Security Innovation - Web Security

Vulnerability Assessments

The Vulnerability Assessment service examines your system and web application assets to identify weaknesses against all currently known exploits. These systems may exist in your on premise environment, in a co-location facility, or within a public cloud provider and should all be periodically assessed. The Vulnerability Assessment service leverages vulnerability scanning technology that is frequently updated to ensure that the latest known exploits are included in the system examination process. We deliver a comprehensive “snapshot” of your current security posture and a roadmap to industry accepted best practices and compliance throughout the organization. The service offers customers the ability to identify vulnerabilities that may exist in both public Internet-accessible as well as internally-facing hosts and web applications.

WHY DO I NEED A SCAN?

- Identify vulnerabilities that exist with internet-facing and internal systems to understand the potential risk to the environment
- Specific results and recommendations enables remediation of vulnerabilities and minimizes the attack surface
- Ensure security compliance requirements are met and reduce the risk by identifying and closing security gaps

SERVICE PROCESS

This vulnerability assessment service is intended to identify vulnerabilities with your assets with details and specific recommendations to mediate and reduce risk. The service engagement involves the following process:

1. Discovery

- Identify the environments to be scanned
- Perform discovery scan
- Analyze & document IP scope of systems
- Analyze & document URL scope of web apps

2. Preparation

- Deploy scanning tool for internal scans
- Validate communication to scanning tool for internal scans
- Configure scanning for assets in scope
- Assist client with any coordination with third-party providers
- Schedule scan to align with timeframe provided

3. Execution

- Initiate scans that have been scheduled
- Gather scan results

4. Analysis

- Evaluate results data by severity
- Validate and reproduce significant findings
- Develop recommendations
- Produce scan assessment report

5. Delivery

- Update report per Customer feedback (if applicable)
- Securely deliver report

EXTERNAL VULNERABILITY ASSESSMENT

External Vulnerability Assessments are intended to evaluate the security posture from the perspective of an anonymous source on the Internet to the environments that are available across the Internet. We assess the safety of the entirety of your outward presence, including any perimeter devices, servers, and web applications. Anything accessible from the Internet, will be assessed for potential vulnerabilities. Our external vulnerability assessments include both a documentation of findings and recommendations on how to remediate or mitigate them. Testing for external vulnerabilities is essential to keeping and maintaining a more secure posture to your environments.

INTERNAL VULNERABILITY ASSESSMENT

While strong external security is essential, experienced attackers have found ways to circumvent the firewall and other perimeter protection devices. This is often performed with client-side attacks, such as enticing users to click a link, open an infected document, and/or leading them to the attacker’s malicious website. Organizations must develop strong layers of internal security to prevent these attacks.

Our internal network vulnerability assessment takes into account a range of network issues and identifies weaknesses that require attention, including misconfigurations and policy non-compliance vulnerabilities. With internal network vulnerability tests, we assess your entire network infrastructure for vulnerabilities. Typically, this assessment will include examining everything, from servers, desktops to networking devices and firewalls. Just like our external assessments, our internal assessment includes both a documentation of findings and recommendations on how to remediate and mitigate these vulnerabilities effectively and efficiently.

The summary report of findings and recommendations are provided along with the detailed raw reporting from the vulnerability assessment. The reports provide comprehensive recommendations for addressing issues discovered, while the summary report of findings identifies gaps in program that address whole groups of vulnerabilities at a time by process improvements rather than one-off remediation activities.