Vulnerability Assessment

Leading vulnerability assessment services by Nettitude an ASV company with CREST and CESG CHECK security consultants.

Nettitude’s vulnerability assessment services are designed to test your internal and external infrastructure against known vulnerabilities and exposures. We have a range of approaches from both automated portal based offerings through to appliance based devices that you can deploy on-site. We are able to proactively manage these assessments and ensure that false positives are kept to a minimum. For organisations that require more manual approaches our team of security consultants are able to deliver vulnerability assessment services across a wide array of technologies and platforms.

Looking to book a vulnerability assessment?

Nettitude is able to deliver vulnerability assessments that deliver both infrastructure and application devices. These tests will check for patching, weak passwords, default configuration parameters and poor security standards. Vulnerabilities that are identified are reported back to clients without any attempt of exploitation taking place. There are two types of vulnerability assessment that Nettitude without any attended can perform:

  • Consultancy-Led Vulnerability Assessment

    Nettitude has a defined approach for delivering vulnerability assessments which is built upon steps one through five of our penetration testing methodology.  All engagements commence through diligent scoping, to ensure that we dully understand your requirements and overall test objectives. Where we are delivering consultancy-led services, we then run a series of manual and automated tools and scripts to identify vulnerabilities in your infrastructure and applications. Any time we identify a vulnerability or concern, our security team manually validates the exposure and provides detailed evidence of the vulnerabilities existence.

  • Automated Vulnerability Assessment

    Nettitude is able to deliver automated vulnerability assessment services through both an appliances and a web based portals. Both approaches can be used by clients to deliver self-service assessments for their internal and external infrastructures. Nettitude continues deliver a professional-services wrap around these assessments, assisting clients building test strategies and helping to eliminate false positives. This allows our clients to run assessments 365 days of the year, and leverage our skills and expertise when it is really needed the most.

  • Tailored Vulnerability Assessment Reports

    All vulnerability assessments result in a tailored management and technical report that can be delivered in line with your individual requirements. We are able to export results in to PDF, Word or Excel documents, as well as CSV for import in to your internal vulnerability management toolset.

Third Party Vulnerability Assessment Frameworks

PCI ASV – Vulnerability Assessments

As an Approved Scanning Vendor (ASV) company delivering services across the globe, Nettitude is able to deliver internal and external vulnerability assessment services against the requirements defined in the PCI Data Security Standard (DSS).

Requirement 11.2.1 requires organisations to deliver quarterly internal vulnerability scans to identify “high-risk” vulnerabilities as identified in requirement 6.1. Nettitude is able to deliver these service for clients themselves or alternatively provide tools and techniques to enable the client to manage this approach themselves.

Requirement 11.2.2 requires organisations to undertake quarterly ASV scans to assess their external network infrastructure and applications.  As an ASV that has been delivering services in this space for many years, Nettitude is able to deliver full circle services against this requirement.

UK Gov – Cyber Essentials Scheme

In April 2014, the UK government launched its ‘Cyber Essentials’ scheme.

This program is aimed at SME size organisations and assesses the following five key controls:

  1. Boundary firewalls and internet gateways
  2. Secure configuration
  3. Access control
  4. Malware protection
  5. Patch management

This scheme requires organisations pursuing either the silver or gold tier certification to undertake an independent security assessment or vulnerability test. As a CREST company, Nettitude is an active participant in this program and proactively delivers advice and guidance to clients wishing to meet the ‘Cyber Essential’ scheme requirements.

Intelligent Cyber Security and Risk Management   0345 5200 085    solutions@nettitude.co.uk