Using automated scanning tools, we identify vulnerabilities in your IT infrastructure. The results of the vulnerability analysis enable an assessment of the “cyber health” of your IT.
Versions
The vulnerability assessment of the IT infrastructure can be carried out from different perspectives:
- External analysis: From the perspective of an attacker on the Internet.
- Internal, non-authenticated analysis: From the perspective of an attacker inside your network. This corresponds, for example, to the scenario where an attacker has already gained access to your internal network.
- Internal authenticated analysis: From the perspective of an attacker with valid authentication information. This corresponds to the scenario where an attacker has already gained access to your network, obtained valid authentication information and is now trying to spread to surrounding systems.
Conducting the vulnerability analysis provides revealing information about the security level of the IT systems audited. The compiled results enable a statement to be made about the organisation’s vulnerability to network- and system-based attacks. The audit covers the following areas, among others:
- Host discovery within the audited network segments
- Identification of open ports, accessible network services, deployed service and operating system versions
- Presence of essential security settings for network services
- Network-based analysis of the IT systems: Test of the identified network services and operating systems for existing attack vectors
Assessment of the security of the network protocols and the strength of the encryption used (e.g. TLS, SSH, SMB, NTLM, etc.).
Your added value
After the vulnerability analysis, we provide you with a report that explains the identified opportunities for improvement, prioritises them according to criticality and recommends measures for their elimination. In doing so, we make a point of recommending not only selective but also holistic measures to you.