Each vulnerability assessment encapsulates a process to identify, classify, report on and provide remediation advice for the security weaknesses of a constituent’s IT infrastructure. It entails a scan to uncover exploitable weaknesses in network devices, servers and systems. The results are manually verified and then compiled into an easy-to-read, actionable report.
A combination of regularly scheduled vulnerability assessments and penetration testing will help institutions identify security weaknesses in IT infrastructure before they can be used in an attack. The institution can then take action to remedy the weaknesses and prevent an attack/compromise.
- External and internal options available
- Multiple scanners used (commercial and open source)
- Scalable to unlimited IP addresses
- Optional DNS verification
- Customised report and remediation advice
- Severity-level classification to aid remediation prioritisation
- Manual (infosec expert) verification
- User-friendly, actionable report (reduced page count)
- Follow up advice or assistance (limited)
- Cost-effective charging model
What we need:
- Permission to scan – from the appropriate authority
- List of domain(s) and/or IP addresses
- Security contact details + PGP key
- Extensive, low-intensity assessment using multiple scanners
- Manual verification/analysis/research
- Report summarising the findings and providing actionable remediation advice
- Spreadsheet with raw results
- Limited follow-up consultation if required
From passionate information security specialists!
For more information please see the SANReN CSIRT website.