In a recent Ponemon Institute Research Report, 90% of respondents said that their company’s computers were breached at least once over the past 12 months. New network, system, application and database vulnerabilities are emerging every day, compelling security professionals to reassess their approach to protecting networks.
As an important tool for information security management, a vulnerability assessment can spot the weaknesses in your security defenses before an attacker can exploit them. A Vulnerability Assessment identifies, quantifies, and prioritizes the Information Security strengths and weaknesses of your organization’s computing environment from a technical perspective. Vulnerability Assessments should be performed in the following conditions:
- During the design and development of any new IT system
- After any upgrades to your organization’s IT infrastructure or applications
- As part of your ongoing organizational due diligence
- As part of regular compliance reporting, such as PCI-DSS, ISO 27001 etc.
Trustaira’s vulnerability Assessment service will identify the key information assets of your organization, determine the vulnerabilities that threaten the security of those assets, provide recommendations to strengthen your security posture and help mitigate risk allowing you to focus your IT resources more effectively. Our experienced security experts work with customers to ensure that the scope of work/deliverables exceeds expectations.
The deliverables will do the following:
- List of discovered vulnerabilities and associated risks
- Identify high risk areas requiring immediate attention
- Identify requirements for improving security policies and processes
- Recommend an action plan and remedial measures which may include security best practices and infrastructure re-design
The results of Vulnerability Assessments performed by Trustaira help your organization develop a complete security road map.
A typical Vulnerability Assessment will have the following work flow:
- Defining Scope– We closely work with the customer during this phase to define goals, scopes, timeline and budget of the engagement. Initially customer completes a predefined questionnaire and later scoping meetings with the customers are held to plan and schedule the penetration test properly.
- Information Gathering and Analysis– Collection and verification of information on the infrastructure, system, application, network, staffs etc is done during this phase. Both manual and automated tool based information collection is performed. This information is plotted and mapped to form a complete picture of the system as well as development of threat model and attack scenarios.
- Vulnerability Detection– An analysis will done on the information obtained to determine any possible vulnerability that might exist. This involves using both manual and automated techniques.
- Reporting– We prepare a comprehensive and deep analysis of the vulnerabilities in details. It also includes recommendations on how to mitigate the discovered vulnerabilities.
The workflow is very much similar to penetration testing, with the major difference concerning the process of discovering vulnerabilities. While penetration testing is a real-world attack simulation, during vulnerability assessment our experts do not exploit any of the vulnerabilities found.