64MM
Vulnerability Assessment
Details
Let us run comprehensive snapshots of known vulnerabilities detected on Internet-facing hosts for your company. This can be a one-off process or continued weekly, monthly or yearly. We provide your organization with a detailed report on your network, point out potential hazards and suggest fixes. Stay on top of all the current threats on the Internet.
If you would like to fill out a scope document click here to download.
Services
We provide various types of vulnerability assessments. Including:
Network assessment
This scan will pinpoint possible flaws on wired and wireless networks.
Database assessment
This assessment involves locating security loopholes in a database to prevent malicious attacks, such as distributed denial-of-service (DDoS), SQL injection, brute force attacks, and other network vulnerabilities.
Web application assessment
This scan involves a careful evaluation of web applications and their source code to find any security holes.
Host-based assessment
This type of assessment examines any possible weaknesses or threats in server workstations and other network hosts. It also involves a meticulous examination of ports and services.
Wireless network assessment
This scan validates whether an organization’s wireless infrastructure is securely configured to prevent unauthorized access.
Steps Taken In Vulnerability Assessment
Before we begin a vulnerability assessment, we establish a procedure:
- Identify where your most sensitive data is stored.
- Uncover hidden sources of data.
- Identify which servers run mission-critical applications.
- Identify which systems and networks to access.
- Review all ports and processes and check for configuration errors.
- Map out the entire IT infrastructure, digital assets, and any devices used.
Vulnerability identification
We then conduct a vulnerability scan of your IT infrastructure and make a complete list of the underlying security threats.
Analysis
We will provide you with a detailed report containing different risk ratings and scores for vulnerabilities. The report will use a CVSS (common vulnerability scoring system) to assign a numerical score. A careful analysis of these scores will tell you which vulnerabilities you’ll need to deal with first. You can prioritize them based on factors such as severity, urgency, potential damage, and risk.
Treating the vulnerabilities
Once the vulnerabilities identified and analyzed, the next step is to decide how you want to fix them. There are two ways to do this: remediation and mediation.
Remediation involves fixing a vulnerability fully to prevent any exploitation. You can achieve it through the installation of security tools, software updates, or a more involved process. The vulnerability remediation process is based on the priorities set during the analysis phase and requires the participation of all stakeholders.
When there’s no proper fix or patch for an identified vulnerability, mitigation helps reduce the prospect of an attack. The option is used to buy time until remediation is possible. Part of the mitigation process should include deploying additional tools to help reduce cybersecurity risks. For example, antivirus software can be used to identify and remove malware and other threats within your network. Reputable tools can accomplish this through a variety of measures, including real-time antivirus scanners, remote firewalls, and predictive artificial intelligence threat detection.
All of this will be defined in the initial scope of the project, as well as whether Get Event Log or your existing IT will carry out the fixes.
The Process
To begin the process of the Assessment we will work with you to complete a scoping document, then commence with the project. Typically the project will take seven days to complete from scoping to final report delivery.
The project milestones look like this:
- Network Discovery - Make a directory of assets and resources in a given system.
- Vulnerability Scanning - Discover the potential threats to each resource.
- Result Analysis - Comprehensive analysis and through review of the target system and its environment.
- Reporting - Provide a PDF or Word document assessment report with suggested fixes.