Network Security Scanning & Vulnerability Assessment

An automated scan of your internal or Internet-facing infrastructure provides you with a cost-effective solution to quickly identify vulnerabilities that may be present. Typical vulnerabilities include missing operating system patches, outdated software, obsolete operating systems, default credentials and many other cyber-security weaknesses that may be very quickly identified by malware or an attacker who has already gained physical access to your network.

With the vulnerability assessment being entirely automated, it allows us to provide with you with same-day feedback on the vulnerabilities that are present, so you can start remediation as quickly as possible.

As with all automated vulnerability assessments, there is a possibility that “false positive” results may be present in the assessment findings. Furthermore, some vulnerabilities that would only be identified during a manual penetration test may not be identified, as very often, identifying these vulnerabilities is only possible through manual testing. If you require a security assessment of your environment which is representative of a real-life attack, we would strongly recommend considering a manual penetration test, as this will provide you with a more accurate set of test results.

Methodology

Using the latest scanning tools and techniques, we conduct a fully-automated vulnerability assessment on the given internal IP address range.

This assessment serves to provide you with an up-to-date snapshot of the vulnerabilities on the internal network that may be exploited by a malicious user who has gained access to your internal office space. A full port scan is also included and all available services are checked to ascertain if they have known vulnerabilities present.

Prerequisites

A signed & completed Testing Consent Form
Wired network connection
List of IP addresses or hostnames to be assessed

Deliverables

Engaging with SecureTeam for your Network Vulnerability Assessment will provide you with the following:

In-flight Support

Prior to your test commencing, our consultant(s) will discuss the scope of work with you, so that a full understanding is obtained of your environment and how it is used. This not only allows the test to run more efficiently, but also allows the discovered vulnerabilities to be rated more accurately in terms of risk.During the testing phase, our consultant(s) will engage directly with you – notifying you of any critical vulnerabilities that may be present within your application or any evidence in our results that may indicate a security breach may have already taken place.

Reporting

Once the Vulnerability Assessment has been completed, you will be provided with the following:

Comprehensive Summary Report

We provide a comprehensive summary report that gives a high-level overview of the vulnerabilities that have been identified and the associated risk to your environment. Our clear & concise reporting format contains an Executive Summary that can be understood by all members of your organisation – including individuals who may be in management or non-technical roles.

Detailed Technical Report

A detailed HTML report will be provided to you immediately after the assessment has completed. This detailed technical report provides you with further information on the vulnerabilities that have been identified and allows you to take immediate corrective action following the assessment.

Risk-Based Approach with CVSS Scoring

A risk-based approach is used throughout the report and all vulnerabilities are scored in line with CVSS (Common Vulnerability Scoring System). This allows the contents of the report to be fed into your own internal risk assessments and allows a plan to be developed to address the vulnerabilities which present the highest risk to your organisation.

Secure & Encrypted Report Delivery

Due to the sensitive content which may be contained in our test reports, all test reports are delivered to our customers through a secure file delivery mechanism. All test reports are encrypted using AES-256 encryption and are secured with a strong, randomly-generated password which is delivered ‘out-of-band’ to you via SMS. The encrypted file is then delivered to you through an encrypted & expiring URL link – allowing you to download the test report securely to your workstation.

After Care

Once our consultancy engagement is complete and our final report has been delivered to you, our consultancy team remain available to you indefinitely for any questions you may have surrounding the report’s findings or our consultancy engagement with you.We pride ourselves in partnering with our customers to provide adhoc security advice and to ensure that our engagement with you doesn’t simply end once the final report has been delivered.

We are committed to ensuring, that as our customer, you receive the utmost value out of our consultancy services and look forward to developing a long-lasting business relationship with you.

Conference Call

Once you have received our final report, you have the option of attending a conference call between the consultant(s) involved in delivering your project and individuals within your organisation, who you feel would benefit from a more in-depth discussion of the reports findings. A conference call is suitable for both management and technical staff and provides you with the perfect opportunity to ensure that all vulnerabilities and their recommended course of action are fully understood by stakeholders and key-individuals in your organisation.