Vulnerability Assessments
Independent vulnerability assessments are a requirement for many businesses in regulated industries such as banks, credit unions, health care, insurance, and those required to comply with Payment Card Industry Data Security Standards (PCI-DSS).
Our vulnerability assessments are carried out using leading commercial vulnerability assessment tools, open source software, and proprietary techniques. Generally, the organizations we assist can’t purchase licenses for all the commercial vulnerability assessment tools we use for less than the cost of our engagements. Further, our scanning tools are operated by highly trained professionals with years of experience in vulnerability assessment and system exploitation.
Anyone in the industry can run a vulnerability scan and produce a report. We help our clients understand and prioritize their risks by attempting to exploit discovered vulnerabilities to gain access to sensitive information. We take the extra time to run unauthenticated and authenticated vulnerability scans and exploitation attempts. We first attempt to identify vulnerabilities and exploit systems using no or basic user rights since this better simulates the environment encountered by a potential attacker. Vulnerabilities and exploits which lead to the compromise of sensitive information with limited user rights are prioritized higher for remediation in our recommendations.
Our security engineers have extensive experience in the industries we serve with Fortune 500 and smaller organizations, and hold industry certifications such as:
- CEH - Certified Ethical Hacker
- GPEN - GIAC Certified Penetration Tester
- CHFI - Certified Hacking Forensics Investigator
- OSCP - Offensive Security Certified Professional
- CISSP – Certified Information Systems Security Professional
- CISM – Certified Information Security Manager
- CISA – Certified Information Systems Auditor
- NSA-IAM - National Security Agency – Information Security Assessment Methodology
- CHSS - Certified HIPAA Security Specialist
Vulnerability Assessments and network management should go hand-in-hand. Unfortunately not all firms realize this… but AIS does. This is why the company you choose is fundamental to your security and success. We offer a wide range of vulnerability assessment options to suit your needs and budget from annual assessments to more frequent assesments and assitance with vulnerability remediation. Contact us to see how we can help solve your vulnerability assessment, remediation, and patch management needs.
Free software vulnerability scan:
To introduce our services, we offer a free vulnerability scan and report to see if your computers are protected from the #1 cyber security risk of unpatched third party applications.
- Based on a recent report by SANS, a respected information security organization, which states “Two risks dwarf all others, but organizations fail to mitigate them…Priority One: Client-side software that remains unpatched.”
- “On average, major organizations take at least twice as long to patch client-side vulnerabilities as they take to patch operating system vulnerabilities. In other words the highest priority risk is getting less attention than the lower priority risk.”
|
