Vulnerability Assessment and Penetration Testing – Protect the external assets from the right threats with the right strategic measures.
What’s the external assessment
External vulnerability assessments identify security weaknesses in networks, systems, and applications. Vulnerabilities can stem from an unpatched application or operating system, a small misconfiguration in a firewall or router, or unknowingly providing excessive access to a system or a portion of your network.
An external vulnerability assessment and penetration test can identify how an adversary can cause harm to your IT systems from outside of your network.
A good cyber security company will assess the security hygiene of your outward presence, including your perimeter devices, servers, applications and encryption technology. They can target anything that is accessible from the Internet for potential security vulnerabilities. Good external vulnerability assessment and penetration test will shed light on security vulnerabilities and gaps that are in need of remediation.
For example, Leet Protect’s unique approach combines human expertise with automated tools, statistical analyses and threat intelligence to ensure that we take a thorough, in-depth approach to solving this problem by identifying high impact risks.
See our next blog about our methodology and approach.
Leet Protect Security Assessment Methodology.
Leet Protect has developed its own unique security testing methodology that’s aligned to industry best practices, including SANS 25, OWASP TOP 10 and OSSTMM. We come armed with the tools, techniques and expertise to deliver a high quality engagement. A typical external security assessment consists of the following phases
■ Footprinting
■ Vulnerability scanning
■ Manual vulnerability verification
■ Penetration testing
■ Vulnerability analysis
Footprint Analysis and Information Gathering
Footprint Analysis and Information Gathering This phase results in a detailed blueprint of your company’s network and its internet security profile— the two major components to measuring the network’s overall risk. Our consultants approach footprinting without significant prior knowledge about your company’s network. This allows us to achieve thorough mapping and overcome any blind spots you might have. We gather domain names, IP network ranges, and information about hosts, such as operating systems and applications.
Vulnerability Scanning
The information gathered during the footprint analysis and information-gathering phase is used to perform the vulnerability scanning phase and penetrate vulnerable systems. We take a holistic view of the network and chain multiple, low-risk vulnerabilities in order to achieve a high level of access into the target network. This vulnerability linking typically culminates in pilfering sensitive data, such as password hashes, restricted databases, or attaining specific trophies that your company identifies
■ Comprehensive technical report
■ Management presentation
■ Remediations to mitigate threats
■ Report presentation and results review workshop
Remediation & Retesting
Our consultants partner with your organization in attaining its strategic security goals. At the conclusion of this engagement, we list all discovered vulnerabilities based upon a ranking of high, medium, and low. We perform a retest of each of the discovered vulnerabilities within three months of the completion of your engagement. This allows you to validate that your security remediation efforts resolved all discovered vulnerabilities.