Information Security Solutions & Services

Vulnerability Assessment

Back to Information Security Solutions & Services

PREVIOUS – Penetration Testing

NEXT – Governance Risk & Compliance

Vulnerability Assessment Services

A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately.

Overview

Our Security Program Assessment starts with the latest industry standards. It then incorporates the deep experience and knowledge gained from responding to hundreds of computer security incidents to generate high-quality recommendations across 10 critical security domains. During the Security Program Assessment, our consultants perform interviews, collect evidence and review artifacts. At the same time, they facilitate workshops to ensure future improvements can be understood and successfully implemented by your team.

Executive threat briefing

Our intelligence analysts provide a summary of findings and recommendations that includes a threat intelligence report based on current observed attacker trends in your industry.

Threat detection report

Our consultants compare your company’s event logs to our proprietary Indicators of Compromise (IOCs) library to identify malicious activity. We provide a detailed report that includes a findings summary with insights into relevant threat actor profiles.

Observations and gap analysis

Using an industry framework as a benchmark, we identify domains that require further development. We also provide a maturity plan for each domain to strengthen your security posture.

Types of vulnerability assessments

Vulnerability assessments depend on discovering different types of system or network vulnerabilities, which means the assessment process includes using a variety of tools, scanners and methodologies to identify vulnerabilities, threats and risks.

Some of the different types of vulnerability assessment scans include the following:

Network-based scans are used to identify possible network security attacks. This type of scan can also detect vulnerable systems on wired or wireless networks.

Host-based scans are used to locate and identify vulnerabilities in servers, workstations or other network hosts. This type of scan usually examines ports and services that may also be visible to network-based scans, but it offers greater visibility into the configuration settings and patch history of scanned systems.

Wireless network scans of an organization’s Wi-Fi networks usually focus on points of attack in the wireless network infrastructure. In addition to identifying rogue access points, a wireless network scan can also validate that a company’s network is securely configured.

r

Application scans can be used to test websites in order to detect known software vulnerabilities and erroneous configurations in network or web applications.

Database scans can be used to identify the weak points in a database so as to prevent malicious attacks, such as SQL injection attacks.

Vulnerability assessments vs. penetration tests

A vulnerability assessment often includes a penetration testing component to identify vulnerabilities in an organization’s personnel, procedures or processes that might not be detectable with network or system scans. The process is sometimes referred to as vulnerability assessment/penetration testing, or VAPT.

Security program roadmap and recommendations

This strategic and tactical action plan provides recommendations on sequence and prioritization to improve effectiveness across one or more of the 10 critical security domains.

PREVIOUS – Penetration Testing

NEXT – Governance Risk & Compliance