Our vulnerability assessment is a careful examination of your organization’s environment to discover any potential points of compromise or weakness. Vulnerabilities that may be identified by our assessment include:
Our vulnerability assessment process is both, manual and automated. Automated tools help us to filter large amounts of data and can be used to examine logs, compile and analyze data from multiple sources (e.g.,a security incident and event management [SIEM] tool), examine the functions of a program and run test files or data against a tool such as a firewall or application. Where content is not easily quantified and requires judgment we prefer to use the manual process.
To validate the results of a vulnerability assessment, we also offer penetration testing services. Penetration testing uses the same sort of tools as those used by a real adversary, which can help to establish the extent to which an identified vulnerability is a true weakness. The scope for penetration testing can range from full knowledge of the infrastructure to a zero-knowledge tests in which our testing team has no knowledge ofthe infrastructure being attacked. Our penetration testing team is highly creative and attempts several types of tests to ensure that as many attack vectors as possible have been tested. The result of this process is a report that your organization can use in the process of risk identification.