyware
Installed and up to date
Installed but not up to date
Not installed
Local Firewall
Enabled for both public and private networks
Disabled for private networks only
Completely disabled
Insecure Listening Ports
No insecure listening ports
One insecure listening port detected
More than one insecure port detected
Failed Logins
No failed logins in last 7 days
7 or fewer failed logins in last 7 days
15 or more failed logins in last 7 days
Network Vulnerabilities
No network vulnerabilities
Minor vulnerabilities (CVSS < 4.0)
Critical vulnerabilities (CVSS ≥ 7.0)
System Aging
Computers less than 2 years old
Computers 4–7 years old
Computers over 8 years old
Capabilities
Comprehensive Vulnerability Scan Features
Brocent's scanning platform delivers powerful discovery and reporting capabilities aligned with the NIST Cybersecurity Framework 'Identify' category — from network assets to remote endpoints, application baselines to cloud infrastructure.
IT asset discovery (multi-protocol network probing)
Vulnerability IT assessments
Configuration compliance assessment
Live scan results
Configurable compliance reports
External attack surface scanning
Domain-based scanning support
Cloud infrastructure scanning
500+ pre-built scanning policies
Active Directory (on-premise and cloud)
Application baseline deviation detection
Remote security solution deployment
5×8×NBD configuration & scan task execution
Security vulnerability analysis reporting
Work-from-home endpoint scanning (lightweight agent)
Industries Served
Retail
Manufacturing
Financial Services & Investments
Hedge Funds
Logistics
Aerospace
FAQ
Frequently Asked Questions
For technical or commercial questions not covered here, speak directly with Brocent's security team.
Ask us a question →Does CS-VM require an agent, a probe, or something else?
Vulnerability Management is a SaaS offering with a cloud-side component and a customer-side agent. The agent can be installed on any one machine on your network as a probe — simple deployment with no infrastructure changes required.
Can CS-VM scan work-from-home (WFH) employees' devices?
Yes. CS-VM provides a lightweight agent that can be installed on remote and WFH users' endpoints to scan those local devices for vulnerabilities and compliance gaps.
What types of assets can CS-VM scan?
CS-VM scans network gear (routers, switches, access points, firewalls), endpoint devices (laptops, desktops), printers, servers, and virtual machines.
What major components are included in CS-VM?
CS-VM includes: 1) Network vulnerability scanning; 2) Endpoint vulnerability scanning; 3) Compliance scans; 4) Application baseline scans; 5) Active Directory scans; 6) Cloud asset scans.
What industry frameworks does CS-VM support?
CS-VM meets all NIST Cybersecurity Framework 1.1 'Identify' category requirements. It also supports PCI DSS, HIPAA, GDPR IV, NIST 800-53, NIST 800-171, CIS, CIS 8.0, ISO 27002, Cyber Essentials, and Essential Eight.
How is penetration testing different from vulnerability scanning?
Vulnerability scanning identifies known weaknesses using automated tools. Penetration testing goes further — certified ethical hackers actively attempt to exploit those weaknesses, chain multiple vulnerabilities together, and demonstrate the real-world business impact of a successful attack.
How long does a penetration test take?
Scope determines duration. A focused external network test typically takes 3–5 days. A full external + internal + web application engagement typically takes 2–3 weeks. Brocent provides a time and scope estimate during the proposal stage.
Will the penetration test disrupt our operations?
Standard penetration tests are designed to be non-disruptive. Testing windows can be scheduled outside business hours if required. Brocent coordinates with your IT team throughout to avoid unintended outages.
Do we get a re-test after remediation?
Yes. Brocent's annual testing packages include a re-test after the initial findings are remediated — confirming that vulnerabilities have been closed and no new issues have been introduced.
Ready to get started?
Tell Brocent the scope you want tested — external perimeter, internal network, web applications, or a full engagement — and we'll provide a time and cost estimate with a detailed test plan.