Cyber Security Vulnerability Assessment ServicesWhere is your company susceptible to attacks?
Vulnerability Assessment Overview
Cyber vulnerability assessment refers to the process of identifying risks and vulnerabilities in computer networks, systems, hardware, applications, and other parts of the IT ecosystem. Vulnerability assessments provide security teams and other stakeholders with the information they need to analyze and prioritize risks for potential remediation in the proper context. Our methodology for vulnerability assessments is divided into two main areas. The assessment stages include:
- Vulnerability Scan
- Assess Results
The purpose of a vulnerability scan is to identify targets on IP addresses or IP ranges as well as identify misconfigurations and potential vulnerabilities.
This phase is crucial to validating the information identified in the Scan phase. Our experienced team then conducts additional analysis and scans to ensure attack vectors are feasible. This phase reduces false positives thereby increasing value and validity to the report given. This phase consists of evidence collected that goes beyond the information from generic scans.
Cyber Vulnerability Assessment Tools Used
In order to perform our assessments, we use advanced cyber security tools that require customization for each client’s unique environment as well as automated assessment tools to provide a more comprehensive assessment. Examples of these items include, but are not limited to:
- In-house developed vulnerability assessment tools for Oracle Databases, SQL Server Databases, AS400, Windows Active Directory, Linux Operating systems, UNIX operating systems;
- Knowledgeable resources with experience in assessing firewalls such as Checkpoint, Palo Alto, Fortinet, Cisco, and Juniper Networks;
- We leverage multiple scanners including the Nessus security scanner to identify vulnerabilities. To keep up with the millions of vulnerabilities and attack vectors that have been identified, including the many new vulnerabilities that are being identified on a daily basis, CP Cyber uses its experience and skillsets in analyzing the vulnerabilities to accurately report and communicate the risks presented.
I have been working with Cornerstone since 2017. These guys are the real deal. They do a great job. They are honest. Since hiring Cornerstone, I have saved myself so much time not having to deal with computer issues. It’s such a huge relief knowing I have an extra layer of protection against all the vulnerabilities out there today. Highly recommend.
Frequently Asked Questions
Does my company need both a Vulnerability Assessment and a Penetration Test?
Many companies will mistakenly use the terms “vulnerability assessment” and “penetration test” interchangeably. When deciding what your company needs keep in mind that a vulnerability assessment acts as a supplement to a penetration test, not a replacement. Ideally a company will enroll in a full penetration test which includes a vulnerability scan, however if that is not in the company’s means, a standalone vulnerability scan will still give their IT team information to better secure their environment.
Our company has an incredibly unique setup, can you still perform a vulnerability scan?
Yes, prior to starting any engagement, our team will schedule a scoping meeting were we will discuss the systems that make your company unique and how we can make sure these systems are included in our testing. Our tools are designed to work cross platform including but not limited to Windows, Mac, and Linux operating systems. Our team is also comfortable scanning large IP subnets or segmented networks.
I heard Apple computers were entirely secure, does my company still need a vulnerability scan?
Although Apple computers are typically more secure than their counterparts, they are by no means risk free. Traditionally, Apple computers were not used as frequently in the business world as their competitors, therefore Apple gained a reputation for being more secure. However, as Apples become more and more prevalent in the business world, attackers are targeting them and finding holes in their security. It would be unwise to exclude Apple computers from a vulnerability scan under the false pretense that they were entirely secure.