Vulnerability analysis

Analysis of the attack surface of your IT infrastructure

Using automated scanning tools, we identify vulnerabilities in your IT infrastructure. The results of the vulnerability analysis enable an assessment of the "cyber health" of your IT.

 

Versions

The vulnerability assessment of the IT infrastructure can be carried out from different perspectives:

    1. External analysis: From the perspective of an attacker on the Internet.
    2. Internal, non-authenticated analysis: From the perspective of an attacker inside your network. This corresponds, for example, to the scenario where an attacker has already gained access to your internal network.
    3. Internal authenticated analysis: From the perspective of an attacker with valid authentication information. This corresponds to the scenario where an attacker has already gained access to your network, obtained valid authentication information and is now trying to spread to surrounding systems.

 

Conducting the vulnerability analysis provides revealing information about the security level of the IT systems audited. The compiled results enable a statement to be made about the organisation's vulnerability to network- and system-based attacks. The audit covers the following areas, among others:

    • Host discovery within the audited network segments
    • Identification of open ports, accessible network services, deployed service and operating system versions
    • Presence of essential security settings for network services
    • Network-based analysis of the IT systems: Test of the identified network services and operating systems for existing attack vectors
Assessment of the security of the network protocols and the strength of the encryption used (e.g. TLS, SSH, SMB, NTLM, etc.).

 

Your added value

After the vulnerability analysis, we provide you with a report that explains the identified opportunities for improvement, prioritises them according to criticality and recommends measures for their elimination. In doing so, we make a point of recommending not only selective but also holistic measures to you.

Niklaus-Manser

Niklaus Manser
Head of
IT Security Consulting

Request
 

 

Non-binding enquiry

 

Of course 100% confidential, free and non-binding!