Vulnerability Management

EXTERNAL VULNERABILITY ASSESSMENT

External Vulnerability Assessments are intended to evaluate the security posture from the perspective of an anonymous source on the Internet to the environments that are available across the Internet. We assess the safety of the entirety of your outward presence, including any perimeter devices, servers, and web applications. Anything accessible from the Internet, will be assessed for potential vulnerabilities. Our external vulnerability assessments include both a documentation of findings and recommendations on how to remediate or mitigate them. Testing for external vulnerabilities is essential to keeping and maintaining a more secure posture to your environments.

INTERNAL VULNERABILITY ASSESSMENT

While strong external security is essential, experienced attackers have found ways to circumvent the firewall and other perimeter protection devices. This is often performed with client-side attacks, such as enticing users to click a link, open an infected document, and/or leading them to the attacker’s malicious website. Organizations must develop strong layers of internal security to prevent these attacks.

Our internal network vulnerability assessment takes into account a range of network issues and identifies weaknesses that require attention, including misconfigurations and policy non-compliance vulnerabilities. With internal network vulnerability tests, we assess your entire network infrastructure for vulnerabilities. Typically, this assessment will include examining everything, from servers, desktops to networking devices and firewalls. Just like our external assessments, our internal assessment includes both a documentation of findings and recommendations on how to remediate and mitigate these vulnerabilities effectively and efficiently.

The summary report of findings and recommendations are provided along with the detailed raw reporting from the vulnerability assessment. The reports provide comprehensive recommendations for addressing issues discovered, while the summary report of findings identifies gaps in program that address whole groups of vulnerabilities at a time by process improvements rather than one-off remediation activities.