Vulnerability Assessment

Find your security weaknesses

Vulnerability Assessment

Every business contains an element of risk, Security risks are usually at the top of that priority list. Risk in technology is a real and present danger. Malicious break-ins into corporate computer systems are increasing year on year. The fact is that many information systems are not designed to be secure, Security through technical means is paramount. A business should know the vulnerabilities it has in its systems as an integral part of its risk management focus.

Performing a vulnerability assessment is vital to your business security baseline and can provide an accurate “point-in-time” representation of your organization’s security posture. However alone, this is not enough. A secure business should have a policy in place to ensure a consultant conduct a vulnerability assessment process on a continual basis. This is the only way to ensure minimizing the overall risk.

Threats originate from all parts of the world, as well as from within your own network, it is becoming ever more important for organizations to secure their resources. The benefits that can result from a consultant conducting frequent, pro-active vulnerability assessments are numerous.

 

The most apparent advantage is the ability to identify your known security exposures before potential attackers do. By having conducted continual assessments it is easy to identify possible security concerns that may be present on your network, both from an internal and an external stand point. Early detection is vital and introduces for you the opportunity to address the issues before the attackers can exploit those weaknesses which may cause serious damage to your companies assets and your reputation.

Another benefit of having completed routine vulnerability assessments is that it can assist in updating or creating a detailed network map of your enterprise. An organization should have an accurate idea of what systems are present in their environment. However, it should not be possible for someone to connect a new system to your network without informing the right people or going through the correct change management process. However if these machines were unofficially connected to the network such as employees personal laptops and rogue access points for example, the chances of them being hardened or secured is probably low. These rogue machines can introduce unwanted and unnecessary risks into your enterprise and need to be found and dealt with in a timely manner.

 

It is important to recognize that some of the exposures uncovered may actually need to be present for your systems and infrastructure to run correctly, from a business perspective. The services associated with these exposures need to be highlighted so that the risk can be managed and monitored. It will be possible to accurately develop a risk curve to illustrate how the security posture trends over time. Ideally the risk curve would be managed and reduced, reaching the point where the network security and business requirements meet.

Your existing controls may be effective, but may not be comprehensive enough to provide assurance of appropriate confidentiality, integrity, and availability of your business information. Vulnerability assessments are an important mechanism through which we can help your organization identify potential security exposures and enable you to engage a process to correct any deficiencies.

The internet is growing, and the ease at which just about anyone can launch a cyber attack in turn grows exponentially, it is becoming more important to secure potential exposures quickly. Finding and helping you address these exposures is our business and is becoming a race that is harder and harder for your alone to win, don’t let your organization fall behind.

Minatio Vulnerability Assessment Process

Process

  • Conduct Assessment 

    The phase consists of two objectives, the planning and performing of the vulnerability assessment. The planning component includes gathering all required information, defining the scope of activities, and making the relevant entities aware of the impending assessment. The method for performing the vulnerability assessment will include speaking with system administrators (if applicable), reviewing appropriate policies and procedures relating to your systems being assessed and of course the security scanning.

  • Identify Exposures

    The phase can include an assortment of tasks. From, reviewing the resulting data from the assessment phase cataloguing the risks and prioritising the vulnerabilities tying any vulnerability into your business management process so that accountability for the issues can be established and remittance advice given so exposures can be resolved. The data can also be stored and reviewed allowing for enterprise wide risk analysis and management.

  • Reporting Exposures

    The phase will include a comprehensive vulnerability report written at both high level to be read by senior management and at a more detailed level for technical staff. Before any steps are taken to fix an issue an investigation must be conducted to determine if the service that opens your exposure is in fact needed. If the service is required then the system should be upgraded, or if no upgrades exists management should be informed of the potential risk that system presents so the risk can be managed in line with your risk management strategy. If the services are not needed then you could simply disable it.

Methodology

Vulnerability Assessment

The Assessment begins with an overview of your infrastructure and an agreement of the scope of the assessment. Following the information being gathered the scan with be carried out on the agreed infrastructure systems. All of our scanning is carried out by highly trained specialised staff using the latest scanning techniques and tools to give you a full and comprehensive scan allowing you to assess the vulnerabilities that may exist in your information system networks.

Once the scan is complete the data is then analyzed manually by one of our professionals to filter out any potential false positives. The data is then cataloged using a repeatable prioritization system giving you the best chance to manage the risks in a timely manner and within your budget. Many companies will simply not have the time and funds to plug every vulnerability immediately so prioritization is paramount. Your report will be manually written for both senior management level and on a more technical basis with remittance advice on how to deal with any vulnerabilities that may be evident in your assessment.

The report will be transmitted to you securely and we can make arrangement to retest in the near future.

Additionally if an on site presentation of your reports findings is required this can be arranged.