Continuous Vulnerability Assessment is one of the basic controls and one of the most fundamental cybersecurity services an organization can perform. Vulnerability Assessment (also known as Vulnerability Scanning or Vulnerability Management) is used to quickly identify known security issues that might be exploited by a malicious actor to impact your corporate data or services. The goal is to identify potential vulnerabilities in your IT infrastructure in order to understand your current security posture without simulating a real hacker attack.

What we offer

alt

We offer one-time or regularly scheduled (e.g. monthly, quarterly, etc.) vulnerability scans of your external perimeter, web applications, or internal network. All vulnerabilities identified in our vulnerability scans can be further manually verified to eliminate false-positives.

We will provide you with a detailed remediation report to quickly harden your network and reduce your security risk profile. In addition, with our automated scanning services, you will be able to track your risk improvement over time.

 

UnionFlame performs
the following types of Vulnerability Scans
(with or without credentials):
  • External infrastructure scanning
  • Internal infrastructure scanning
  • Web Application Scanning
  • Authenticated scanning of a standard workstation
Vulnerability Scans
can be performed against:
  • Laptops/desktops, and any connected device with an IP address (e.g. IoT devices)
  • Servers (on-premise or cloud-hosted)
  • Network security devices (e.g. firewalls)
  • Websites and Applications

How we do it

alt

Our vulnerability scanning begins only after you have given us a signed authorization. We scan and assess vulnerabilities in your IT infrastructure identifying all your theoretical web application and network security weaknesses. However, unlike in a penetration test, we do not proceed to exploit and access targeted assets.

Vulnerability assessment is conducted from a black-box perspective as a real-world hacker. During the test, we follow the next steps:

Intelligence gathering: we collect information about your IT infrastructure (or get the scope directly from you in case of white or grey-box testing)

Scanning and Enumeration: we run the test to discover targets and assess them for vulnerabilities

Verification: upon request, we manually check identified vulnerabilities to eliminate false-positives

What you get

alt

At the end of the testing, you will receive a report that contains:

  1. Executive Summary highlighting highly rated vulnerabilities and our recommendations
  2. Technical Report with our findings and suggested recommendations for remediation and mitigation of all identified vulnerabilities

 

top