Vulnerability Assessment

Ceitcon vulnerability assessment aims to identify security vulnerabilities in systems, quantify and analyze them, and remediate those vulnerabilities based on predefined risks.

Vulnerability Assessment

Ceitcon vulnerability assessment is a systematic review of security weaknesses in an organization information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.

Conduct Risk Identification and Analysis

In this step Ceitcon Team will start with identifying all assets that are a part of an information system in your company. With a complete list of all IT equipment, companies can start assigning risks to each asset in order to account for most situations that may arise.

Develop Vulnerability Scanning Policies and Procedures

Ceitcon aims at this step to build up a structured and successful scanning methodology. Ceitcon team will define policies and procedures in order to have a pre-determined course of action needed to be taken. These factors must include are the types of scans that will be conducted, the ways the scans will be performed, software solutions used, which vulnerabilities take precedence over others, and steps that need to be taken after the scan is complete.

Identify The Types of Vulnerability Scans

Ceitcon will offer the following types of vulnerability scans and will recommend the best type of scan to be performed in order to get the most benefits
• Network Vulnerability Scans
• Host Based Vulnerability Scans
• Wireless Based Vulnerability Scans
• Application Based Vulnerability Scans

Configure The Scan

Configuring the Scan shall consist of the following steps:
• Add A List of Target IPs: The IP addresses where the target systems are hosted need to be inputted into the vulnerability scanning software in order for a scan to be performed.
• Defining Port Range & Protocols: After adding the target IPs it is important to specify the port range you want to scan and which protocol you wish to use in the process.
• Defining the Targets: In this step, you need to specify if your target IPs are databases, windows servers, applications, wireless devices etc. By making your scan more specific, you will get more accurate results.
• Setting Up the Aggressiveness of The Scan, Time and Notifications: Defining how aggressive your scan will be can influence the performance of the devices you are going to scan.

Perform The Scan

This process shall consist of the following steps:
Scanning: In the scanning phase, the tool you are using will fingerprint the specified targets to gather basic information about them.
Enumeration: With this information, we will proceed to enumerate the targets and gather more detailed specifications such as ports and services that are up and running.
Vulnerability Detection: Finally, after determining the service versions and configuration of each target IP, the network vulnerability we will proceed to map out vulnerabilities in the targets.

Evaluate And Consider Possible Risks

In this step Ceitcon Team will evaluate risks associated with performing a vulnerability scan and scan shall be performed on critical systems and production systems with extra caution, and the scan should be performed after hours when the traffic to the target is minimal, in order to avoid overload.

Interpret The Scan Results

Ceitcon will assign a qualified staff member configuring, performing and analyzing the results of a vulnerability scan and team will prioritize remediation efforts accordingly.

Create a Remediation Process and Mitigation Plan

After interpreting the results, Ceitcon staff will prioritize the mitigation of each vulnerability detected and work with your IT staff in order to communicate mitigation actions. Ceitcon and your company IT Staff shall need to communicate and work closely together in the vulnerability mitigation phase in order to make the process successful and fast.
Follow-up scans will be performed during the back and forth problem-solving between teams until all vulnerabilities that need to be mitigated no longer appear in the reports.