Vulnerability Assessment

When you buy a burglar alarm or security system an engineer visits your premises to install it and make sure it is correctly configured, so why should your IT systems be any different? Vulnerability assessments test your IT deployment and system configurations to ensure that your company is not wide open to cyber-attack. If your system is going to be put to the test, it is better it is tested by you than by a criminal. Find out about our internal and remote vulnerability assessments below.

Internal Vulnerability Assessment

This service requires access to your internal network and systems in order to simulate someone who has gained access from the internet or an insider threat from an employee.  The service will scan and review your internal networks and systems looking for weaknesses such as poorly maintained or designed systems, insecure Wi-Fi networks, insecure access controls, or opportunities to access and steal sensitive data. The service will identify weaknesses, but not exploit them. It should be noted that although the interaction with your systems is kept to a minimum, there is always a risk that poorly maintained or designed systems can suffer outages during vulnerability assessments. That is why all internal vulnerability assessments are supported with back-out and recovery plans agreed in advance to minimise risk. 

 

Service reporting will describe in plain language, what each weakness means to your business and the risks associated with each. Service reporting will include plans and guidance on how to fix those weaknesses.

 

We are able to recommend our IASME trusted partners network to provide additional services such as a full penetration test. Our trusted partners have been subject to due diligence checks by the accreditation body appointed by the National Cyber Security Centre, the UK’s National Technical Authority who are apart of GCHQ. They are also certification bodies for Cyber Essentials and Cyber Essentials Plus schemes which assure you have considered the most common cyber technical controls.

Remote Vulnerability Assessment

If your organisation is connected to the internet, this service will remotely review that connection in the same way as an attacker would perform reconnaissance, looking for potential weaknesses. The service uses the same toolsets and skill sets as hackers use to map your organisations internet connections. This service also benefits from regional Police and National Cyber Security Centre intelligence to capture the very latest known threats and techniques used by cyber criminals. It should be noted that although the interaction with your systems is kept to a minimum, there is always a risk that poorly maintained or designed systems can suffer outages during vulnerability assessments. That is why all remote vulnerability assessments are supported with back-out and recovery plans agreed in advance to minimise risk. Remote vulnerability assessments are not penetration tests, where the goal is complete systems compromise or to take full control of your systems. Remote vulnerability assessments are focussed on identifying weakness that might be used to achieve that compromise. 

 

Service reporting will provide a plain language interpretation of the results and how any vulnerabilities might be used by an attacker, as well as simple instructions on how any vulnerabilities might be fixed. 

 

We are able to recommend our IASME trusted partners network to provide additional services such as a full penetration test. Our trusted partners have been subject to due diligence checks by the accreditation body appointed by the National Cyber Security Centre, the UK’s National Technical Authority who are a part of GCHQ. They are also certification bodies for Cyber Essentials and Cyber Essentials Plus schemes which assure you have considered the most common cyber technical controls.

If you would like to book a Vulnerability Assessment or would just like to find out more, please contact us

NEBRC New Logo Sept 2020.png

The Business Resilience Centre for the North East (NEBRC) is a non-profit organisation which exists to support and help protect North East England businesses from cyber crimes.

Connect with us:

  • Twitter
  • LinkedIn
  • YouTube

© 2020 North East Business Resilience Centre