What is a Vulnerability Scan?
Considered to be one of the best methods of defence against today’s threats, the Vulnerability Scan. These scans use a list of known vulnerabilities, meaning they are already known to the security community, hackers and the software vendors. Most current successful attacks occur because of security problems, misconfigurations, services configured by default or the absence of patches that the software manufacturer makes public, but which the IT department has not implemented. Knowing these threats early is essential in order to tackle them.
A vulnerability scan is an automated detective tool to alert an information security program when unauthorized changes have been made to the environment. It is a crucial part of maintaining your information security and therefore should be used regularly. For example, every new piece of equipment that is deployed should have a vulnerability scan run against it and another approximately a month thereafter.
Why need a Vulnerability Scan?
To discover new vulnerabilities, but also to ensure that known vulnerabilities have been handled. Regular scanning let the organisation see how effective controls and processes to secure sensitive environments are, while at the same time discovering new vulnerabilities. Vulnerability scans can also be a compliance requirement, for example in PCI DSS.
Vulnerability scanning is certainly a significant part of your security program, but keep in mind that this is only one part.
Advantage of performing this type of assessment:
MEETING REGULATORY COMPLIANCY
Depending on the industry you are in many governments apply regulatory compliance rules that require an internal vulnerability assessment.
PEACE OF MIND
Reassurance that your valuable data is as secure as possible. Threats from cyber criminals, internal threats and malware are being dealt with.
Gain expert insight into all known vulnerabilities.
PROTECT YOUR COMPANY'S REPUTATION
Demonstrate to your business partners, regulators and suppliers that you take cyber security seriously.
Why work with Fortytwo?
The benefits when working with us:
Our highly skilled team leaders have more than 15 years of information security experience.
Our team holds a range of accreditations including QSA, CISSP, CCSA and CISM.
We believe in empowering our clients. Our team fully discloses the methods, tools and configurations used to perform analysis work for our customers. Companies can easily adopt our processes for future benefit.
HIGHLY SATISFIED CUSTOMERS
We provide value to our clients on a consistent, ongoing basis and we are proud of our long-term client relationships.
In our work and proposals, no unexpected surprises. We strongly believe in providing easy to understand reporting.
EXTRAORDINAIRY SERVICE AND SUPPORT
We truly care for your data security. Always providing and delivering professional, helpful, high quality service and assistance before, during and after your requirements are met.
How we work
We follow a transparent work process:
We will work together to define the scope and critical applications, systems and networks to be included and a non-disclosure agreement is part of this step.
Information gathering (reconnaissance)
All necessary information about the testing environment is shared in order to prepare for the next step.
We will execute a first scan of the application or network, using a combination of automated and self-written tooling to create insight about the environment and to prepare for the vulnerability scan.
The actual vulnerability scan is executed, while gathering information for further scanning. You receive a Preliminary Report with detailed information regarding identified issues.
We provide you with insight on the vulnerabilities. To resolve the vulnerabilities in a structured manner, a report is prepared specifying the complete and prioritised list of vulnerabilities.