An Effective Vulnerability Assessment Approach

Organisations are most likely to fall victim to automated, indiscriminate attacks which use known vulnerabilities to compromise an environment. Patching, remediating and mitigating the right vulnerabilities at the right time is critical to an organisation’s overall security strategy.

An effective vulnerability prioritisation program will ensure that required patching will progress in an automated and systematic approach to ensure continuous coverage within an organisation.

Ideally an organisation should be able to address critical vulnerabilities within 24 hours. Although in a real world this is sometimes a stretch for organisations, it should be noted that organisational risk reaches moderate levels when a vulnerability remains in an environment for one week and becomes high when it remains within a critical system for a month or longer.

Secure ISS Vulnerability Assessment Process

Scan: We review your IT environment and identify vulnerabilities associated with a range of IT assets, including operating systems, network devices, databases and applications. We can either perform an unauthenticated scan (reviewing everything a potential attacker would see) or an authenticated scan (using your security credentials to go ‘behind the scenes’ for a much deeper assessment).

Report: We provide a detailed report outlining each vulnerability, the vulnerable host(s), operating system weaknesses, level of security risk for each vulnerability, a description of the vulnerability and our recommendations for remediation.

Action: We can then work with you to take the most appropriate course of action for any vulnerabilities highlighted in your report.

Starting from $1,000 + GST*

Assessment Form

  • The following networks are in scope for the Vulnerability Assessment scanning activities:
  • All networks are out of scope unless detailed in the section above. In addition to these out of scope networks, the following IP addresses will be excluded from any scanning activities:
  • The following subnets will be tested from external sources:
  • Scans will be confined to the following schedule: