Vulnerability Assessment Services
A vulnerability assessment (also referred to as vulnerability scanning) identifies technical vulnerabilities in computers and networks, as well as weaknesses in policies and practices related to the operation of these systems.
The vulnerability assessment identifies what services your hosts are offering, and whether or not the policies and procedures associated with them are in line with industry and company standards for security.
External Vulnerability Assessment
For a complete and consistent approach, Compass IT Compliance utilizes industry best practices and methodologies such as the Open Source Security Testing Methodology Manual (OSSTMM) and National Institute for Standards and Technology (NIST). There are four major phases to the vulnerability assessment:
- Reconnaissance and Information Gathering
- Enumeration Vulnerability Scanning
- Attack and Penetrate (Optional)
- Internal Vulnerability Assessment
Internal Vulnerability Assessment
Compass IT Compliance designs its internal vulnerability assessment to find existing vulnerabilities in internal hosts, such as servers, workstations, printers, routers, switches and other network devices and infrastructure components. In addition, we will attempt to determine the root causes of the vulnerabilities identified.
Wireless Security Assessment
Compass IT Compliance will evaluate the configuration of your 802.11x wireless network implementation, including:
- Rogue Access Point Detection
- Ad-hoc Wireless Device Detection
- Wireless Architecture Review
- Wireless Encryption Key Cracking
Continuous Vulnerability Scanning
Organizations are constantly evolving and adding new technologies to meet the needs of customers and remain competitive. A Continuous Vulnerability Scanning solution allows organizations to identify and address vulnerabilities much more rapidly when compared to a quarterly or annual vulnerability scan. Compass IT Compliance's Continuous Vulnerability Scanning services provide a real-time solution that evaluates endpoints in a way that is not accessible by traditional networking scanning solutions, providing an in-depth analysis of the vulnerabilities on your server and PC endpoints. The vulnerabilities are then calculated to provide an overall business risk score. Our reports can also provide insights on how vulnerabilities are being remediated over time.