Vulnerability assessment is a "soft" scan of computers, servers, and network devices on your network with industry recognized scanning software to uncover unpatched and vulnerable systems, combined with data collection about system configuration and network permissions to give a comprehensive view of the overall level of security.  In this type of scan, no systems are actually breached, no passwords compromised, and there is no disruption to the systems being scanned.  Because this is a less invasive procedure it is faster and therefore less expensive, but still able to turn up major areas of concern to be addressed.  A vulnerability scan includes:

       We use automated scanning tools to identify systems on your network, OS version, patch level, system configuration settings, services running, open ports, and presence of software vulnerable to known exploits.  These results are compiled into a list of potentially vulnerable systems.

       Since an automated scanner cannot see the Big Picture, including firewall filtering, VLANs, NAC, and other protective measures in place, it is important to take these other factors into account to make an accurate assessment of your real vulnerability to attack.  We take into account whether or not the reported vulnerabilities are mitigated by other security measures in place to accurately reflect the overall threat to your organization.

       We analyze the data collected and use our expertise to determine the full scope of the vulnerabilities discovered and the potential impact to the organization.  We determine which vulnerabilities are most likely to lead to a compromise and rate them based on risk and difficulty of remediation.  High risk, easy to fix vulnerabilities are prioritized so you can spend your limited security budget most effectively.

       At the conclusion of the assessment we will provide a detailed report of the vulnerabilities discovered, ranked according to risk and cost, any mitigating controls in place to reduce the threat level, the potential impact to the organization, along with our recommendations not only on how to fix the specific problems uncovered but also changes to be made to the overall security posture to prevent new vulnerabilities from developing. Each report contains an executive summary written from a business impact point of view in terms a non-technical executive audience can understand with clear logic between vulnerabilities found and threats to company resources.  Additionally each report will contain a technical section with detailed information about specific vulnerabilities including CVE number for cross reference and steps to mitigate.  All the information your IT Dept will need to close the loopholes uncovered during the test and prevent a real attack.

       In addition to the standard types of vulnerability assessment above, we also offer Special Vulnerability Assessment Services.

For more information or a price quote, Contact Us.