Overview

Vulnerability assessments identify and quantify vulnerabilities in a system. While these assessments don't cover the breadth of scenario and logic-based testing of a full-blown penetration test, they do provide a hacker's-eye view of an organization's network security.

Many vulnerability assessments only include the use of automated network scanning tools. These tools can be quite thorough, but often produce "false positives" and "false negatives" that create additional work for IT staff. For the most effective results, these tools should be used by a security expert who can provide "Hand Validation" of the vulnerabilities that are discovered. Hand validation uses other tools and techniques to go beyond the automated scan to determine if the vulnerability exists. Only then, will an organization be able to focus on the truly high-risk vulnerabilities and have a prioritized roadmap for remediating those vulnerabilities.

Key Benefits

Vulnerability Assessment and Validation service goes beyond a typical single-tool automated scan. COE Security's experts provide cross validation and hand validation of vulnerabilities, then takes the process of threat and vulnerability assessment one step further by identifying the root cause behind system vulnerabilities on the internal critical systems (when possible). Without identifying the root cause, vulnerabilities will often reappear. By identifying the root cause, mitigating steps can be taken to address the vulnerability, as well as numerous other potential vulnerabilities. At the end of the assessment, COE Security provides comprehensive deliverables.

Methodology

Test from an External or Internal Perspective Depending on the customer's requirements, COE Security can provide vulnerability assessments, from either an external or internal perspective.

Vulnerability Assessment and Validation Service - External — Scans Internet-facing systems for potential vulnerabilities, eliminates false positives and details confirmed vulnerabilities in terms of risk and any recommended remediation steps.

Vulnerability Assessment and Validation Service - Internal — Scans systems or network ranges defined by the customer for potential vulnerabilities, eliminates false positives and details confirmed vulnerabilities in terms of risk are and any potential remediation steps that should be taken.

Detailed Reporting
Once the assessment is complete, the client receives a detailed set of reports plus a thorough review of these reports led by COE Security's experts. These reports consist of:
1. An Executive Summary that summarizes security exposures discovered in the assessment and the potential impact upon the organization
2. A Management Report that details operational issues related to the vulnerabilities that were discovered
3. A Technical Report that details the identity and location of vulnerabilities
4. A Solutions Recommendation Report that helps staff begin the process of prioritizing remediation efforts, with strong emphasis on reducing the greatest risks to the enterprise first

Vulnerability Assessment and Validation Service Features

1. Hand validation of vulnerabilities by a security expert
2. May be conducted from internal or external point of view
3. Pre-assessment planning that minimizes interruptions to normal IT and business operations
4. A complete set of reports that address the needs of both senior managers and line-level technical staff
5. Guidance for prioritizing and fixing discovered vulnerabilities

Vulnerability Assessment and Validation Service Benefits

1. Eliminates false positives and provides remediation recommendations
2. Identifies the root cause behind vulnerabilities (where possible)
3. Delivers rapid, accurate and non-invasive discovery of security weaknesses for businesses of all sizes
4. Connects vulnerabilities to relative risk, which helps structure and simplify remediation efforts
5. Supports regulatory compliance efforts
6. Integrates business and technical concerns associated with data security vulnerabilities for faster, more productive remediation efforts