Vulnerability assessment

Your security is only as good as your weakest link.

What is a vulnerability assessment?


A vulnerability assessment is the process through which we identify the weak points that could be exploited on your network, along with how important the associate threat really is. Silent Breach conducts a thorough analysis to determine the attack surface that is intentionally or unintentionally exposed, and correlates it with a risk value to determine your security posture.

Vulnerability assessments differ from penetration testing in that no actual network penetration is performed. The goal is rather to draw a full map of your current network security, and see where it can be improved. Vulnerability assessments tend to be more exhaustive than penetration testing because they take a holistic approach to analyze your overall security configuration, rather than focusing on attack vectors.

image

Why perform a full vulnerability assessment ?


Having anti-virus protection and being up to date with all the latest system patches is usually only the first step towards a truly secure network. Security is often overlooked at the human level. For example, network equipment may be deployed with default passwords, with unnecessary services running on the main server while default user accounts remain open.

Devices connected to the network can also be an attack vector; printers, routers, switches, are all potential back doors for hackers. Vulnerability assessments help you sanitize your network environment and reduce the attack surface to the bare minimum required to successfully grow your business.

Pro-active approach to security


Fully understanding and quantifying your security posture is invaluable information.

Too many organisations wait until they are actually compromised before implementing serious security measures. But how can you concretely protect your business if you don't understand the extent to which you are exposed? Silent breach offers a comprehensive approach to security and a full understanding of your exposure, along with a quantified and concrete list of risks, sorted by priority. This enables your IT team to take the right measures in the most relevant order to protect your digital assets.

For recurrent vulnerability assessments and a more comprehensive all-around protection, please consider our Managed Defense Program.

image

The different assessment types


Infrastructure


Infrastructure attacks are very frequent as network gear is common to many corporations and sometimes carry known risks, default credentials and design faults. By exploiting out of date firmware on these devices, it is possible to penetrate your network where you least expect it (such as through your printer).

Physical


Physical access to your infrastructure is of course crucial to your security strategy. Any network security measures can be overridden by a physical intervention on your systems. Though less likely than remote network penetration, it can still be a valid angle for a local attacker, a former employee or just an opportunistic attacker.

Application


Web applications are so common that almost 80% of all attacks are successful via this angle. Companies sometimes overlook the importance of building security oriented applications. Because timelines are short, and programming languages are complex, programmers sometimes take short-cuts and fail to check for bad user inputs. For these, and so many other reasons, web app penetration has become the number one cause of security breaches.

Social


Social hacking is a classic yet highly effective method to gain easy access to the most secured networks. Why spend weeks hacking through your target's network security when you can trick someone into simply handing over their password?
Implementing security policies is a team based effort; the entire company needs to be security-aware in order to effectively protect your business.

Contact Us



Tiered testing


Tier Infrastructure Application Social Physical Full coverage
Tier 1 Duration 2 days 3 days 2 days 3 days 2 weeks
Tier 2 Duration 3 days 5 days 3 days 4 days 3 weeks
Tier 3 Duration 5 days 5 days 5 days 5 days 4 weeks
Tier 4 Duration 7 days 8 days 7 days 8 days 6 weeks
Tier 5 Duration 10 days 10 days 10 days 10 days 8 weeks
Cost Please request cost sheet Please request cost sheet Please request cost sheet Please request cost sheet Please request cost sheet

Security packages


Bronze Silver Gold Platinum Diamond
Duration Quarterly Tier 1 testing (full coverage) Quarterly Tier 2 testing (full coverage) Quarterly Tier 3 testing (full coverage) Quarterly Tier 3 testing (full coverage)
+ bi-annual Tier 4 testing (full coverage)
Quarterly Tier 4 testing (full coverage)
+ bi-annual Tier 5 testing (full coverage)
Average savings 10% 15% 20% 25% 30%
Cost Please request cost sheet Please request cost sheet Please request cost sheet Please request cost sheet Please request cost sheet


Contact Us