Vulnerability Assessment

Identification, classification, and prioritization of security vulnerabilities in computer systems, applications, and network infrastructures

With the use of our Vulnerability Assessment, companies can have their entire infrastructure and products checked for already known vulnerabilities at cost-effective prices. We evaluate identified vulnerabilities by severity and provide mitigation guidance. This allows for convenient prioritization in addressing the identified vulnerabilities. A vulnerability assessment scales remarkably well. It is possible to examine a large network with thousands of hosts in a short period of time.

Vulnerability Assessment Process

The Vulnerability Assessment process consists of four steps: Asset Discovery, Vulnerability Scanning, Risk Evaluation, Mitigation

Vulnerability Assessment Process
Vulnerability Assessment Process

Asset Discovery

The first phase is to identify and categorize all systems and applications. Network scanners, service and version detection tools are utilized for this task, among other techniques. The goal is to obtain a complete overview of the applications or infrastructure for the next step, which is vulnerability scanning.

Vulnerability Scanning

Vulnerability scanning automatically examines all identified applications and hosts for known vulnerabilities. This is done both actively using payloads and passively using identified versions.

Risk Evaluation

When vulnerability scanning is finished, all identified vulnerabilities are manually evaluated. An assessment is then performed based on severity and likelihood.

Mitigation

The mitigation involves formulating recommendations to address the identified vulnerabilities.

Procedure and Objective

The procedure and objective of the vulnerability assessment, e.g., to achieve a security level in accordance with the current state of the art, are coordinated with the client. Among other things, this involves determining the steps to be taken in the assessment, defining contingency measures, and specifying safety-critical systems that are to be excluded from the assessment, for example.

If you want to be confident that your system is protected from threats, then contact us! If you want to achieve an even higher level of security, we recommend a penetration test which includes a vulnerability assessment.