Also known as vulnerability scan, vulnerability assessments uses a programme designed to assess computers, systems and networks and scan for areas where security levels are not up to scratch, known as vulnerabilities. The scans are typically automated and perform a high level or surface investigation to discover what could possibly be exploited by hackers. They can also be used to identify and detect vulnerabilities arising from misconfigurations or programming errors within a network-based asset such as a firewall, router, web server, application server etc.
Penetration testing and vulnerability scanning are often confused for the same service. A vulnerability scan is an automated, high-level test that looks for and reports potential vulnerabilities. A penetration test is an exhaustive, live examination designed to exploit weaknesses in your system.
Benefits of Vulnerability Assessment Scanning
- The assessment creates a definitive inventory (map) of all the devices on your network. This also includes vulnerabilities associated with a specific device.
- The inventory will provide useful information to assist with upgrades and future security audits/assessments.
- Locates and identifies any potential security holes within your network before hackers do.
- Assists in identifying the level of risk that exists within your network.
- Optimise your security investments – ensuring you are getting the best value for your money.
The Razorthorn Approach
The accuracy and scope of the scan is extremely important, because they determine how well the results can be used to find and fix the highest priority security and compliance issues, allowing for enhanced productivity and an accurate view of the security posture of your organisation.
With this in mind, a qualified and experienced Razorthorn security professional will perform the vulnerability scans using a virtual Qualys scanner on the required IP addresses, which has 99.9% accuracy over more than 6 billion scans per year.
The vulnerability scan will provide full visibility into where IT systems might be vulnerable by finding the individual threats on each of the IPs scanned.
The Three Phases of Vulnerability Assessments
1. The Scoping Phase
(and potentially The Set-up Phase)
This phase is where the scope of the testing is determined via the provision of the IP ranges. If the scan is to be performed on your internal infrastructure, a virtual scanner will need to be installed on your network for access.
2. The Mapping/Scanning Phase
This phase is where the agreed IP addresses are mapped (to assist with scope determination) and/or scanned for vulnerabilities and threats.
3. The Reporting Phase
Razorthorn will generate two Vulnerability Reports:
High Level Report
A high-level report to summarise the results, ideal for advising non-technical directors and management.
A technical report which identifies in detail the vulnerabilities and threats found, along with guidance on how to remediate each vulnerability.
Vulnerability Assessment Scanning
We can provide different levels of service depending on your requirements and budget. Whether you simply want the scan or whether you’d like to employ our services in remediating any threats, we can help. Choose from:
Vulnerability scan with full reporting
Vulnerability scan, full reporting plus threat remediation. If you choose this option, an additional cost will apply that will depend on the result of the scan.
Vulnerability scan, full reporting, threat remediation and internal team training for future remediation.
- Our experienced professionals have provided a great many organisations with scanning solutions over the years.
- Our prices are extremely competitive. Our company ethos is that security doesn’t need to be expensive to be effective.
- We have an excellent partnersgip with Qualys, whose technology gives us the raw scan data, allowing you to benefit from preferential prices
- We provide experience, expertise and an outside-the-box approach to remediation to ensure your organisation is fully protected from threats.