Menu Content/Inhalt

Vulnerability Assessment

Vulnerability Assessment (VA) is the process of scrutinizing the IT infrastructure in order to discover the existence or not of documented (aka well-known) deficiencies in the infrastructure which if exploited can become a security risk.

Our engineers during the implementation of the VA process cover the following:

  • Active Network Elements
  • Operating systems
  • Database management systems
  • Application serving environment
  • Corporate Applications
  • Security mechanisms
  • Configuration management

 Implementation methodology

In Expertnet we implement the vulnerability assessment (VA) procedure in distinct steps which include:

  • Enumeration
  • Scanning
  • Verification (optional)
  • Correlation, Review, Audit
  • Countermeasure deployment

 

VA Process

 

Enumeration and Scanning are accomplished by using software tools that will scan the various IT resources, thus identifying possible vulnerabilities. This method has the advantage that it offers a speedy and detailed vulnerability analysis of the network and the IT systems.

Both commercial and Open Source toolkits are used. This approach combines the knowledge-bases of the commercial and the Open Source world in order to provide a more accurate and in depth security analysis of the network and IT infrastructure.

Our engineers correlate the results produced by the automated scanning tools with the configuration of the it systems and the business needs of the customer in order to eliminate false positives and to prioritize the vulnerabilities according to their severity.

Back to top  

Verification

Exploitation of the discovered vulnerabilities is sometimes necessary in order to assess the threat level they represent and to certify that they are exploitable in real world conditions.

The exploitation of a vulnerability, depending on its type, may require the consent of the customer since sometimes exploitation can be disrupting to the services of the customer.

Back to top  

Countermeasures

The end result of the VA process is the list of vulnerabilities and the countermeasures associated with them sorted in terms of severity, implementation cost and implementation time.

Possible remediations for the discovered vulnerabilities can be the following:

  • Network architecture modification.
  • Active network element re-configuration. 
  • Operating System patching.
  • OS, DBMS and application hardening. 
  •  Security controls implementation.

Our engineers are capable of implementing all the needed countermeasures even in the most demanding IT environments, thus strengthening the security posture of any organization. 

Back to top