087 470 0506 [email protected]

Vulnerability Assessments

Vulnerability assessment and management is mostly defined as the process of identifying, categorizing, prioritizing, and resolving vulnerabilities in operating systems (OS), enterprise applications (whether in the cloud or on-premises), browsers, and end-user applications.

Ongoing processes of vulnerability management seeks to continually identify vulnerabilities that can be remediated through patching and configuration of security settings.

Enhanced transparency into the internal and external perimeters and beyond your network is critical in determining where your security needs to be strengthened. With our Vulnerability Assessment, your organization receives a valuable baseline for determining appropriate defenses and remediation activities to further secure your environment, as well as a customized report outlining key actions.

Our certified virtual Chief Information Security Officers (vCISO) and security analysts follow comprehensive vulnerability assessment steps.

We refer to an open standards-based effort using the security content automation protocol (SCAP) standard developed by the National Institute of Standards and Technology (NIST).

High level, SCAP can be broken down into a few components:

  • Common configuration enumeration (CCE) – A CCE

    is a list of system security configuration issues that can be used to develop configuration guidance.
  • Common platform enumeration (CPE) – CPEs

    are standardized methods of describing and identifying classes of applications, operating systems, and devices within your environment. CPEs are used to describe what a CVE or CCE applies to.
  • Common vulnerabilities and exposures (CVE) – Each CVE

    defines a specific vulnerability by which an attack may occur.
  • Common vulnerability scoring system (CVSS)

    This scoring system works to assign severity scores to each defined vulnerability and is used to prioritize remediation efforts and resources according to the threat. Scores range from 0 to 10, with 10 being the most severe.

Formal vulnerability management doesn’t only imply patching and reconfiguring insecure settings. Vulnerability management is a practice that requires an organizational mindset within IT that new vulnerabilities are found daily requiring the need for continual discovery and remediation.

Security Testing