Vulnerability Assessment
Vulnerability Assessment is the act finding and assessing the impact of exploitable weaknesses in the target, whether an individual machine, an entire infrastructure, or an organization.
Results can be used for verifying your vulnerability management program as well as establishing priority of remediating problems. We will present you with a report that shows the set of targets assessed, vulnerabilities discovered, and the impact of those vulnerabilities.
Interhack's method is a seven-step process:
- Define Scope by working with your staff to find the intended targets, the sources from which scanning may be launched, and the intensity with which to conduct scanning activity;
- Verify Scope by comparing targets and sources to ensure authorization and that the tests will provide the views desired;
- Discover Hosts through probing the network with traffic designed to identify hosts and their types;
- Discover Services by probing each host discovered to find services offered, systems behind those services, and information about them;
- Discover Vulnerabilities by reconciling hosts and services against the National Vulnerability Database (NVD), Common Vulnerabilities and Exploits (CVE), and the Common Vulnerability Scoring System (CVSS);
- Prioritize Vulnerabilities by including information from Criticality Assessment, or your own Business Impact Analysis (BIA) information where available; and
- Report Findings in both human and machine-readable forms to support acting upon the findings.
Interhack's Vulnerability Assessment not only provides direct vulnerability information but supports higher-order analysis and can be included as part of a Penetration Testing or Information Security Program Assessment.
Contact us to discuss your concerns and we will show you how Interhack's system of Cybersecurity services can address them.