Vulnerability Assessments

Vulnerability Assessments

A vulnerability assessment is an effective way of identifying and understanding the risks and vulnerabilities in your networks and infrastructure, and can be a great alternative to an expensive pen test. Essentially, the purpose of a Vulnerability Assessment is to identify weaknesses in your security and provide solutions to fix them.

What We Do

A Vulnerability Assessment with us gives you the following:

• Enumeration of external ports on all provided IP addresses
• External Unauthenticated Vulnerability Assessment and report
• Internal Authenticated Vulnerability Assessment (Full or Representative Sample Set) and Report

The Vulnerability Assessment can be completed on a representative sample of devices or the entire network. We will not only provide information and advice on what is 'in scope' of Cyber Essentials and Cyber Essentials Plus, but also, any vulnerabilities that are not in scope yet still pose a significant risk to your organisation. We can then work with you as you remediate these issues and rescan as necessary.

This is why a Vulnerability Assessment is a great solution for anyone wanting to achieve Cyber Essentials Plus, however, it is very worthwhile as a standalone assessment as it can give you an understanding of your organisation's security posture beyond the Cyber Essentials Plus requirements, scanning for any and ALL vulnerabilities. This could include anything that is on the network that we can find and scan, for example Routers, Switches, NAS Boxes, as well as Servers that don’t deliver Interactive Desktops for users - all of which can and do have vulnerabilities.

Vulnerability Assessment Packages

Our Vulnerability Assessment packages are designed to suit a variety of needs and budgets, so whether you need a one-off service or regular auditing, get in touch today to find the right package for your business.

ESSENTIALS: Servers, End-User Devices

Vulnerability Analysis of your servers and end-user devices within your network, including remote users and multiple office locations. Detailed report provided of all vulnerabilities identified and remediation steps required. We will also complete further assessment scans for 30 days following the initial report whilst you complete remediation, to ensure issues have been remediated. This assessment includes port- enumeration and vulnerability analysis of your office location, external IP address range, thus identifying any open and accessible ports or known vulnerabilities identified on externally published services.

ENHANCED: Servers, End-User Devices, Network Infrastructure

We will provide a device to install on your network allowing our assessment team to complete a Vulnerability Analysis of devices that we have not captured as part of the basic assessment of servers and end-user devices.

Additional Network Scanners: If you have a fully routed network infrastructure, you may only require one device per network segment, but if you have multiple offices that are not linked or not scannable from a central location, additional devices will be required. These can be acquired as add-ons and include device loan, shipping to site and collection of device after assessment.

IP & DEVICE ASSESSMENTS

> IP Enumeration and External Vulnerability Assessment

Based on a single IP range or up to 5 separate IP addresses, our assessment team will enumerate the IP addresses, identify any exposed ports and usage, and complete a vulnerability analysis of those exposed ports/services. You will receive a report of the issues found and any recommendations for remediation.

> Device Vulnerability Analysis

Our assessment team will review a single device to confirm its alignment to Cyber Essentials Plus and provide further vulnerability information to allow remediation of any issues which may compromise the security of the machine. We will also complete one further re-scan to ensure that all remediation actions have been completed.

> Cyber Essentials Plus Vulnerability Assessment

The Cyber Essentials Plus Vulnerability Assessment is designed for clients that would like a quick one-off scan to establish how compliant their business is with the Cyber Essentials Plus standard. Our team assesses a representative sample of your client's devices to see whether they are compliant, and if not, we will tell you where all the gaps are and provide detailed remedial guidance to help you fix the issues uncovered. This service is ideal for clients that have passed their Basic Certification and are perhaps on the fence with regards to Plus but would like to know where they stand.