SourcetekIT offers a comprehensive security assessment service that evaluates an organization’s current information security program and infrastructure. The assessment identifies vulnerabilities and weaknesses, and measures any risks associated with the organization’s current IT environment and security practices.
FEATURES & COVERAGE
- Identify internal and external security gaps and vulnerabilities
- Discover any areas of concern, including unpatched systems, open ports, and compliance violations
- Find security bugs and loopholes that could potentially be used to harm your network
- Verify network connections are secure, encrypted, and working as expected
- Outline and develop an actionable plan to mitigate the identified risks and vulnerabilities
- Approach and methodologies are based on industry standards and practices, such as the National Institute of Science and Technology (NIST), Health Insurance Portability and Accountability Act(HIPAA)
Our Network Vulnerability Assessment services are grouped into three categories of services:
- Periodic network Vulnerability Assessment as a service: Our clients often request that we perform a one time or periodic network VA to verify the strength of their network security profile. Industry best practices suggest that you periodically rotate vendors for a more comprehensive VA.
- Deployment of network Vulnerability Assessment solutions: We help our clients select and configure the most suitable network VA solution and manage it on their behalf or transfer day-to-day operation to their staff.
- Compliance Reporting for network Vulnerability Assessment: We provide a network VA that supports your compliance obligations. Accordingly, we leverage our eGRC compliance reporting solutions that supports more than 500 regulatory compliance reports. Specifically, we provide reports that support:
- Payment Card Industry (PCI) Data Security Standards
- ISO 27001
- General data protection regulation (GDPR)
- Health Insurance Portability and Accountability Act(HIPAA)
- Scope of Network Vulnerability Assessment Services: As part of our network Vulnerability Assessment we typically cover the following areas:
- Network Topology Risk Assessment: Discover and assess the risk of network topology and zones including: Public, Operational, Restricted, and Highly Restricted zones.
- Discover Network Assets: As part of the network VA, our personnel help you discover network assets, including network nodes, firewalls, IPSs, IDSs, routers and switches, servers, databases, applications.
- Discover Network Asset Vulnerabilities: Utilizing an array of commercial and open source tools, we probe each network asset for potential vulnerabilities. To complete our network VA, we deploy host configuration review.
- Verify Vulnerabilities (or Penetration Testing): With management approval, we verify identified network vulnerabilities by actively trying to leverage it for further network penetration and subversion of existing controls.
- Network Security Configuration Assessment: We review the device configuration for potential network vulnerabilities. Our personnel utilize a set of automated tools and manual techniques to review such vulnerabilities.
- Reporting: Our reporting process is designed to inform executives, management groups, and technical teams, compliance and audit departments. We carefully explain each vulnerability, its respective exposure, and discoverability. Our personnel also provide pragmatic prioritization and recommendations. When deemed appropriate, our team will provide a trend report to demonstrate the status of network VA over a designated period of time.
- Validates current security programs and practices
- Identifies known security risks and vulnerabilities before they are exploited
- Provides organizations with an outline and action plan to remediate issues and improve IT environment resiliency and performance
- Prepares organizations for audits and other reviews, and ensures compliance and regulatory requirements are continuously met
- Can be performed at your convenience, either onsite or remotely