Mitigate Risk with Internal Vulnerability Assessments
Assess your IT risk like an insider. Vulnerabilities can arise due to misconfigured hardware, out-of-date software, or even unpatched systems.
The objective of an Internal Security Assessment is to safeguard the network’s assets that could be exploited to interfere with the confidentiality, availability, and integrity of your network. A security assessment reveals an organization’s existing IT vulnerabilities and suggests recommendations to improve its overall security posture. In simpler terms, it is an assessment that reveals the immediate threats to your IT security, and shows how to fix them to ensure that they don’t occur again.
The Security Assessment Process
Here’s what a comprehensive security assessment looks like:
- Step 1: Due Diligence
- Step 2: Threat Modeling
- Step 3: Application and Infrastructure Deep Dives
- Step 4: Recommendations and Action Plan
Testing performed by SECNAP follows NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), and customized testing frameworks.
28% of Data Breaches Involve Internal Cyber Attacks*
Assessment Report includes:
- Executive Summary for Non-Technical
- Detailed Findings and Remediations Report
- Comparison with previous assessment if Applicable
- Screenshots of Confirmed Vulnerabilities
- HTML Detailed Data and Supporting Files
The final report will accurately identify and prioritize vulnerability remediation based on criticality, threat context and vulnerability severity. Easily exploited vulnerabilities that lead to large amounts of data loss or have a potential of privilege loss should be considered as high priority.
Attack Surface Testing
Our testing is built for the modern attack surface and leverages automation in order to test against over 100,000 potential vulnerabilities and 45,000 Common Vulnerabilities and Exposures. Those test are complimented with manual testing performed by a highly experienced security professional in order to confirm and further explore gaps in your security posture.
Performed Scans include:
- Catalog all active ports/services on network
- Check for operating system vulnerabilities
- Check for web server vulnerabilities
- VoIP vulnerability testing
- Testing for malware
Manual probes may include:
- Check internal services for misconfigurations
- Confirm best practice configurations for services
- Evaluation of service inherited attack vectors
- Escalate compounding low-risk vulnerabilities
Cloud Based Assessments
SECNAP offers thorough cloud testing, the activities performed during testing (but not limited to):
- AWS, Azure, and Internal Network Audits
- Architecture & Configuration Reviews (IAM, EC2, S3, VPC, Route53, ect.)
- Host Audits, Web Applications Assessments, and Infrastructure-Based Assessments
- Other Testing Depending on Specific Customer Content and Size