Internal/External Vulnerability Assessments
Although related to the Risk Assessment, host and perimeter vulnerability assessments differ by involving the evaluation of the operating systems, the applications implemented and the identification of known vulnerabilities and security configuration issues.
All hosts behind the firewall, and the systems that reside on the external network, are quantified in terms of risk level. The resulting rank of discovered vulnerabilities and security configuration issues identify the systems and services that require immediate, secondary and tertiary remediation.
The benefits of hiring ÜberGuard to perform this audit are:
- ÜberGuard works closely with the client to understand their system characteristics and security policy objectives.
- ÜberGuard uses ÜberScan, their proprietary security assessment software, which is tuned for each client’s system characteristics and reporting requirements.
- ÜberScan scans for vulnerabilities and security configuration issues, including Active Directory policy and UNIX policy assessments.
- ÜberScan analyzes scan results, immediately appraises the client of any “extremely critical” vulnerabilities, and correlates any less severe vulnerabilities, that if taken together, also present an immediate call to action.
- ÜberGuard provides concise, high-actionable reports, with identification of host and perimeter vulnerabilities, stacked from Extremely Critical down to Low (or to the client’s level of interest, or defined “risk threshold”).
- ÜberGuard provides an Executive Report with summaries and trends for management’s review, as well as a Technical Report for the IT staff; complete with precise prescriptions to address identified issues.
- ÜberGuard meets with the client and provides specific consulting recommendations for mitigation and/or remediation of identified vulnerabilities, providing increased system security.
- ÜberGuard identifies unnecessary/redundant (or unintentional) services running on the client’s network.
- ÜberGuard offers a Vulnerability Life Cycle Plan for the client to follow up on the remediation of vulnerabilities, and subsequent scanning to validate that risk mitigation has been effective.