Vulnerability Assessments
Selkirk Cyber offers strategic Vulnerability Assessments for small business networks. Vulnerability assessments use a white box approach in that vulnerability scanning is done with the system owners being aware an assessment is taking place, and in most cases scans are done with credentialed access. Credentialed scans provide more data on system configurations, settings, software versions, services and other components that may be targeted by threat actors.
Vulnerability Assessment differ from Penetration tests in that the vulnerability assessments are given access and a more robust view of the in-scope systems. Vulnerability assessments are viewed from the inside looking in, vs a pentest which is looking from the outside in. With a vulnerability assessment there is no attempt to exploit or gain access to a misconfigured or vulnerable system. These findings aren't acted on, but only included as findings with an assigned severity level in the report.
Generally, a vulnerability assessment provides more data and more actionable results than a penetration test.
Vulnerability Assessment Process
First, in-scope systems along with a planned date and timeframe will be coordinated. Once these are complete, one of our machines will be setup/connected on your network. We have physical devices that can be connected directly into the network or virtual images that can be loaded into a hypervisor. These devices will then connect to Selkirk Cyber's external infrastructure to run scans and begin the vulnerability assessment.
Once scans are complete the data and findings will be analyzed and a report generated. Typically, the scanning will take 1 to 3 weeks then analysis and reporting another 1 to 2 weeks. The report will outline vulnerability findings, along with an explanation of each finding in paragraph form.
Get Started
Once the vulnerability assessment is complete, you'll have an outline of your entire networks security posture. You'll also have an actionable list of findings along with their countermeasures and mitigations.
Specializing in security, we offer competetive pricing and a more tactical approach to network security than the big box IT service providers. These providers typically don't specialize in security and may outsource the tasks to foreign entities. If you'd like to utilize our strategic Vulnerability Assessment services please contact us to get started.