Vulnerability Management Advisory

Your MSP keeps
the lights on. We keep
your security honest.

You have an IT company keeping the network running. Nobody is tracking what is vulnerable, mapping findings to actively exploited CVEs, or telling your team what to fix first. That is the gap Northstar fills. Monthly credentialed scanning, risk-ranked findings, and plain-English advisory every month.

Common triggers
HIPAA audit prep Cyber insurance renewal Client security questionnaires Compliance gap assessment No dedicated security staff IT provider without security practice
0
Active KEV entries tracked
0
More vulns vs external scanning
Monthly
Advisory cadence
30 min
Monthly call, plain English
Why it works differently

Built for programs,
not one-time reports.

Most vulnerability tools produce output. Northstar produces outcomes. Three things set the program apart.

01
Inside-out visibility
Scanning from inside your network with authenticated credentials finds 60 to 70 percent more vulnerabilities than external scanning. External scans only see what is visible through your firewall. We see everything on every system.
60–70% more coverage
02
Risk-ranked findings, not raw output
Raw scanner output is noise. Every finding is cross-referenced against CISA's Known Exploited Vulnerabilities catalog so you know which vulnerabilities are being actively attacked right now, and which ones can wait.
CISA KEV mapped
03
Advisory judgment, not automated alerts
A trained analyst reviews your environment every month and delivers a remediation roadmap in plain English. What to fix first, why it matters, and what your IT team should do next. Not a dashboard. Not auto-generated.
Monthly human review
Core Services

A program that grows
with your risk posture.

Start with a baseline. Build a program. Add log visibility when you are ready. Every tier is designed to stack. You do not have to buy it all at once.

Tier 01
Vulnerability Management
Monthly credentialed scanning from inside your network. Every finding cross-referenced against actively exploited vulnerabilities. Risk-scored remediation roadmap delivered monthly.
Starting point for every engagement
Tier 02
Log Management + Threat Hunt
Lightweight log agents deployed on key systems. Once a month, a trained analyst hunts through your logs for indicators of compromise. The things your IT company is not looking for.
Add-on to Tier 01
Tier 03
Security Program Build-Out
Policy development, compliance alignment, incident response planning, and annual risk assessment. For organizations ready to formally own their security posture.
Premium retainer
01
Security Posture Assessment
One-time2-week deliveryAny org size
$3,000 to $7,500
A credentialed scan from inside your network combined with a full asset discovery audit. Most clients find out for the first time exactly what is on their network. Findings are cross-referenced against CISA's Known Exploited Vulnerabilities catalog so you know what is being actively attacked right now. Delivered as a risk-scored remediation roadmap and plain-English executive summary. This is your baseline. Everything else builds from here.
Credentialed vulnerability scanAsset discovery auditCISA KEV cross-referenceRisk-scored findingsRemediation roadmapExecutive risk report30-day follow-up call
02
Vulnerability Management Program
Monthly retainerOngoing programCompliance-ready
From $1,500 / mo
Credentialed scanning from inside your network every month. Inside-out scanning finds 60 to 70 percent more vulnerabilities than external scans. Every finding is cross-referenced against the CISA KEV catalog so you always know which vulnerabilities are being actively exploited. A risk-scored, prioritized remediation roadmap is delivered monthly alongside a 30-minute advisory call. Your IT team handles the fixes. We provide the strategic direction on what to fix and in what order.
Monthly credentialed scansCISA KEV cross-referenceRisk-prioritized findingsRemediation roadmap30-min advisory callPlain-English monthly report12 documented assessments/year
03
Log Management & Monthly Threat Hunt
Add-onMonthlyThreat detection
Add-on to VM Program
Lightweight log agents deployed on your key systems ship security events to a centralized platform. Once a month, a trained analyst reviews your logs. Not a dashboard auto-alert. An actual human looking through your environment for indicators of compromise, lateral movement, credential abuse, and anomalous patterns. This is not continuous monitoring or 24/7 SOC coverage. It is a focused monthly threat hunt specifically looking for what attackers leave behind.
Log agent deployment guidanceCentralized log collectionMonthly analyst threat huntIOC analysisLateral movement detectionCredential abuse reviewMonthly findings summary
04
Security Program Build-Out
Premium retainerCompliance-focusedPolicy development
Custom scoping
For organizations ready to build a formal security posture. Not just scan and patch, but actually own it. Includes written security policies, HIPAA and compliance framework alignment, incident response planning, and an annual risk assessment your leadership can stand behind. Twelve documented monthly reports, formal policies, and a clear security narrative for auditors, board members, and clients who ask.
Written security policiesHIPAA / compliance alignmentIncident response planAnnual risk assessmentProgram maturity roadmapQuarterly executive reviews
What you get

We advise. Your team executes.

Every month, you get a clear picture of your risk posture, a ranked list of what to fix, and a 30-minute call to walk through it together. Your IT company handles execution. Northstar owns the security direction.

Advisory only · Not managed IT · Not a 24/7 SOC

Monthly risk picture, every cycle
Credentialed scanning of your full environment every month. Every finding cross-referenced against actively exploited vulnerabilities. You always know exactly where you stand.
Plain-English reporting your leadership can act on
Risk score, top findings, what has improved, what is still open. Written for a business owner, not a security engineer. No 200-page technical exports.
Remediation roadmap your IT team can execute
A specific, ranked action list your IT company can work from. No ambiguity about what to fix first, what can wait, or why it matters.
12 documented assessments per year
Monthly reports build into a compliance record. Meaningful for HIPAA audits, cyber insurance renewals, and client security questionnaires.
CISA KEV · Active Exploit Intelligence Live Feed
Microsoft CVEs
Ransomware Associated
Total KEV Entries
Added Last 30 Days
Recently Added
Ransomware
Remote Code Execution
Auth Bypass
Network / VPN
Privilege Escalation
All KEV
Loading live CISA KEV data...
For MSPs

Your clients need security advisory.
Most MSPs do not offer it.

Managed IT and security advisory are two different disciplines. Most MSPs are excellent at keeping infrastructure running. Vulnerability management programs, compliance alignment, and threat hunting are a different practice entirely. That is where Northstar comes in.

Partner Program
Northstar works alongside MSPs as a dedicated security advisory layer. Referral arrangements, white-label delivery, or co-engagement on existing clients. If your clients are asking security questions you cannot answer, let us talk.
01
Refer and stay in the relationship
Bring Northstar in as the security advisory layer. You stay the primary IT relationship. Your client gets security coverage. You get a trusted partner for the security questions that land on your desk.
02
Compliance questions answered
HIPAA, PCI-DSS, cyber insurance renewals, client due diligence requests. These questions are landing on your desk. Northstar handles the security program side so you can stay focused on IT operations.
03
No conflict, just coverage
We advise, your team executes. Northstar never competes for the managed IT relationship. We handle vulnerability management and security advisory. You handle everything else.
04
Differentiate your stack
Offering a security advisory partner sets your MSP apart from competitors who simply pass on compliance questions. Give your clients a complete answer, not a referral to figure it out themselves.
Engagement Methodology

How we build your
security program.

Phase 01
Discovery
Intake session to map your infrastructure, existing IT setup, compliance obligations, and current security posture. We learn your environment before we touch anything.
Phase 02
Asset Inventory
Full discovery of what is on your network: servers, workstations, printers, IoT devices, cloud assets. Most clients find devices they forgot existed. You cannot protect what you do not know about.
Phase 03
Credentialed Scanning
Scanning from inside your network with credentials finds 60 to 70 percent more vulnerabilities than external scans. We configure this correctly from day one. No missed coverage, no false baselines.
Phase 04
Risk Prioritization
Raw scanner output is noise. We cross-reference every finding against CISA KEV and real-world exploit data to give your team a ranked list of what needs to get fixed, and when.
Phase 05
Plain-English Reporting
Monthly report delivered in language your leadership can act on. Risk score, top findings, what has improved, what is open, and what to do next. No 200-page technical exports.
Phase 06
Remediation Guidance
We tell your IT team exactly what to fix, in what order, and why. They own execution. We own the strategy. Monthly advisory call walks through everything together.
Phase 07
Continuous Program Maturity
Month over month, your program gets tighter. Scan coverage improves, remediation velocity tracks, posture scores move. You have something to show auditors, insurers, and clients who ask.
Remediation SLA Framework
CRITICAL 24 Hours
Actively exploited CVEs, CISA KEV entries, CVSS 9.0+
Industry median: 14 days
HIGH 7 Days
Public exploit available, CVSS 7.0–8.9, network-facing assets
Industry median: 45 days
MEDIUM 30 Days
No active exploit, CVSS 4.0–6.9, internal assets
Industry median: 90 days
LOW / INFO 90 Days
Informational findings, patch cycle alignment
Industry median: 180+ days
SLA targets established during engagement scoping.
Industry medians sourced from published vulnerability research.
Why Northstar

Security expertise built
for the real world.

You have an IT company keeping things running. Nobody is actually owning security. Northstar fills that gap: structured vulnerability management, monthly reporting, and someone who speaks plain English about risk.

Vulnerability Management NIST CSF HIPAA SOC 2 PCI-DSS ISO 27001 Threat Hunting Risk Reporting
For organizations with infrastructure worth protecting
Professional services, healthcare practices, legal and financial firms, and any organization with compliance obligations they cannot ignore and no dedicated security specialist on staff.
Advisory, not managed services
We guide your team through vulnerability prioritization and remediation strategy. Your IT company owns execution. We own the security direction.
Inside-out visibility
Scanning from inside your network finds 60 to 70 percent more vulnerabilities than external scanning. We give you the full picture, not just what is visible from the outside.
12 documented assessments per year
Monthly reports are not just useful. They are a compliance asset. Twelve documented risk assessments a year is a meaningful record for HIPAA audits, cyber insurance renewals, and client due diligence.
Common Questions

What people ask
before they engage.

How is this different from what my IT company already does?
Your IT company keeps your infrastructure running: patch management, backups, helpdesk. That is a different discipline from vulnerability management. Most IT companies do not run credentialed internal scans, do not cross-reference findings against actively exploited CVEs, and do not deliver a risk-ranked remediation program. Northstar does. We work alongside your IT company, not instead of them.
What does inside-out scanning mean and why does it matter?
External scanners look at your network from the outside, limited to what is visible through your firewall. Inside-out scanning uses authenticated credentials from within your network, which means it can assess every asset and every vulnerability on every system. Credentialed internal scanning finds 60 to 70 percent more vulnerabilities than external-only approaches. Most organizations do not realize they have this gap until their first credentialed scan.
I do not have a security team. How does remediation actually work?
That is exactly who this is designed for. Northstar delivers a prioritized remediation roadmap every month alongside a 30-minute advisory call. Your IT company handles the actual patching and configuration changes. We tell them exactly what to fix, in what order, and why. You do not need a security engineer on staff. You need someone who gives your IT team a clear, ranked list and holds the program accountable month over month.
What compliance frameworks does this support?
The vulnerability management program directly supports HIPAA Security Rule requirements, PCI-DSS vulnerability scanning requirements, NIST CSF, SOC 2 Type II audit readiness, and cyber insurance renewal documentation. Twelve documented monthly assessments per year is a meaningful compliance record. For organizations needing formal policy and framework alignment, the Security Program Build-Out tier covers that specifically.
How much time will this take from my team each month?
The monthly advisory call runs 30 minutes. Reading the report takes another 20. Your IT company reviews the remediation roadmap and executes patches on their normal schedule. There is no standing up infrastructure, no alert queues to manage, and no ongoing technical overhead on your side. Northstar runs the program. Your team acts on the output.
Is this the same as a penetration test?
No. A penetration test is a point-in-time engagement where a tester actively tries to exploit vulnerabilities. Useful, but it goes stale the day it finishes. A vulnerability management program runs every month and tracks remediation progress over time. A pentest tells you where you stood on one day. Northstar tells you where you stand every month and whether you are getting better.
Transparent Pricing

Priced on outcomes,
not hours.

No hourly billing. No ambiguity. Fixed monthly retainers so you know exactly what you are getting and what it costs. A one-time pentest costs $4,000 to $6,000 and goes stale immediately. Northstar delivers continuous monthly coverage.

Starter
$3K–$7.5K
One-time security posture assessment
  • Credentialed vulnerability scan
  • Full asset discovery audit
  • CISA KEV cross-reference
  • Risk-based remediation roadmap
  • Plain-English executive report
  • 30-day follow-up advisory call
Advisory Program
$1.5K–$2K
per month · ongoing retainer
  • Monthly credentialed scanning
  • CISA KEV cross-reference every cycle
  • Risk-prioritized remediation roadmap
  • 30-min monthly advisory call
  • Plain-English risk report
  • Scan coverage and config review
  • 12 documented assessments / year
Advisory + Threat Hunt
$2.5K–$5K
per month · includes log management
  • Everything in Advisory Program
  • Log agent deployment guidance
  • Centralized log collection
  • Monthly analyst threat hunt
  • IOC and lateral movement analysis
  • Credential abuse review
  • Monthly threat hunt summary