Vulnerability Assessment

When was the last time your organization tested its infrastructure for security issues such as insecure configuration, outdated software, or default passwords?

Is your organization aware of all the assets and devices inside its networks?

Is your organization aiming to comply with an information security standard such as ISO27001?

All of these questions can be answered by performing a Vulnerability Assessment. >SaturoS_ security experts can help you understand the security state of your organization from a general, broad perspective by performing a Vulnerability Assessment through which vulnerabilities & weaknesses are identified and pinpointed.

Vulnerability Assessment

Vulnerability Assessment is the process of finding, identification and classification of security holes and weaknesses. Vulnerability Assessment provides an insight into the organization's current state of security, and the effectiveness of its countermeasures (if any).

>SaturoS_ performs detailed Vulnerability Assessments on all technical layers of an organization, from web applications to network devices, and classifies all discovered vulnerabilities according to risk level and severity.

The results of Vulnerability Assessments performed by Cyberkov help your organization develop an asset-aware security road map according to which assets require higher priority.

We perform our Vulnerability Assessments in two formats:

External Vulnerability Assessment

An External Vulnerability Assessment is performed strictly remotely, with no internal access provided to the >SaturoS_ security experts. The goal of this test is to identify and classify the weaknesses of the internet-facing assets of an organization, for example: Web applications, web servers, network endpoints, VPN, e-mail servers. This test helps an organization learn what external assets need security controls, patches and general hardening.

Internal Vulnerability Assessment

An Internal Vulnerability Assessment is performed from within the premises of the target organization, usually to identify & classify threats and weaknesses in the internal network.

An Internal Vulnerability Assessment helps an organization determine its compliance to global or local policies, standards and procedures in terms of information security, data protection and segmentation of networks.

Vulnerability Assessment Steps

- Reconnaissance: Collection of information about staff, systems, applications and others.

- Mapping: Mapping of information gained through reconnaissance into a full picture, as well as development of attack scenarios.

- Discovery: Discovering security vulnerabilities and weakness in any layer included in the test scope.

Deliverables

Upon completion of the security test, a detailed report is sent to the client, including the following:

- Executive Summary: Summary of the purpose of this test, as well as as brief explanation of the threats facing the organization from a business perspective.

- Findings: A detailed, technical explanation of the findings of the tests, with steps and proofs of the findings.

- Conclusion & Recommendations: This section provides final recommendations and summary of the issues found in the security test.