ConnectDS perform both network vulnerability scanning and web application vulnerability scanning services with full reporting and management for organisations. This is based on a defined scope that could be a full internal or external network vulnerability assessment or limited to internal facing, or critical assets. Vulnerability auditing is perfectly positioned to measure the effectiveness of your current patch management solutions and the patching of your Microsoft, Mac and Linux operating systems, infrastructure, security and other company applications.
ConnectDS work with businesses to enhance their security program with effective services that assist them with understanding their cyber security posture and reducing exposures and cyber security gaps. The ConnectDS team provide both Internal and external assessments of your office and data centre network ranges to prevent the loss of sensitive data.
Our vulnerability scan service will provide your technical team with all live connected systems, this information can be correlated against your companies IT asset register to validate effective documentation and to identify unmanaged and potential rogue devices within the environment. As a vulnerability assessment company we also offer a comprehensive Vulnerability Management services where our security analysts schedule and continuous process and scan for system vulnerabilities and security flaws.
How are Vulnerability assessments performed?
ConnectDS perform all of our security assessments using a structured and tiered approach using enterprise vuln scanning software solutions. Our external security scanners are cloud hosted and can perform thorough assessment of your external and client facing systems by our team remotely. For internal device assessment ConnectDS perform on-site consulting or install a software agent or hardware sensor that securely connects to our cloud vulnerability scanners and provides internal visibility and the ability for our security analysts to perform assessments on a global scale or on multi national organisations with global office locations swiftly and without extensive time and costs associated with travel and expenditure.
N.B. A vulnerability assessment process is different to penetration testing. Whereas a VA uses technology to scan for security weaknesses in your organisation’s infrastructure, a penetration test involves additional manual aspects.
ConnectDS have expert analysts and procure enterprise grade vulnerability assessment tools and software from multiple leading vendors for our assessment engagements. Reduce the costs for your organisation by partnering with ConnectDS to leverage our analyst resources to perform ad-hoc and ongoing vulnerability management services equipped with our licensed vulnerability assessment tooling.
Why have a vulnerability assessment?
A vulnerability assessment process delivers an effective approach to identify vulnerabilities and mitigating the impact of a potential cyber threat and to provide your organisation with insights into where it can improve its threat exposure and system and platform hardening.The key benefits of validating your companies infrastructure or web application for vulnerabilities are:
- Support your local IT team with expert cybersecurity expertise
- Fast automated scans and identification and classification of known security weaknesses through complete security threat scanning
- Establishing best practice, regular vulnerability management in your computer systems and throughout your digital estate
- Reduced risk of known security vulnerabilities leading to a successful cyber attack and data breaches
- Proactive process for the identification of system threats and potential impacts
- Identifying network connected systems
- Single point of contact for vulnerability program with an experienced cyber security professional
- Consultation on assessment results with remediation of identified security issues, broken down into a comprehensive and actionable reporting with remediation steps
- Service Improvement using proven processes
- Protect your organisation and gain compliance such as GDPR, PCI, NIST and Cyber Essentials
- Important aspect of a complete cybersecurity management program (information security) and reduction of likelihood of security attack, events, incidents and breach
- Prioritisation of critical threats and risk management and mitigation
ConnectDS provide a wide coverage for assurance with our 3 different types of assessment. These are:
- External Network Assessment – Full network testing of external network systems, applications and infrastructure devices to identify weaknesses that can be leveraged by attackers to gain unauthorised access to your systems. No additional hardware sensors or installation of software by the customer is required for this type of testing.
- Web Application Assessment – The standard testing service of businesses web applications to identify web threats in-line with the OWASP Top 10 framework. Our tools include the identification of the following vulnerabilities:
- Cross-Site Scripting (XSS)
- SQL injection
- Blind SQL injection
- Insecure cryptographic solutions
- Insecure session monitoring
- Server configuration issues
- Incorrect header information
- CRLF injections
- Command execution attacks
- Format string exceptions
- Unvalidated redirects
- Internal Network Assessment – Vuln assessment of internal devices using specialist assessment software and experienced security professionals to identify issues in your networks and deliver actionable vulnerability analysis insight for your organisational cyber risk management program. Internal device scanning can be facilitated by the implementation of internal scan agents which enable remote testing of internal assets and non network connected devices without the requirement for physical access, this can be complimented by an onsite virtual or physical network scanning appliance that provides coverage of all network devices including unknown or rogue devices, or network attached devices that do not support security agents, below are some examples of the ConnectDS physical vulnerability scanner appliance:
If you need an even more in depth analysis of your current cyber-security posture that can help you measure and understand the actual risk to your company, then our web application vulnerability assessment services can be coupled with our thorough network penetration testing or Web Application Penetration Testing services to provide full organisation coverage on an ongoing basis. Equally, if you wish to have vulnerability scans conducted on regular basis, please visit our VMaaS page.
ConnectDS’ UK vulnerability scans are a consultative engagement for small to medium sized businesses and includes a detailed vulnerability assessment report that includes security findings, risk identification, data validation and remediation details in simplified format. All engagements also include a rescan for validation of remediated and known vulnerabilities. All consultation and advice will be provided for remediation of any identified vulnerabilities by one of our expert security professionals.
ConnectDS provide both unauthenticated and authenticated vulnerability assessments, with authenticated assessments our clients provide us with login credentials to their host and server systems enabling us to log into the target systems an administrative user and perform a more comprehensive analysis to identify vulnerabilities that are not externally exposed – authenticated scanning is recommended for the greatest visibility to validate user workstations and servers patching as part of validation for your patch management program.
Frequently Asked Questions About Vulnerability Assessments
Please see below for some common questions on our risk and vulnerability assessment, if you would prefer to speak to someone then give us a call and speak to one of our team in our head office.
WHAT IS A VULNERABILITY ASSESSMENT?
A vulnerability assessment is a security assessment performed by our expert team with enterprise vulnerability scanning tools that identifies all potential vulnerabilities on a network or computer system, but does not manually validate or exploit these findings. This is the difference between a vuln assessment and penetration testing.
HOW MUCH DOES A VULNERABILITY ASSESSMENT COST?
Costs of vulnerability assessments vary depending on the number of web applications and network hosts (IP’s) that require testing and whether these are internal or external IT Systems. Please get in contact for more information on this.
WHAT IS INCLUDED IN A VULNERABILITY ASSESSMENT?
Our vulnerability assessments include scanning, manual checks, consultation and concluding vulnerability assessment report. All assessments include formal presentation and consultation with an experienced cyber security professional to assist with the output of the tooling.
WHY ARE VULNERABILITY ASSESSMENTS IMPORTANT?
Vulnerability assessments are important as they allow your business to identify and remediate potential flaws in your network security that can be leveraged to launch an attack against your business.
WHAT’S THE DIFFERENCE BETWEEN A VULNERABILITY SCAN AND A VULNERABILITY ASSESSMENT?
A vulnerability scan is used to identify vulnerabilities on a computer system, a vulnerability assessment includes scoping, reporting, Impact and actionable insight / consultation.
HOW OFTEN SHOULD A VULNERABILITY ASSESSMENT BE PERFORMED?
We recommend all organisations to perform vulnerability assessments at least once a year or more frequently depending on your organisations appetite to risk, if your business changes its infrastructure or develops its own applications then thorough review of applications is required to identify security flaws – assessment should be performed at least every time there is a major change to your web applications or network infrastructure. ConnectDS also provide ongoing Vulnerability management.
WHAT IS THE DIFFERENCE BETWEEN VULNERABILITY ASSESSMENT AND PENETRATION TESTING?
Unlike an vulnerability scan that leverages automated scanning, a penetration test requires manual testing by skilled security professionals and is used to stimulate a real life cyber attack, exploiting vulnerabilities found and measuring the impact of exploitation.
DOES GDPR MANDATE VULNERABILITY ASSESSMENT?
GDPR does not strictly mandate the need for vulnerability assessments; however, they are vital in maintaining security hygiene, reducing attacks and identifying any unwanted data exposure which could breach GDPR regulations. Vulnerability assessment is required to ensure compliance by some certification bodies such as PCI DSS and ISO 27001.
HOW DO YOU PERFORM A VULNERABILITY ASSESSMENT?
Our vulnerability assessments are aligned to a structured process and frameworks Speak to a member of our team of security professionals for a vulnerability assessment tailored to your business.
WHAT IS A VULNERABILITY ASSESSMENT CHECKLIST?
A vulnerability assessment checklist is part of the ConnectDS documented process and frameworks that details each step required in order to perform a comprehensive vulnerability assessment and to ensure each assessment is performed to the high level of service that our clients expect.
SHOULD VULNERABILITY ASSESSMENTS BE DONE ON A REGULAR BASIS?
It is advisable to have a regular check of your exposure to cyber threats. ConnectDS also offer on-going vulnerability assessment, better known as VMaaS.