When was the last time your organization tested its infrastructure for security issues such as insecure configuration, outdated software, or default passwords?
Is your organization aware of all the assets and devices inside its networks?
Is your organization aiming to comply with an information security standard such as ISO27001?
All of these questions can be answered by performing a Vulnerability Assessment. Amandatasecurity experts can help you understand the security state of your organization from a general, broad perspective by performing a Vulnerability Assessment through which vulnerabilities & weaknesses are identified and pinpointed.
Because a Vulnerability Assessment is not as depth-focused as a Penetration Test; no actual exploitation takes place. This is helpful in situations where exploitation attempts are not desirable for technical, legal or business reasons.
HOW IT WORKS
Vulnerability Assessment is the process of finding, identification and classification of security holes and weaknesses. Vulnerability Assessment provides an insight into the organization's current state of security, and the effectiveness of its countermeasures (if any).
Amandata performs detailed Vulnerability Assessments on all technical layers of an organization, from web applications to network devices, and classifies all discovered vulnerabilities according to risk level and severity.
The results of Vulnerability Assessments performed by Amandata help your organization develop an asset-aware security road map according to which assets require higher priority.
External Vulnerability Assessment
An External Vulnerability Assessment is performed strictly remotely, with no internal access provided to the Amandata security experts. The goal of this test is to identify and classify the weaknesses of the internet-facing assets of an organization, for example: Web applications, web servers, network endpoints, VPN, e-mail servers. This test helps an organization learn what external assets need security controls, patches and general hardening.
Internal Vulnerability Assessment
An Internal Vulnerability Assessment is performed from within the premises of the target organization, usually to identify & classify threats and weaknesses in the internal network.
An Internal Vulnerability Assessment helps an organization determine its compliance to global or local policies, standards and procedures in terms of information security, data protection and segmentation of networks.
Vulnerability Assessment Steps
- Reconnaissance: Collection of information about staff, systems, applications and others.
- Mapping: Mapping of information gained through reconnaissance into a full picture, as well as development of attack scenarios.
- Discovery: Discovering security vulnerabilities and weakness in any layer included in the test scope
Upon completion of the security test, a detailed report is sent to the client, including the following:
- Executive Summary: Summary of the purpose of this test, as well as as brief explanation of the threats facing the organization from a business perspective.
- Findings: A detailed, technical explanation of the findings of the tests, with steps and proofs of the findings.
- Conclusion & Recommendations: This section provides final recommendations and summary of the issues found in the security test.