Vulnerability scanning and assessment

1. Home
2. Vulnerability scanning and assessment

Method

Our vulnerability scanning and assessment is based upon recognized resources like configuration recommendations and CVE information released by vendors and renowned institutes such as Cisco, Windows, SANS and MITRE, combined with our own professional experience and expertise.

During the vulnerability scanning, we use industry standard automated tools. In our vulnerability assessment we manually verify the vulnerabilities identified during the scanning and remove false positives. Optionally information about the identified vulnerabilities are enriched with information about whether a public exploit is available and how easy it would be to exploit in your specific environment.

Involvement:

• The delivery requires minimal involvement of your technical staff.

Value:

• Identify vulnerabilities on publicly exposed or internal infrastructure
• Assessment of the vulnerabilities’ potential impact to your business and ease of exploitation
• Identify inefficient patch management on workstations, servers, network equipment or other devices (printers, IP telephones, video surveillance, etc.)
• Identify devices connected to your network not managed by the IT department

Product - Written Report Analysis Containing the Following:

• A non-technical section with an Executive Summary for management and decision makers
• A technical section that is based on our overall risk assessment. It will include relevant detailed critical, high and medium severity observations, potential impact and tangible recommendations
• An appendix including all identified vulnerabilities across all severity levels