Vulnerability Assessments
A vulnerability assessment is intended to comprehensively evaluate the security of your vital infrastructure, endpoints, and IT assets. It gives insight into system weaknesses and recommends the appropriate remediation procedures to either eliminate the issue or reduce the weakness to an acceptable level of risk. Our vulnerability Assessments identify, catalog, and prioritize the population of vulnerabilities present within an environment.
The intent is to remediate the identified issues or mitigate it to an acceptable risk level.
​
The objective of a vulnerability assessment focuses on creating a list of identified vulnerabilities and establishing a plan to remediate findings. Overall, the focus of the assessment is about breadth rather than depth, identifying issues across the environment and prioritizing them for remediation based on multiple risk factors and risk levels.
​
Most organizations will achieve the highest return on investment by first conducting a vulnerability assessment to identify the current population of security issues within its environment. Once these matters have been remediated by the organization and the maturity level of security operations has increased; a penetration test can ensure the new environment is operating as expected.
​
Our Vulnerability assessments typically follow a structured methodology, which should include the following:
​
Overview
Automated vulnerability scanning coupled with manual analysis to validate and prioritize weaknesses, whether your infrastructure is in the cloud, on-prem or hybrid.
​
A vulnerability assessment’s core deliverables should include a technical report highlighting discovered vulnerabilities, their risk ranking, and recommended remediation activities. The report should also be accompanied by an executive summary to translate the results of the test into business-focused objectives for a non-technical audience.
Goal and Focus
Creates a listing of validated, risk-ranked, and prioritized vulnerabilities within the environment to support remediation efforts.
Discovers and documents as many vulnerabilities as possible.
Focuses on breadth of an attack over depth of an attack.
Client Maturity Level - Low to Medium
On the journey of any client wanting to increase their security posture, the 1st step is to perform a vulnerability assessment. This fo for clients that are starting this journey and whose maturity level is low to medium.
​
The organization recognizes there are known issues in the environment and is looking for assistance in identification and remediation activities.
There is awareness of the technical vulnerabilities present in the environment, with actionable remediation advice to address each weakness.
Deliverables
A comprehensive technical report that includes all identified vulnerabilities, risk rankings, and recommended remediation activites.
"We thought we were safe with our firewalls, until the team from Lockdown IT managed to find security loopholes and break-in!
CISO, Mining Company
Vulnerability assessments typically follow a structured methodology, which should include the:
​
• Identification and cataloging of assets (systems, infrastructure,
resources, etc.) in an environment;
• Discovery and prioritization of the security vulnerabilities or
potential threats to each host asset; and
• Reporting on the recommended remediation or mitigation of
vulnerabilities to reach an acceptable risk level.
​