Technical Vulnerability Analysis
Performing a Vulnerability Analysis is a proven method for identifying vulnerabilities on your network to secure both the perimeter and the interior.
As breaches continue to occur in IT, it is becoming top priority to protect against them. A Vulnerability Analysis is a proven method for identifying vulnerabilities on your network to secure both the perimeter and the interior. Regular use of this service can prevent data breaches, improve compliance, and improve network efficiency.
The technical vulnerability analysis is one widely used evaluation, and many security frameworks explicitly specify the vulnerability analysis be conducted; for example, the PCI framework requires that the vulnerability analysis be conducted quarterly. Eagle uses the powerful Nessus platform for this analysis.
The process begins with a review of your network diagram to understand your network configuration and major applications. Depending on the scope of the evaluation, one or more scans will be performed. We can provide external scans which evaluate any outward facing IP Addresses for vulnerabilities. Then, a scanning appliance is attached inside the network to scan some or all assets on the network. Depending on network topography, multiple scanners may be deployed. These internal scans can be done either in non-authenticated mode, or for a more comprehensive and accurate scan, authentication credentials will be used to thoroughly examine each device on the network, or a representative sample of devices.
The vulnerability assessment tool we utilize contains a database of over 20,000 vulnerabilities, with new vulnerabilities added daily. Findings may include the use of insecure configurations, unpatched software, end-of-life software, use of default passwords, inappropriate placement of firewalls, and/or lack of encryption technology.
Technical Vulnerability Analysis Deliverables:
Eagle Consulting Partners analyzes the results and provides:
- A thorough written report on the vulnerabilities
- Prioritized recommendations for risk remediation
- Reports for both for executive management and technical staff who require details for remediation
Because networks are changing constantly, and because new software vulnerabilities and patches are released on a daily basis, Eagle can offer an ongoing vulnerability management program that includes ongoing scans on an annual, quarterly, monthly, or continuous basis. Customized reporting can be created for different audiences.