InfoSec Advisors’ Security Vulnerability Scanning service looks at your network from the “INSIDE” as a network administrator or system administrator would see it. We identify security vulnerabilities that may put your network at risk. You want want to engage us for a variety of reasons:

•  You want the “peace of mind” that comes from having an objective third party to look at your network and confirm that your information security policy has been properly implemented.
•  You’ve had an internal accident where an employee made a mistake that resulted in a security breach.
•  You have an upcoming regulatory compliance audit and you want to make certain you are prepared for it.

Many of our clients use our service to audit the security profiles of their networks in the same way that they engage independent financial auditors to examine their financial auditors. The results of these audits can be used to confirm your compliance with legal and financial regulations.

Engagement Objectives

•  Run network scanning tools from multiple remote locations to identify your security vulnerabilities.
•  Identify open ports on servers that could be exploited to attack your network.
•  Identify servers running services that are not needed for specific business purposes.
•  Identify website applications that could be attacked to compromise your network.
•  Prepare recommendations designed to eliminate or mitigate the risks posed by identified security vulnerabilities.

Benefits

•  Bring servers up-to-date with software patches, security updates and service packs
•  Identify improperly managed passwords
•  Secure remote access services
•  Identify servers running questionable services
•  Pinpoint shared hard drives that are not properly secured
• Provide recommendations to eliminate or mitigate the identified security risks

Most Frequently Asked Questions

How do I engage InfoSec Advisors to help me with security vulnerability scanning?

When you contact us about security vulnerability scanning, one of our security consultants will meet with you to identify and understand your requirements. We will draft a statement of work that accurately describes the work to be done. It will include a timeline and the cost for performing the work. Our consultant will review the statement of work with you to confirm that it accurately describes the work to be done.  After it is signed by both parties, the work is scheduled.

How often should vulnerability scanning be done on my network?

Most corporate networks are constantly changing to keep up with the requirements of users in the business units who need the network to perform their jobs. To ensure that a high network security profile is maintained, security industry best practices suggest that vulnerability scanning should be performed at least annually or any time after a significant change is made to the network infrastructure.

How are the security vulnerability scans run?

An appliance, similar to a personal computer, is configured with a collection of scanning tools and delivered to your designated site. We connect it to your network. After the appliance is given appropriate access rights, it is controlled remotely through an Internet connection and network scans are initiated through a remote console. Data collected by the scanning tools is encrypted and transmitted to a secure server in our data center. The data is held there for the duration of the assessment, then destroyed to ensure that it is not compromised.

How intrusive are the security vulnerability scans?

The scans are not intrusive at all. They can be run from a remote location so there is no need for our network engineers or security consultants to come to your site. Or, if you prefer, they can be run by our professionals from your site. If your network is being monitored, your systems should alert you of our scanning activity.

Will the vulnerability scans disrupt the normal operation of my network?

No. Our vulnerability scans will not have a negative impact on your network performance. If you have concerns, we can schedule the scans to run after normal business hours.

What will the vulnerability scans tell me about my network?

Our scans identify security vulnerabilities that could be exploited by a hacker or a person with malicious intent to attack your network. We will identify missing software patches, security updates and service packs. Our experts will correlate security vulnerabilities with known security breaches and will present recommendations to eliminate or mitigate them.