CYB3R INTELLIGENCE | CLOSE DIGITAL PROTECTION
Manage internal and external vulnerabilitys
Vulnerability scanners are great at locating thousands of known weaknesses and loop-holes, but they can never fully replace the human eye. With our vulnerability assessment capability, our certified professional hackers can verify the severity of your scan results, reduce the number of false positives, provide peace of mind.
There has historically been a gap between an external penetration test and an external vulnerability scan. Vulnerability scans happen regularly, whereas penetration tests are performed once or twice per year. This leaves six to twelve months where weaknesses can be left undiscovered and exploitable.
CYB3R INTELLIGENCE’s VA service reduces this gap in order to provide continuity of security through a combination of automated vulnerability scanning, manual reviews by penetration testers, and freeform bug hunting.
Eliminate False Positives
Stages of assessments
Amongst our CDP services, our clients receive monthly vulnerability assessments as we are dedicated to determine any threats against your online assets that could cause immediate or long-term damage.
Vulnerability Identification is the first stage of your assessment. We directly communicate with your online assets and run serval tests against industry standard compliance measures.
The objective is to identify the source of the vulnerabilities identified in step one. This involves the identification of system components responsible for each vulnerability and so uncovering the root cause.
For example, the root cause of a vulnerability could be an old version of an open source library. This provides a clear path for remediation – upgrading the library.
Within the Risk Management stage, CYB3R INTELLIGENCE will prioritise vulnerabilities based on how critical they are. It involves our security analysts assigning risk or severity scores based on each vulnerability.
Questions we ask within this stage include the following: Which systems are affected? What data is at risk? Which business functions are at risk? Ease of attack or compromise, and severity of an attack?
The objective of this step is the closing of security gaps. It’s typically a joint effort by CYB3R INTELLIGENCE analysts and the individual who determine the most effective path for remediation or mitigation of each vulnerability.
Vulnerability assessments cannot be a one-off activity. To be effective, we must operationalise this process and repeat it at regular intervals for maximum security.
More often than not, two distinct security issues can be mild in nature, but when combined, can have a far more severe impact. Our Vulnerability Assessment team are skilled at combining issues discovered by automated tooling, ensuring that dangerous weaknesses do not slip through the cyberspace net.
Automated scans can discover services that when investigated manually, can reveal serious weaknesses. For example, publicly accessible file-shares may contain sensitive company information that is only apparent to the human eye.
eliminate false positives
Automated scanners often identify lots of issues, but due to the limitations of automation, there are always false positives – wasting precious time for your security team. The CYB3R INTELLIGENCE team investigates scan results to confirm, where possible, that the result is valid.
CYB3R INTELLIGENCE provides regular assessments of your internet-facing systems and assets; and stores custom Proof of Concepts, for issues such as Cross-Site Scripting or SQL Injection.
The combination of regular manual and automated solutions allows our service to exceed. However, it should be notes that automated solutions don’t understand context – the circumstance of a vulnerability can affect the overall impact of a weakness if exploited. As an example, vulnerabilities detected on a server hosting sensitive data will be reported with an increased severity rating; whereas a partially-exploitable vulnerability, with measures in place to protect it, will have its severity rating lowered to reflect the threat. These assessments must take place regular to maximize protection.