Vulnerability assessment

Your security is only as good as your weakest link.

What is vulnerability assessment?


A vulnerability assessment is determining what weak points could be exploited on your network, and how important the associate threat really is. Silent Breach conducts a thorough analysis to determine the attack surface that is intentionally or unintentionally exposed, and associates it with a risk value to determine your security posture.

Vulnerability assessment differs from penetration testing because no actual penetration is performed, the goal is rather to draw a full map of your current network security, and see where it can be improved. Vulnerability assessments tend to be more exhaustive than penetration testing in order to cover more ground, rather than focusing on a single attack vector.

image

Why perform a full vulnerability assessment ?


Having an anti-virus and being up to date with all the latest system patches is usually only the first step towards a truly secure network. Security is over-looked at the human level. For example network equipment is deployed with default passwords, unnecessary services are running on the main server, unused user accounts are still open, etc ..

Devices connected to the network can also be an attack vector, printers, routers, switches, are all potential back doors for hackers. Vulnerability assessments help you sanitize your network environment and reduce the attack surface to the bare minimum required to operate your business.

Pro-active approach to security


Understanding and quantifying your security posture is a valuable piece of information.

Too many organisations wait until they are actually compromised before implementing serious security measures. But how can you concretely protect your business if you don't understand how much you are exposed ? Silent breach offers a comprehensive approach to security and a full coverage of your exposure, along with a quantified and concrete list of risks, sorted by priority. This enables your IT team to take the right measures in the most relevant order to protect your digital assets.

image

The different assessment types


Infrastructure


Infrastructure attacks are very frequent as network gear is common to many corporations and sometimes carry known risks, default credentials and design faults. By exploiting out of date firmwares of these devices, it can be possible to penetrate your network where you expect it the least, through your printer for example.

Physical


Physical access to your infrastructure is of course primordial in your security strategy. Any network security measures can be overridden by a physical intervention on your systems. Though less likely than remote network penetration, it can still be a valid angle for a local attacker, a former employee or just an opportunistic attacker.

Application


Web applications are so common that almost 80% of all attacks are successful via this angle. Companies sometimes overlook the importance of building security oriented applications. Because timelines are short, because programming languages can be complex, because programmers sometimes take short-cuts and fail to check for bad user inputs, and for so many other reasons, web app penetration has become the number one cause of security breaches.

Social


Social hacking is a classical yet effective method to gain easy access to the most secured networks. Why go through brute force password cracking when you can trick someone into simply handing it over to you ?
Implementing security policies is a team based effort, the entire company needs to be security aware in order to efficiently protect your business.

Contact Us

Tiered testing


Table 1: Tiered testing
Tier 1 / Infrastructure 2 / Application 3 / Social 4 / Physical 5 / Full coverage
Duration - Tier 1 2 business days 3 business days 2 business days 3 business days 2 weeks
Duration - Tier 2 3 business days 5 business days 3 business days 4 business days 3 weeks
Duration - Tier 3 5 business days 5 business days 5 business days 5 business days 4 weeks
Duration - Tier 4 7 business days 8 business days 7 business days 8 business days 6 weeks
Duration - Tier 5 10 business days 10 business days 10 business days 10 business days 8 weeks
Cost Please request cost sheet Please request cost sheet Please request cost sheet Please request cost sheet Please request cost sheet

Security packages


Your network evolves, new security flaws are found every day, hackers are getting smarter; protect your business today and tomorrow.
Table 2: Annual protection package
Bronze Silver Gold Platinum Diamond
Duration Quarterly Tier 1 testing (full coverage) Quarterly Tier 2 testing (full coverage) Quarterly Tier 3 testing (full coverage) Quarterly Tier 3 testing (full coverage)
+ bi-annual Tier 4 testing (full coverage)
Quarterly Tier 4 testing (full coverage)
+ bi-annual Tier 5 testing (full coverage)
Average savings 10% 15% 20% 25% 30%
Cost Please request cost sheet Please request cost sheet Please request cost sheet Please request cost sheet Please request cost sheet


Contact Us