Find exposure in your network
Continuously scan and test your environment for security weaknesses.
Discover any vulnerabilities in
your digital infrastructure.
Vulnerability assessment and penetration testing
Identify vulnerabilities and security flaws in order to understand the aggregate level of risk for your organisation and to meet regulatory compliance requirements.
Continuous assessment and monitoring
Catch security weaknesses as they occur by monitoring continuously. Newly installed software, configuration changes, and newly discovered vulnerabilities can't wait for your next annual pen test.
Vulnerability remediation guidance
Quantum provides effective, tailored, step-by-step guidance for vulnerability remediation and an instant re-scan feedback loop for verifying remediation.
Intuitive, comprehensive reporting
Quantum's intuitive reporting helps you understand the bottom-line risks and help you to prioritise the critical risks and integrate the remainder into your typical infrastructure lifecycle.
Your environment is unique.
Your solution should be too.
Quantum continuously scans your environment for changes and potential weaknesses such as:
- ever-changing IT environment
- regulation requirements
- evolving tools, tactics and procedures used by cybercriminals
By leveraging Quantum's VAPT solution you'll uncover vulnerabilities across on-premise and cloud workloads using:
- internationally accepted frameworks
- validate the effectiveness of security controls and processes
- provide the support and advice required to address security risks on an ongoing basis
Continuous scanning of your VM,
container, cloud, and on-premise
infrastructure and applications for vulnerabilities and best practice
Expert human testing of your
security controls with real-world
adversarial techniques and an
optional remediation workshop to
help establish a secure baseline.
A combination package of our
vulnerability assessment and
penetration testing packages with
annual subscription discounts on penetration tests.
How it works
Expose Exploitable Weaknesses
Vulnerability Management (VM)
Discover and manage vulnerabilities and misconfigurations with Quantum's VA/PT solution.
Cloud Security Posture Management (CSPM)
Continuously monitor the security posture of your public cloud infrastructure to assist with maintaining compliance with major mandates such as PCI, HIPAA, CMMC, CIS Benchmarks, and more.
Container Registry and Source Code Scanning
Catch and remediate vulnerabilities early in the development cycle by scanning source code, containers from all major cloud provider registries, and any registry that supports the Docker V2 API.
Source Control & CI/CD Integration
Identify vulnerabilities early in the value chain where their impacts and remediation costs are lower.
Dependency Tree Scanning
Scan container images and app libraries for vulnerabilities to ensure your application is safe.
Verify your cloud environments are securely configured and catch environment drift automatically.
Test the Runtime Stack
Check for vulnerabilities in your stack whether its virtual machines, container orchestration, or serverless.
Identify Misconfigurations and
Continuously monitor your cloud environments to alert of any misconfigurations and potential security issues. Expose vulnerabilities in your application code and nested dependencies.
OS and App Scanning
Quantum probes your servers for OS-level vulnerabilities. We also probe for installed applications and test for vulnerabilities in the application layer — including containers and nested virtualisation.
Complete App Lifecycle Scanning
Get 360° coverage by inspecting for vulnerabilities and best practices when your apps are built, and continuously as they run.
Identify Misconfigurations and Vulnerabilities
Scan Cloud Configurations and Infrastructure Code
Verify your cloud environments are configured with secure best practices using CIS provider, service, and other industry-standard benchmarks.
Analyse Code Quality and Security in Over 30 Languages
Catch vulnerabilities introduced early in the development cycle — with robust code quality and package vulnerability support for every popular framework and language.
Scan Containers from Any Registry
Check for vulnerabilities in container images and layers across
all major cloud provider registries and any registry that supports the Docker V2 API.
Easily Integrate with Your CI/CD Pipeline
From commit and pull request scan triggers, to issue tracking, to chat ops,
the Quantum platform supports deep integration with your DevOps workflows.
Attack Simulation and Penetration Testing
Gain deeper insights into how a threat actor could exploit the weaknesses in your system across each stage of the kill chain.
Quantum provides continuous attack simulation and manual penetration testing with detailed evidence and guidance for remediation.
Seven Steps of the
Cybersecurity Kill Chain Process
- Reconnaissance Phishing Awareness Quantum's attack simulation platform tests both the technical and human elements of security. Test your users' security aptitude with automated and curated phishing campaigns.
- Weaponisation Endpoint Security We validate that your client and server endpoints have appropriate immunity to exploits to limit the number of attacks a threat actor can utilise.
- Email Gateway Quantum's attack simulation platform tests both the technical and human elements of security. Test your users' security aptitude with automated and curated phishing campaigns.Network Security Quantum simulates payload delivery on your network to detect weaknesses in your traffic inspection and firewall configurations.
- Endpoint Security Quantum integrates with your EDR solution to ensure threats are contained when weaknesses are exploited. The responsiveness of your EDR solution impacts risk scoring and prioritisation.Web Application Firewall In addition to "assume-breach" scenarios, Quantum will also test for exploits from outside of your network, including tests against web applications and other public-facing assets.
- Persistence Lateral Movement From the installed Quantum VA/PT agent, our attack simulation attempts to move laterally across your network, dropping micro-agents from which we'll pivot to other VLANs.
- Command & Control Web Gateway Quantum tests outbound access controls to ensure connections to known bad addresses and domain names, such as Command and Control (C&C) nodes, malware depots, and more.
- Exfiltration & DLP We also validate proper network controls such as DLP are in place to prevent exfiltration. Sample data includes credit cards, PII, and more.Ransomware Recovery Quantum tests your ability to prevent or recover from a ransomware attack by deploying real ransomware on sample datasets.
Plans & Pricing
Choose Your Plan
Vulnerability ScanningSubscription Continuous vulnerability monitoring
- Vulnerability Scanning
- Container Scanning
- Cloud Security Scanning
- Web Application Scanning
- Zero-Day Analysis
VA+PT CompleteSubscription Our most popular plan
This plan includes both continuous vulnerability monitoring and management with a similarly-scoped annual penetration test.
Additional penetration tests can be added on an as-needed basis.
Penetration TestingOn Demand Customised human penetration testing
- Endpoint & Network Pentesting
- IAM and Directory Validation
- API Penetration Testing
- Cloud Configuration Testing
- Remediation Guidance & Assistance
Customise Your Solution
Target What You Need
Choose full network or ring-fenced targets for scans, again only paying for what you need.
Vulnerability, container, and cloud configuration scanning are billed per endpoint in a progressively decreasing tiering model – you’ll only pay for what you need.
Multiple Plan Levels
Scheduled scans available at the basic tier and continuous scanning available at the professional tier and above.
Container scanning includes container registry image scanning as well as runtime analysis and vulnerability validation.
Custom CMDB and service desk integrations are available at the enterprise level.