A client telecommunications system, typically includes a website, and usually at least a back end network which may be connected to the website. The website, and often the back end network, will be connected to a wider, external telecommunications network, such as the internet, to allow third parties to access the website, and sometimes selected parts of the business intranet or another network or networks to which the business is connected.
Such client website(s) and any connected client network(s) can, and should, be subject to a security system which attempts to control access to the website and any related network.
It is common for such a client telecommunications system to be subject to unwanted attacks whereby a third party attempts to access the website and any associated network without permission. Such third party attacks can be used to access/corrupt/download information held on the website and network. Whilst it may not be possible to stop such attacks being attempted, it is desirable to be able to stop such attacks from being successful.
It is known to provide a service whereby a client telecommunications system is scanned for vulnerabilities, being actual and potential flaws and weaknesses in the software and/or hardware of the system. It is also known for the client to perform such scanning themselves. However, such scanning is often not successful or reliable because the client cannot understand the scanning results, does not know how to remediate or repair any problems identified, and only infrequently runs scans of their website and network in any case.
We have provided a service where we scan client telecommunications systems regularly, such as daily for example, and provide suggested solutions and recommendations to any problems identified. However, even with this more rigorous approach, it can remain a problem that security issues are not dealt with. This is often because the issue is too difficult to fix quickly and that website developers sometimes do not know how to fix their code securely. In some cases the software application is relatively old and/or due to be replaced and the client does not want to spend money on an end-of-life application. In some cases the application is developed or provided by a third party and there is a delay in that third party remedying any problem identified.