Vulnerability Assessments identify and rank the exposures present within our clients’ systems and networks.

Industry-leading automated scanners, configured with optimized settings, are utilized to analyze the target environment. This process discovers misconfigurations, unsupported software, missing patches, unintentionally open services, and publicly disclosed exploits, to name a few. The information can then be used to formulate a plan to eliminate the threats or reduce them to an acceptable level of risk.

TrustedSec performs this assessment from not only a secure public server, but also through the TrustedSec Attack Platform (TAP) device. TrustedSec offers Vulnerability Assessments as a standalone service, but also includes scanning at the end of our Penetration Tests. The vulnerability scanning phase is used as validation to ensure only the most common exposures were identified, and confirms that each finding identified through vulnerability scanning is validated.

TrustedSec consultants perform validation of the discovered vulnerabilities, excluding denial-of-service (DoS), and removes all false-positives.

Our report outlines various findings and includes the pertinent validation screenshot or data.

The findings are then categorized by Common Vulnerability Scoring System version 3 (CVSSv3). The report includes a description of the vulnerability, affected hosts, TrustedSec’s recommended remediation, and applicable reference sources.

TrustedSec then weighs this score and assesses the impact to establish a Severity Rating. This information can then be used in conjunction with a Vulnerability Management Program to identify and remediate exposures that compromise and reduce the effectiveness of the Information Security program.

Featured Content

Research + Red Team + Risk Management: Assessing Evolving Threats

Download

Talk with an Expert

  • This field is for validation purposes and should be left unchanged.
David Kennedy

Author: David Kennedy

Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.