A Dutch cybersecurity company offers penetration tests and management vulnerability services, to conclude a commercial agency agreement.

The Dutch company has 4 years of experience in cybersecurity. Besides Netherlands, the company has branches in Turkey and Dubai. In the cybersecurity sector it is a common seen pitfall that the results of the cybersecurity are kept in a unstructured way such as “excel files” or ticketing systems without any proper way to follow-up. While only the critical vulnerabilities are properly fixed, others are left to be fixed and forgotten as a ticket. Normally a ticketing system allows information technology (IT) support to be organized, focused, efficient, and effective. Tickets, also known as cases or issues, need to be properly stored alongside relevant user information. Another major problem is to find out the asset owner, especially in complex organizations. An asset owner is responsible for ensuring that specific information assets are handled and managed appropriately. The company offers two main service blocks to avoid this problems: 1) Periodic manual penetration testing and automated scans for IT (Information Technology), OT (Operational Technology), IoT (Internet of Things) systems, internal and external networks, cloud- and container infrastructures and mobile / web applications. 2) After determining the vulnerabilities, the company manages the vulnerabilities with their vulnerability management prioritization platform which covers these functionalities: - Standard visualization features. - Asset and vulnerability prioritization. - Integration with major vulnerability scanners and ticketing systems. - Ability to start scans, automatically import results and assign tickets. - Built-in ticketing and SLA (service-level agreement) tracking. - Report generation for upper management. - Task management. The aim is to minimize the workload of vulnerability management and manage it by offering a full range of vulnerability management support. By conducting manual and automated controls, security issues will be identified and registered into the vulnerability management system. The results will be forwarded to the asset owner. Rather than managing penetration testers, red teamers, automated scanning tools, the end user will only log in to the vulnerability management system to assess where they are and get the results/reports. Moreover, the end user is also informed when the vulnerabilities are fixed and the end user can also generate several different reports via the application, to be used in presentations or to be given to upper management or auditors. Commercial agency agreement The company is currently aiming at being present in different countries around the world with business partners under a commercial agency agreement.