| Vulnerability Assessment and Penetration Test is essentially the task undertaken by a network specialist who thinks like the bad guys. He/she will use tools and methodologies new and old to probe a network enterprise in search of weaknesses. A comprehensive Vulnerability Assessment and Penetration Test exercise should also incorporate software and application short falls and well as the human element. The later termed as "Social Engineering".
Assessing risk is one of the main components in the Interagency Guidelines Establishing Standards for Safeguarding Customer Information. In order to manage and control your risk, it is crucial to identify vulnerabilities that intruders may be able to exploit.
A Penetration Test on any outside connections to your institution will test your defenses against thousands of known utilities and techniques from the ever-growing hacker community. The result is a preventative report that will identify the severity of the deficiencies in your network defenses and a comparison with other institutions’ results. Regularly scheduled penetration tests are an essential component in your information security program.
Vulnerability Assessments & Penetration Test ~ Mile2's Options:
- Comprehensive
Vulnerability Assessment & Penetration Test(cVRAPT)
- External
Vulnerability Assessment & Penetration Test (eVRAPT)
- Internal
Vulnerability Assessment (iVRA)
Each engagement is unique and Mile2 Assessors will dynamically introduce attack methods relative to the vulnerabilities identified. Our attacks are designed to mimic the actions and techniques of a hacker. Penetration and vulnerability assessments will include but not be limited to the following:
The Final Report will provide detailed information in the following format:
Finding: Mile2 will clearly identify the vulnerability and in what manner it was discovered
Risk: Indicates the potential for damage if an attacker exploited the vulnerability. Risks in this report are delineated in the following categories:
High – Severe: This level of risk is most serious as it relates to an actual or imminent breach in network security. Threats listed as Severe represent require immediate attention and remediation.
High: Findings with this level of risk are serious deficiencies that can or will result in serious breaches in the network's ability to be and maintain its security posture. Findings where little or no technical experience is required to exploit these vulnerabilities are listed in this category.
Medium: Findings listed as medium indicate that while the exploit of the listed vulnerability would only elicit minimal damage or information leaks, the nature of the threat should be remedied.
Low: Findings in this section may not present an actual threat. The inclusion of a finding in this category indicates a policy or procedure that is not in keeping with industry best practices for logical and physical security controls.
Informational: Informational findings either do not relate to network security or highlight unique strengths in the security posture of the network.
Domain: A majority of network deficiencies can are attributable to one of three categories: Confidentiality, Integrity, and Availability. In some cases, a finding might overlap domains and your report will indicate which one or all of the domains to which your finding relates.
Recommendation: Mile2 will provide clear and concise recommendations as to the proper method of vulnerability mitigation. These detailed instructions typically include both logical and technical solutions for dealing with risks appropriately. Recommendations generally include but are not limited to the following: Sample configurations, Patch and service pack recommendations, Training – Technical and/or Security Awareness, Best Practice recommendations, Vendor specific recommendations.
Full documentation of our work will be maintained and printouts of such work are included as part of the Final Report. Upon completion an Exit Interview will be scheduled with the Client’s internal review committee.
Request an
obligation free quote for a vulnerability assessment.
|
