Products & Services
Consulting & Assessment Services
Ask the Experts
Submit a no-obligation vulnerability assessment question to our experts.
GET THE SCOOP: If you found this helpful, why not join in the conversation? Post your comments on vulnerability assessment issues on FaceBook, Twitter, and the InfoSight Blog.
*All VA tests are performed using a methodology which conforms to Information Systems Audit Standards issued by the Information Systems Audit and Control Association. Additional sources of testing procedures include CERT/CC, the SANS (SysAdmin, Audit, Network, Security) Institute and NIST (National Institute of Systems and Technology).
Vulnerability Assessment
A vulnerability assessment is a detailed study of the security posture of an organizations network. InfoSight's third party opinion can include the following internal and external options:
External Vulnerability Assessment (eVA)
Security analyst will conduct an examination of the potential vulnerabilities to your perimeter network to ensure security safeguards are in place to protect valuable assets and confidential information against unauthorized access that could have potentially catastrophic and costly consequences. Examination of the potential vulnerabilities to the perimeter network will be performed under the premise of a "Zero Knowledge Attack" gathering publicly available information about public records and websites available on the Internet to discover potential security vulnerabilities. In addition, physical sites, systems and applications will be probed to identify potential security weaknesses and for potential penetration testing. The eVA final report will include a grading format ranging from Severe to Low with recommendations for remediation.
Internal Vulnerability Assessment (iVA)
InfoSight's security professionals will conduct an examination of the potential vulnerabilities to the internal network to ensure security safeguards are in place to protect against trusted and unauthorized access that of internal assets. Here we will look beyond the perimeter network to explore LAN/WAN hardware, software applications, Operating Systems and Network devices. The Final Report will include a grading format ranging from severe to low with recommendations for remediation. Recommendations generally include but are not limited to the following: Sample configurations, Patch and service pack recommendations, Training – Technical and/or Security Awareness, Best Practice and Vendor specific recommendations.
Comprehensive Vulnerability Assessment (CVA)
Comprehensive Vulnerability Assessment service offers a complete on-site assessment of your enterprise security infrastructure and information security posture both internally and externally. InfoSight will identify areas to defend your network from the inside out using additional services such as Social Engineering and Email Phishing to maximize your organization’s valuable information assets. This important service assesses the technical security of your computer systems, the physical security of your material workspaces, and the soundness of your organization's information security policies, procedures, and processes. A CVA provides a comprehensive and holistic approach to validating and thus strengthening your company's enterprise security program.
Vulnerability Scanning is a fundamental part of vulnerability management. Doing it right requires preparation to ensure getting the most value from this vital security process. Contact us to learn more about how we can help you identify vulnerabilities in your network infrastructure.
Complementary Services
Patch Management
Change Management
GLBA Risk Assessment
What is a
Vulnerability Assessment?
Vulnerabilities are flaws or misconfigurations that cause a weakness in the security of a system. Vulnerabilities can be exploited by a malicious entity to gain greater access or privileges than it is authorized to have on a computer system.
Vulnerability management is a security practice designed to proactively prevent the exploitation of IT vulnerabilities that exist within an organization. The expected result is to reduce the time and money spent dealing with vulnerabilities and exploitation of those vulnerabilities. Proactively managing vulnerabilities of systems will reduce or eliminate the potential for exploitation and involve considerably less time and effort than responding after an exploitation has occurred.
Vulnerability scanners are commonly used in many organizations to identify vulnerabilities on their hosts and networks. Vulnerability scanners employ large databases of vulnerabilities to identify vulnerabilities associated with commonly used operating systems and applications. There are two types of vulnerability scanners: network scanners and host scanners. Network scanners are used for identifying open ports, vulnerable software, and misconfigured services. Host scanners are used for identifying specific operating system and application misconfigurations and vulnerabilities.
Do you have something to add to this definition? Let us know. Email your comments and contributions.
