Vulnerability Assessment

We strongly suggest companies who have never had a vulnerability assessment start here.  Vulnerability Assessments are lower cost and provide much more benefit to fledgling security programs compared to penetration tests.   Contact us or specific details; basic offerrings are described below.

Vulnerability assessment, also known as vulnerability analysis, is a process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure. In addition, vulnerability assessments can help companies decide which countermeasures are most beneficial.  A vulnerability assessment is like hiring a thief to check the security of your home; instead of breaking-in he will report back on how he could have broken-in.  A penetration test is like having the thief break-in and report back on how he did it and what he was able to steal.

 

Vulnerability assessments consist of several steps:
    • Defining and classifying network or system resources;
    • Assigning relative levels of importance to the resources; and
    • Identifying potential threats to each resource

Vulnerability assessments (also referred to as “VA”) can be performed in various ways depending on the level of security program in place.  The levels below do not directly correlate to prices.  For instance, an Advanced test of a specific application is generally less expensive than a broad basic VA.  We understand budgets are tight, and we will work with you to select the most beneficial services at the lowest possible price.

Basic Assessment:

A basic assessment is the most comprehensive scan in the sense that we equally concentrate on all assets discussed in the scoping call. This is a excellent first step if your company has never received a VA before or if a significant amount of time has past since your last test.  The report from this engagement will serve as a list of actionable items for your security or network team.  We grade vulnerabilities on a scale that allows you to concentrate on the higher risk items first and work your way down to the lower risk findings.  NBG Networks prides itself on giving customers a report that closely aligns itself to your company’s assets.  A Low Risk item for one company may be a High Risk item for another.

Intermediate Assessment:

Companies who have had VA’s or penetration tests in the past typically require an intermediate assessment.  Intermediate assessments help companies who have a solid grasp on their network security build off of previous assessments.  These tests validate controls put in place to mitigate risks discovered in previous testing.

Advanced Assessment:

Tests in the advanced area include specialized engagements designed to imitate hacktivist threats and advanced persistent threats.  These tests often cross lines into penetration testingsocial engineeringopen source intelligence gathering, and phishing.  Tests of a specific web application as well as critical applications that need to be tested more frequently may also require advanced assessments.

Please go to the Contacts Section if you would like additional information.

Comments are closed.