Why is Vulnerability Assessment Important?

One way to secure IT assets, maintain an awareness of the vulnerabilities in an environment and respond quickly to mitigate potential threats is through regular vulnerability assessment (VA). A VA is a process to identify and quantify the security vulnerabilities in an organisation’s environment. A comprehensive vulnerability assessment program provides organisations with the knowledge, awareness, and risk background necessary to understand threats to their environment and react accordingly.

How Vulnerability Assessments help Companies

The best way to take this first step in improving your IT security is to find a partner who can guide you through the process and the steps that – ideally – will follow.

Gain 360-degree visibility into your security exposure with our Vulnerability Assessment.

Vulnerabilities

OS vulnerabilities, third-party vulnerabilities, zero-day vulnerabilities.

Security Misconfigurations

Default credentials, firewall misconfigurations, unused users and groups, elevated privileges, open shares.

Web Server Misconfigurations

DDoS-related misconfigurations, unused web pages, misconfigured HTTP headers and options, directory traversal, expired SSL/TLS, cross-site scripting.

High Risk Software

End-of-life software, remote desktop sharing software, peer-to-peer software.

How we execute vulnerability assessment

A Vulnerability Evaluation is a method of assessing resources in an enterprise for missing patches and misconfigurations. Often the vulnerability assessment is in support of regulatory compliance or compliance with a standard. The process identifies and prioritizes vulnerabilities based on criteria such as the likelihood of the vulnerability being exploited and the severity of the vulnerability – what the vulnerability provides the attacker when used. These criteria are used to categorize the vulnerability as Critical, High, Medium, Low, or Informational.

We assess systems using vulnerability scanning tools and manual methods to identify and prioritise findings based on the criticality of system vulnerabilities. We scrub findings to eliminate false positives and prioritise risk, based on existing security controls for your environment. The Vulnerability Assessment looks for missing patches and existing vulnerabilities for each system. We use authenticated scans wherever possible to reduce false positives and improve accuracy.

We typically perform a Vulnerability Assessment on an internal enterprise environment and a Penetration Test against the external, public-facing systems. We can, however, perform a Vulnerability Assessment against your external systems and wireless systems as well.

ADVANTAGES / RETURN ON INVESTMENT (ROI)

The majority of attacks take advantage of unpatched or misconfigured systems or applications. Our Vulnerability Assessment service helps you identify vulnerable systems and applications. We provide prioritized, risk-based step-by-step actions to fix the identified vulnerable systems and applications.

Our Vulnerability Assessment not only looks for unpatched systems, but checks for misconfigured systems, applications, and unnecessary services. Our Vulnerability Assessment service also helps ensure your IT assets are compliant with policy and standards, such as the following:

ISO27001:2013 (IEC)
NIST
PCI DSS
OWASP

WHAT YOU GET / DELIVERABLES

You get three items:

Vulnerability Assessment Report
Vulnerability Assessment Report Findings Review with your team via an online session
Discounted Rerun Option for a rerun of the Vulnerability Assessment after you fix identified problems

SCAN

Scan and Discover

Scan and discover exposed areas of all your local and remote office endpoints as well as roaming devices.

ASSESS

Analytics

Leverage attacker-based analytics, and prioritise areas that are more likely to be exploited by an attacker.

MANAGE

Security Loop-holes

Mitigate the exploitation of security loopholes that exist in your network and prevent further loopholes from developing.