A thorough vulnerability assessment is an initial step to creating your information security program.
Sword & Shield Enterprise Security partners with you through our Network Vulnerability Assessment Service to define, identify, classify and prioritize vulnerabilities in your information systems, applications and network infrastructure. Then, we provide you with the necessary awareness, knowledge and understanding of risk and potential threats to empower you to act on them accordingly.
Our analysts’ years of penetration testing experience have rendered a broad knowledge of vulnerabilities and the ways they can be exploited. We apply this to go beyond the scan to analyze the results and prioritize vulnerabilities in the discovered services or configuration flaws.
As a valuable resource, your analyst can talk you through identified issues, add context to the impact of the discovered vulnerabilities and provide an in-depth technical explanation if needed. Then, we help you to tailor the risk to your environment.
Vulnerabilities are introduced onto the attack surface on a regular basis as the result of continuous security research and public disclosures. Industry standards show regular vulnerability testing is a core component of an information security program. The frequency of vulnerability assessments should reflect your organization’s risk tolerance, exposures, and implemented technologies.
Creating a vulnerability management program through recurring scanning and trend analysis provides measurable data points that can be invaluable for senior leaders and executives. This is essential to building a mature security program.
Sword & Shield offers our Network Vulnerability Assessment Service on a one-time or recurring basis and can customize a plan based on the frequency that best fits your vulnerability management program.
Sword & Shield offers two access approaches for vulnerability assessment:
External Network Vulnerability Assessment (NVA): A Network Vulnerability Assessment (NVA) conducted against your external Internet-facing public networks to evaluate the target hosts by their Internet Protocol (IP) address by enumerating exposed ports and services.
Internal Network Vulnerability Assessment (NVA): A Network Vulnerability Assessment (NVA) conducted behind your firewall against your internal and private networks to evaluate the target hosts by their Internet Protocol (IP) address by enumerating exposed ports and services.
Sword & Shield offers two types of internal vulnerability scans; authenticated and unauthenticated scans.
Unauthenticated Vulnerability Scan: Our expert performs the scan as an intruder would, without authenticated access to the network. An unauthenticated vulnerability scan identifies vulnerabilities in exposed network services and configurations.
Authenticated Vulnerability Scan: Our expert performs the scan as a local or network user, with full access to the operating system, services, and installed applications. Findings identify vulnerabilities with installed applications, system configurations, or insufficient policies. Additionally, an authenticated vulnerability scan assessment can be configured to measure a host’s configuration against industry standards.
A network vulnerability assessment is your first step to achieving or increasing a mature information security program. Contact us for a free consultation to get started today.
Request a Free Consultation for our Network Vulnerability Assessment Service
Sword & Shield provides a wide variety of security assessment related services for our clients. The following list provides an overview of some of the most common services we perform. For more details about these services or other services we perform, contact us today.
Our engineers are experienced in auditing Oracle, Microsoft SQL, Notes, and several other database management system products. Among other things, Sword & Shield security engineers analyze authentication and authorization controls in the database system for least-privilege access controls and audit traceability. Emphasis is placed on matching the degree of security with the business and operational needs.
A Sword & Shield Firewall/Router Audit thoroughly evaluates the rule base for known security risks and policy violations. As a first line of defense against attacks, firewalls and routers must be implemented and maintained properly. Our Firewall/Router Audit provides a detailed analysis that reduces risks and increases perimeter security.
Our Mobile Application Assessment, when combined with our Web Application Assessment, provides a comprehensive assessment of the security of the web application and the mobile devices used to interact with the application. The service analyzes the network transmissions and forensically analyzes the mobile device(s) used.
Sword & Shield performs a sweep of the telephone address space to detect unauthorized modems and authorized but insecure modems. We can perform a phone sweep as a stand-alone service, or as part of another service, such as an external network vulnerability/penetration test.
The Architecture Review and Design process is coordinated through a client project manager and includes a set of structured interviews. These interviews and reviews focus on business areas supported by the network and the technology staff that supports the business units.
This service provides the customer with the analysis necessary to protect all facets of a virtualized infrastructure. Included are areas related to access control, the application of least privilege, data protection, secure network configuration, disaster recovery planning and testing, and threat analysis. The goal of the assessment is to identify security gaps and develop remediation strategies.
The VPN Audit service audits your VPN and your VPN policies and recommends techniques to optimize and enhance your VPN’s effectiveness. We identify potential security vulnerabilities and help you reduce your risks.
Web application security encompasses measures taken throughout the application’s life cycle to prevent exceptions in the security policy of an application or the underlying system vulnerabilities through flaws in the design, development, deployment, upgrade, or maintenance of the application.
Sword & Shield's Wireless Testing examines the subsystems, components and security mechanisms of a wireless network and identifies any weaknesses.