Vulnerability Assessments

A vulnerability assessment is a detailed study of the security posture of an organizations network.  This third party opinion from InfoSight can include the following internal and external options:

External Vulnerability Assessment (eVA)

Security analyst will conduct an examination of the potential vulnerabilities to your perimeter network to ensure security safeguards are in place to protect valuable assets and confidential information against unauthorized access that could have potentially catastrophic and costly consequences.  Examination of the potential vulnerabilities to the perimeter network will be performed under the premise of a  “Zero Knowledge Attack” gathering publicly available information about public records and websites available on the Internet to discover potential security vulnerabilities. In addition, physical sites, systems and applications will be probed to identify potential security weaknesses and for potential penetration testing.  The eVA final report will include a grading format ranging from Severe to Low with recommendations for remediation.

Internal Vulnerability Assessment (iVA)

InfoSight’s security professionals will conduct an examination of the potential vulnerabilities to the internal network to ensure security safeguards are in place to protect against trusted and unauthorized access that of internal assets.  Here we will look beyond the perimeter network to explore LAN/WAN hardware, software applications, Operating Systems and Network devices. The Final Report will include a grading format ranging from severe to low with recommendations for remediation. Recommendations generally include but are not limited to the following: Sample configurations, Patch and service pack recommendations, Training – Technical and/or Security Awareness, Best Practice and Vendor specific recommendations.

Comprehensive Vulnerability Assessments (CVA)

Comprehensive Vulnerability Assessment service offers a complete on-site assessment of your enterprise security infrastructure and information security posture both internally and externally. Infosight will identify areas to defend your network from the inside out using additional services such as Social Engineering and Email Phising to maximize your company’s valuable information assets. This important service assesses the technical security of your company’s computer systems, the physical security of your material workspaces, and the soundness of your company’s information security policies, procedures, and processes. A CVA provides a comprehensive and holistic approach to validating and thus strengthening your company’s enterprise security program.

*All VA tests are performed using a methodology which conforms to Information Systems Audit Standards issued by the Information Systems Audit and Control Association. Additional sources of testing procedures include CERT/CC, the SANS (SysAdmin, Audit, Network, Security) Institute and NIST (National Institute of Systems and Technology). 

Contact us today to assess your network for vulnerabilities.