The Vulnerability Assessment service provided by ISGroup analyzes system's security in oder to detect possible known vulnerabilities.
The activity can be conducted externally or from the inside of the network. In case of external Vulnerability Assessment, the scan is carried out from a remote host, who has access to the target only through the Internet.
In the second case, the scan is carried out from the inside of the private network (Intranet), in order to have an high visibility on the targets.
These two configurations allows the simulation of different attack scenarios: the first one simulates the attack from an external subject (such as a disloyal business competitor); on the contrary the second one simulates an attack from an internal subject (such as a vindictive employee).
After the initial scanning phase, all the identified vulnerabilities are checked to remove possible false positives. For each concrete vulnerability we provide a detailed description and how to fix it.
Seen how many vulnerabilities are discovered every day, it is fundamental to carry out a Vulnerability Assessment with the right frequency. This will ensure that system configurations are correct and that the most appropriate patches are applied over time.
ISGroup provides Vulnerability Assessment solutions suitable to any need and company, assuring an high level of quality.
The Vulnerability Assessment activity begins with the identification of those systems and resources (services, web applications, etc) that are deployed. Afterwards, using automatic and manual tools, the security issues are identified in a non-invasive way. Vulnerability Assessment allow to rapidly detect the overall security level of a network.
The identification occurs through active techniques (such as the version number that a specific program includes in the answers), passive techniques or inference based ones (characteristics that a program has and cannot hide). The results are manually verified in order to eliminate false positives and obtain a solid and detailed Report, destined to both the Management and the operative staff that will correct the issues.
The Report is a simple and detailed document that summarizes the results of the activity and it is divided in three different areas, as described previously:
It is placed at the beginning of the Report and it is no longer than one page. It consists in a non-technical overview, destined to Management.
It consists in a technical part describing the discovered vulnerabilities and their impact in detail. It is dedicated to the Security Manager.
A technical section with detailed and precise instructions on how to resolve the identified problems. Dedicated to the System Administrator.
Working with us is pretty simple, just call the number (+39) 045 4853232 or send an e-mail so that we can get to know each other and discuss about your IT Security needs.