Vulnerability Assessments are relatively quick but comprehensive procedures designed to help with risk detection. Using a scanning tool, these assessments work to locate flaws without exploiting them, unlike a Penetration Test.
The core objectives of a Vulnerability Assessment are to:
- Gain a full picture of the weaknesses in your IT estate
- Get a sense of how these flaws might be fixed to protect sensitive data
- Meet cybersecurity compliance in preparation for an audit
- Expose exploitable areas for data breaches ahead of Penetration Testing
With this in mind, we take time to analyse your networks, hardware and applications to create an actionable security plan going forward. Our consultants define, identify, classify and prioritise vulnerabilities from both an internal and external perspective, helping you to remediate the most pressing issues first.
As your websites and applications evolve over time, there is a great deal of benefit in undertaking regular vulnerability scans. The introduction of new code and changes in design can create new and undetected flaws, posing increased risk to your company at the exact time you most want to minimise it. Consequently, Vulnerability Assessments can be seen as an important part of security regression testing.
We provide three core types of Vulnerability Assessments:
- External Infrastructure
As with Penetration Testing, VAs can be carried out either internally or externally. With external infrastructure VAs, testers are only given access to public information, meaning they scan your systems and network devices from 'outside' the company. Typically carried out remotely, external VAs check security levels for Internet-facing services.
- Internal Infrastructure
In contrast to external infrastructure VAs, here testers carry out scans from 'inside' the company. Since full access needs to be given, internal VAs typically involve connecting to your internal network and assessing your systems, Internet-facing or otherwise. Doing so gives you meaningful insight into the level of risk present in your IT estate and allows vulnerabilities to be catalogued by location.
- WiFi Security Surveys
With wireless networks so ubiquitous nowadays, malicious agents often see them as easy targets. Whether it's issues with encryption or faulty access controls, our skilled consultants help you to scan for a range of security flaws in your WiFi networks. Subsequent to the survey, we present our findings in a report containing recommendations for remediation, ensuring that the approach in question falls within your budget.