Question 1

What does the ongoing security monitoring service include?

Accepted Answer

The service includes quarterly automated vulnerability scans of your website, email, and network infrastructure; real-time CVE alerting when new critical vulnerabilities affect your technology stack; SSL/TLS certificate expiry monitoring; attack surface change detection; security posture trending with quarter-on-quarter comparison; and rapid re-testing after your team applies fixes. You receive a comprehensive report after each quarterly scan plus alert notifications between scans.

Question 2

How much does ongoing monitoring cost?

Accepted Answer

Ongoing security monitoring is $200 AUD per quarter — covering all your registered domains, IP addresses, and email domains. This works out to less than $67 per month for continuous protection. There is no long-term contract — you can cancel at the end of any quarter. We recommend starting with a Full Business Assessment ($1,200) to establish your baseline, then transitioning to quarterly monitoring.

Question 3

How is this different from a one-off security audit?

Accepted Answer

A one-off audit gives you a snapshot — your security posture on that specific day. Security is dynamic: new vulnerabilities are published daily, your infrastructure changes, certificates expire, and new services are deployed. Continuous monitoring bridges the gap with regular scanning, real-time CVE alerts, and change detection. Organisations with continuous monitoring experience 73% fewer security incidents than those relying on annual audits alone.

Question 4

What kind of alerts will we receive?

Accepted Answer

You receive three types of alerts: critical CVE notifications (when a CVSS 9.0+ vulnerability affects your known technology stack, within 4 hours), certificate expiry warnings (at 30, 14, and 7 days before expiry), and attack surface change alerts (new ports, services, or subdomains detected). Alerts are sent via email to your nominated security contact and can optionally integrate with Slack, Microsoft Teams, or PagerDuty.

Question 5

Do the quarterly scans cover everything the initial audit covered?

Accepted Answer

Yes. Each quarterly scan includes the same breadth of testing as our standalone assessments — OWASP web application testing, full network port scanning, SSL/TLS assessment, and email authentication verification. The key difference from a full pentest is that quarterly scans are primarily automated (no manual business logic testing), which keeps the cost to $200/quarter. We recommend a full manual assessment annually supplemented by quarterly automated monitoring.

Question 6

Can we add new domains or IP addresses to our monitoring scope?

Accepted Answer

Yes. You can add or remove assets from your monitoring scope at any time by emailing your account contact or updating your monitoring dashboard. New assets are included in the next quarterly scan and immediately added to CVE alerting and certificate monitoring. There is no additional charge for reasonable scope changes within a typical small business footprint (up to 20 domains and 20 IP addresses).

Question 7

How do you know which vulnerabilities affect our systems?

Accepted Answer

During the baseline scan, we catalogue your technology stack — web servers, CMS platforms, frameworks, mail servers, VPN appliances, and other software. This forms a technology profile that our CVE monitoring engine cross-references against new vulnerability disclosures. When a new critical CVE matches a technology in your profile, we verify the version match against our scan data before alerting — reducing false alarms while ensuring relevant threats are caught quickly.

Question 8

Is there a minimum contract period?

Accepted Answer

No. Monitoring is billed quarterly with no minimum commitment. You can cancel at the end of any quarter and retain all reports and data from your monitoring period. Most clients find ongoing monitoring essential once they see the volume of changes and new vulnerabilities detected between quarterly scans — the average SMB sees 3-5 material changes to their attack surface per quarter.

Question 9

Can we see our security posture trend over time?

Accepted Answer

Yes. Each quarterly report includes trend analysis showing your overall risk score, number of open vulnerabilities by severity, mean time to remediate, and quarter-on-quarter comparison. After 12 months of monitoring, you have a full year of security posture data — invaluable for board reporting, insurance renewals, and compliance evidence. The trend data is presented in both executive and technical formats.

Question 10

What happens if a critical vulnerability is found between scans?

Accepted Answer

Our CVE monitoring engine runs continuously, not quarterly. When a critical vulnerability is published that affects your technology stack, we alert you within 4 hours with specific details: which of your assets is affected, the vulnerability details, available patches, and recommended mitigation steps. We can also perform an immediate targeted scan of the affected service to confirm exploitability — this is included in the monitoring service at no extra charge.

Question 11

Do you provide remediation support or just report findings?

Accepted Answer

Quarterly reports include specific remediation guidance for every finding — which patches to apply, which configurations to change, which ports to close. For organisations without internal security expertise, we offer a remediation support add-on where our team works directly with your IT provider to implement fixes. Re-testing after remediation is always included to confirm fixes are effective.

Question 12

How do we get started with monitoring?

Accepted Answer

The simplest path is to start with a Full Business Assessment ($1,200) which establishes your security baseline, then transition to quarterly monitoring ($200/quarter). If you have already had a recent security assessment (within the last 12 months), we can onboard directly into monitoring — we perform an initial baseline scan and set up CVE alerting and certificate monitoring within the first week. Contact us to discuss the best starting point for your organisation.

Ongoing Security Monitoring

Why Continuous Monitoring Beats Annual Audits

Alert Response

Regular Scanning

Fewer Incidents

Affordable Protection

What Our Monitoring Service Includes

Quarterly Automated Vulnerability Scans

Real-Time CVE Alerting

Certificate & Domain Monitoring

Attack Surface Change Detection

Security Posture Trending

Rapid Re-Testing After Remediation

See How AI Can Transform Your Operations

How Monitoring Works

Baseline & Onboarding

Quarterly Scan Cycle

Between-Scan Protection

Security Monitoring FAQs

Stay Secure Between Audits