Your business might need a Vulnerability Assessment, starting with a scan, for several reasons. Here, we explain what it is and why it needs to be managed.
Watch our video to learn all about Vulnerability Assessment and/or read on below!
Why would my business need a Vulnerability Assessment?
- You are certified to a cyber security standard (like Cyber Essentials).
- You are in a heavily regulated sector such as defence.
- For engineering or energy firms with lots of complex equipment, regular scans are essential.
- Your cyber insurers may require it.
Ultimately, understanding your cyber risk is an important part of keeping your company safe!
What are vulnerabilities?
All modern software has the potential to contain both defects in the code and configuration issues that can become cybersecurity risks if they are discovered and able to be exploited by cyber criminals.
This software can be running on your computer – but also on servers, network devices, storage systems and any smart device. The defects and configuration issues are known as vulnerabilities.
As vulnerabilities are discovered, they are published to public databases and ‘fixes’ developed to address them – these usually take the form of software or firmware updates (known as patches). Of course, once the software companies are aware of the vulnerabilities, so are cyber criminals. In fact, the criminals are often ahead of the software companies in identifying them – these are known as ‘zero day vulnerabilities’.
What is a Vulnerability Assessment and why does it need to be managed?
In order to reduce the risk of a breach of your IT systems, these vulnerabilities need to be:
- Identified so they can be assessed.
- Prioritised so the biggest risks can be addressed first.
- Remediated – as budget and resource can be made available to do it.
How Vulnerability Assessment works
Vulnerability Management
Assess – we start with a Vulnerability Scan
Our advanced vulnerability scanning software is deployed to your workstations and servers and, through continuous scanning, builds up a picture of any vulnerabilities present in your network. It categorises them using the industry standard Common Vulnerability Scoring System (CVSS) scores.
Triage
Our team of experts review any vulnerabilities discovered and prioritises them based on the usage of the networks in which they were identified, any mitigation already in place and likely risks for your business.
Report
We provide an executive summary to explain the key findings from the assessment which explains the impact, priority and steps to remediate the vulnerability. If you have an IT systems management contract with Pro Drive, we will also identify which fixes are covered on the contract and schedule them for remediation accordingly.
Remediate
We agree with you a remediation plan based on the vulnerability report and your available budget to address them. We then implement any updates or configuration changes required to address the vulnerabilities in the timeframe agreed.
What do we scan?
Our scanning software scans all computers on the network including Windows, Linux and Apple devices along with your other network devices for vulnerabilities. In addition to your internal network we also scan any internet-facing systems such as firewalls.
Finally, we identify any hidden devices or software on your network which may increase your risk.
How often do you carry out Vulnerability Assessment?
A typical vulnerability management plan involves multiple cycles per annum – the National Cyber Security Centre recommends monthly scans but decisions on frequency are normally made based on budget.
Take action to strengthen your cybersecurity. Contact us about Vulnerability Assessment now on the form below.