Dominic List, Founder & CEO and Joe Bertnick, CTO
“Technology should not just solve the problem. It should make an impact, a real difference to your organisation,” states Dominic List, a serial tech entrepreneur. He realised the need to make a difference in the UK cybersecurity scene when he interacted with the region’s mid-sized enterprises (SMEs). These organisations faced common challenges such as the lack of security professionals, especially those trained to identify and remediate IT vulnerabilities. Even if SMEs have security teams, these are usually spread thin across the organisation. Most of them also face the challenge of having security staff that do not stay for more than a year or two at an organisation. Furthermore, after vulnerability scanning, many SMEs do not even have a clear idea of how to patch up the issues found. These challenges cripple the secure functioning of SMEs in the UK, and to help such organisations address their vulnerability management needs, List founded Comtact, an expert IT service provider, in 2005. The company delivers a truly consultative approach towards vulnerability management, facilitating enterprise cybersecurity and IT managed services to clients that help empower the IT of SMEs and unleash their business potential.
In addition, while industry-standard tools are chiefly designed for enterprise-level clients with teams, programs, and budgets to undertake vulnerability management, Comtact custom builds their own tools and uses them with industry-standard tools to cater to clients with below 5000 users. Comtact also provides penetration testing services which exploit these vulnerabilities and demonstrate the impact a breach could have on an organisation. Often, clients are aware of their IT vulnerabilities, but lack the resources, time, and focus to eliminate them. Over the last 15 years, Comtact has been offering state-of-the-art consulting to bring enterprise-grade expertise to the UK mid-market informing clients about the options to overcome their IT weaknesses. “Comtact first prioritises listening to and understanding the clients’ real needs, and making a significant impact to their business with leading IT solutions,” states Joe Bertnick, CTO, Comtact.
We evolve to ensure that we’re really using the latest and greatest technology to support customers in their continuous journey to complete security
Through vulnerability scans, the company identifies the clients’ vulnerabilities, prioritises them, and helps patch them up accordingly. Comtact also ensures up-to-date patching and correct applications monitoring, making clients ‘less attractive to hackers.’
As part of their vulnerability management, the company also supports clients 24x7x365 from their ISO 27001-accredited UK Network & Security Operations Centre (NOC/SOC). This way, Comtact’s security experience focuses on the clients’ general administration and allows clients to complete their IT projects such as moving to the cloud, constant up-gradation of ecommerce platforms, and more.
A comprehensive assessment provides a benchmark for future improvements. As part of a sustained programme, frequent vulnerability assessments can help organisations track security-related improvements and assist them with compliance and accreditation requirements, such as Cyber Essentials Plus or GDPR. For instance, a healthcare organisation was striving to attain the Cyber Essentials Plus certificate before the 31st of March, 2020, as per the government mandate. However, with rapid growth through acquisition, the client was facing security issues with the acquired agencies. Comtact scanned the client’s estates and discovered a large number of critical and high vulnerabilities, not only in the acquired portions but even in the core of the organisation. Comtact facilitated the client’s periodic vulnerability scans, new patching mechanisms, and regular training of the client’s IT team. Today, the client has no critical or high vulnerabilities and has acquired the Cyber Essentials Plus certification. They are now working towards further enhancing their security and attaining ISO certification, as well.
Comtact acknowledges the oncoming convergence of security assessment tools comprising vulnerability management, penetration testing, automated attack simulation platforms, and more. Preparing for the days to come, the company is exploring robotic process automation and AI technology in the vulnerability management area. “We evolve to ensure that we’re really using the latest and greatest technology to support customers in their continuous journey to complete security,” concludes List.