Vulnerability Assessment

Address the critical vulnerabilities of your organization’s IT environment with a Vulnerability Assessment.

For our Vulnerability Assessment, we have a scanner tool that is brought onsite.  This tool collects information about the network, including software installed, OS level, patch level, configurations, etc.  Then it compares this against a database of known issues.  The report that is generated is detailed and lengthy.  We provide value by interpreting the output and providing a contextual summary with actionable remediation steps.

While security software can be a great tool, it is the engineering experience of Entec’s expert staff that really provides value to our clients.

Our Typical Vulnerability Assessment

  1. We scale the engagement to the size and complexity of the client’s environment.
  2. Our engineer goes onsite to perform a discovery and run the scanning tool.  For most sites, this will mean leaving the tool onsite overnight to fully scan the environment.
  3. A report is generated from the software with a detailed list of vulnerabilities and CVE references (https://cve.mitre.org).
  4. Our engineer reviews the findings to ensure that the tool ran properly and had the appropriate visibility into the network.
  5. Our engineer then interprets the report and devises an action plan to remediate the issues.
  6. A summary is delivered to the client explaining, in plain English, the current state of the network with a prioritized list of issues and remediation plans. The full report is delivered electronically, as well.

This generally leads to a discussion on how to fit the remediation plans into the client’s operational schedule.

It is our knowledge of the client’s situation, and our expertise in finding real-world solutions, that our clients find most helpful. For example, we have clients that run older software or run configurations that are not ideal.  The scanning tool will identify these issues and recommend replacing the out-of-date software.  But, for some clients, this is not an option as their third-party software vendors have not released a version that will run on the new OS or the cost of the upgrade is cost prohibitive. When we review these situations, we offer solutions. We may choose to mitigate the risk by isolating these devices so that they have no connectivity to the internet and only minimal exposure within the internal network. This type of brainstorming to come up with solutions that work, is why our clients trust Entec for their Vulnerability Assessment.

__________

Vulnerability Assessment Client Example:

We ran a Vulnerability Assessment against a client that had 4 servers and about 30 users.  It came back with over 500 security risks and the report was a couple of hundred pages long.  If the client had purchased the software and run this report themselves, they would have been shocked.  But we were able to see that many of the security risks were repeat incidents on everyones’ phones (about 35 phones had about 5 incidents each). What looked like a large issue was actually not so bad.  A simple version upgrade of their phone system, and a configuration change later, the majority of those issues were resolved.

_________

The cost of our Vulnerability Assessment will depend on the size of the environment and complexity of the infrastructure. To get started, give our experts a call at 804.523.9000.