Vulnerability Assessments

VALIDATE YOUR DEFENSES

Even the most advanced network security systems should be tested periodically.  Network Security Systems can become less effective due to lack of management and other factors.

TEST YOUR COUNTERMEASURES

Is your IT Security Team prepared for a REAL network-based threat?  Performing a Vulnerability Scan is a sure way to reveal how prepared your Network is to manage a REAL-WORLD attack.

MEET AND EXCEED YOUR SECURITY COMPLIANCE REQUIREMENTS

More and more types of businesses and organizations fall under Federal, State, or Industry-Enforced Security Compliance Regulations every year.  If your organization operates under one of these authorities, CISS can perform the periodic Vulnerability or Penetration Testing required by many Security Compliance Regulations.  Insurers are also now, in many cases, requiring such testing before underwriting Cybersecurity Insurance policies.

EVALUATE INFRASTRUCTURAL CHANGES

It is important to Evaluate major changes to your DMZ / WAN / LAN infrastructure; often new weaknesses introduced after such changes remain undetected until an attacker finds, then exploits them.

What is Vulnerability Scanning?

Vulnerability Scanning is one of the best methods available for verifying that a network or computer system is secured against common threats.  Vulnerability Scanning is typically performed by executing a probe against external (and optionally, internal) networks using CISS’s automated Vulnerability Scanning platform, using much the same process as an attacker may use to discover “holes” in an exposed system.

Several methodologies for performing a comprehensive Vulnerability Scan of a network are commonly utilized: “Black Box”, “White Box”, and “Gray Box” tests.  “Black Box” tests are those performed by the tester without any appreciable prior knowledge of the system to be attacked; this is typically done to simulate the experience that a hacker attacking from the outside of the network would have.  “White Box” tests are those performed by the tester who has been given complete knowledge of the systems to be attacked (network diagrams, architecture information, even password lists); simulating an “inside job” or data “leakage.”  “Gray Box” tests are a combination of “White” and “Black” box tests; that is, the tester is given limited information about the network / systems to be scanned.

Each type of Vulnerability Scan has different merits, choosing which type of test to implement is best done with the assistance of experienced professionals.

Do you have a question for our sales team? Contact us!

Skip to content