We offer full vulnerability assessment services for internal or external networks.
Vulnerability assessments are similar to penetration tests but are automated and aim to give you a high-level view of risks over a much larger area of your network, in a shorter amount of time.
Vulnerability assessments look for known vulnerabilities and report back potential exposures. It is normally an automated scan using a commercial tool. It is different to a penetration test where a human tester uses a variety of different methods to try to exploit and verify any weaknesses.
We can offer the following automated services:
- Unauthenticated external vulnerability assessments
- Internal unauthenticated and authenticated vulnerability assessments
- Workstation and server patch checking sweeps
We appreciate that every business is different and that the complexity of their I.T. systems varies tremendously, therefore we tailor bespoke tests for each different company.
If you would like a NO OBLIGATION quote, please contact us to discuss your requirements.
What is the difference between and Unauthenticated and Authenticated vulnerability assessment?
This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues on exposed services. It does not login to the system, therefore does not run more detailed checks that would only be possible when using local administrative user credentials.
This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues, by logging into the host as an administrative user. This performs a much more detailed review and covers patch checking and configuration issues for the unexposed services on the host. If you wished to check all patching levels of systems across your network, an authenticated test would be the best option.
How often should I conduct a vulnerability Assessment?
It is recommended that external and internal vulnerability assessments or penetration testing should be conducted annually as cyber threats are constantly evolving.
If major changes are made to the infrastructure or new applications are developed, then it is recommended that additional testing is conducted. This ensures that any recent changes are not introducing new vulnerabilities into the environment.
Some certifications such as ISO 27001 or PCI DSS, require a certain frequency of testing to remain compliant.
What is included in the Vulnerability Report?
We supply a full vulnerability assessment report, which covers the following:
- Executive management summary – Non technical overview of issues for management board level
- Detailed technical findings – A complete list of all issues identified
- Affected hosts – A list of all hosts affected, including the associated network port
- Risk level – Impact, likelihood and overall risk ratings are listed for each issue
- Examples – Output or screenshots to demonstrate the issue
- Recommendations – details of how to remediate the issues, including any reference to documents that can assist