Vulnerability Assessment (VA) is the process of nding, identifying, classifying, and reporting of security issues and weaknesses. As businesses continue to expand their services and networks, their exposure to security vulnerabilities increases as well. Therefore, organizations need to actively assess the existence of security vulnerabilities in their network and implement corrective measures to address identied vulnerabilities.

  • Service Objective
    The objectives of Vulnerability Assessment service are:
    • Identify vulnerabilities and security weaknesses that may expose the information technology (IT) assets of an organization to the risk of compromise by malicious user or party. IT assets includes network devices, servers, printers, applications, and end points.
    • Classify discovered vulnerabilities according to risk level and severity.
    • Improve the security posture of the organization by proactively identifying security weaknesses and insecure conguration present in IT assets and provide remediation actions
  • Scope of Service
    The scope of the Vulnerability Assessment service includes all IT assets that are connected to the organization’s network. Vulnerability Assessment provides an insight into an organization’s current state of security, and the effectiveness of its countermeasures. Vulnerability Assessments is performed in two formats:
    • External Vulnerability Assessment:
      Performed remotely with no internal access provided to our SOC team. The goal of this test is to identify and classify the weaknesses of the internet-facing IT assets of an organization such as Web applications, web servers, network endpoints, VPN, and e-mail servers. This test helps an organization to learn what external IT assets need security controls, patches, and general hardening.
    • Internal Vulnerability Assessment:
      Performed from within the premises of the target organization, usually to identify and classify threats and weaknesses in the internal network. It helps an organization determine its compliance to global or local policies, standards and procedures in terms of information security, data protection and segmentation of networks.
  • Process of Assessment
    Vulnerability Assessment is usually performed according to the following steps:

    Network Discovery:
    discover IT assets connected to the network and conrm those assets with organization to ensure validity.
    • Vulnerability Scanning:
      scan the identied IT assets against known security vulnerabilities.
    • Result Analysis:
      Review of identied vulnerabilities and eliminate false positives.
  • Prerequisites
    To ensure successful and smooth execution of Vulnerability Assessment service, certain information and preparation will need to be in place as follows:
  • External Vulnerability Assessment:
    IP addresses of internet facing IT assets to be included in the scope of Vulnerability Assessment.
  • Internal Vulnerability Assessment:
    We need a Virtual Machine (VM) to install our security toolkit to collect and evaluate vulnerabilities data. The VM should have the following:
    • Hardware requirements: 4 GB RAM, 100 GB Hard Drive space, and 2 core processor.
  • Network access:
    The VM should be placed in IT VLAN and allowed communication with all network segments and VLANs. In addition, the VM should be accessible from the internet by Cloud4C team through VPN or remote desktop to facilitate remote management and execution of service.
  • Software
    An image will be provided to the customer, which needs to be deployed on this VM. As soon as the image is deployed, it will ask for a personalization code that will also be provided to the customer by Cloud4C team.
  • Deliverables
    Upon completion of the Vulnerability Assessment, a detailed report is sent to the client including the following:
    • Executive Summary :
      Summary of the purpose of this assessment, as well as brief explanation of the threats that the organization is exposed to from a business perspective.
    • Findings :
      A detailed, technical explanation of the ndings of the assessment along with steps and proofs of the ndings.
    • Conclusion & Recommendations:
      This section provides nal recommendations and summary of the issues found during the security assessment.
  • Service delivery time
    The Vulnerability Assessment service on about 100 IT Assets can be completed in two business days.