Vulnerability & risk scans

For optimum cyber security, availability and compliance

There are two kind of vulnerability and risk scans: organizational and technical.

The organizational part is about threats and risks around business continuity; part of which is a recovery plan, security incidents and their response processes. The technical part is related to the supporting activities like backup and disaster recovery, automated vulnerability scans and pen-testing.

With this in mind we work with 3 type of vulnerability and risk scans:

      • Essential
      • Standard
      • ZeroRisk

All scans are available as a one-off and customer friendly, flexible subscriptions. Where subscriptions vary from a guided DIY (i.e. Do IT Youself) to a full managed service.

1. Essential scans

The Essential scans investigate which doors are open and the chances of a “successful” burglary. We do this by knocking digitally at every door. If there is an answer, we ask who is present and what function everyone has.

Expressed in technical terms: via an automated scan we test all 65535 TCP ports for establishing a connection. If this is successful, the device is queried for software functions and version numbers.

In addition, the chance of success with a targeted attack is examined. We do this by researching things with the hacker perspective into:

  • Access to the company website via DNS and certificates.
  • Easy to execute attack scenarios; for example with fake invoices.
  • Publicly available personal and company information.

The aim of this part of the research is to determine to what extent visitors and e-mail can easily be redirected to a rogue website and dito mail server.

2. Standard scans

With the Standard scans, the Essential scans are completed with the following options:

  • Relevant Essential scans are now also executed on the internal network.
  • Advanced Black/Grey/White-box pentest scenario’s (where needed).
  • Map and scan of all inbound and outbound network/application traffic.

The purpose of the Standard scans is providing insight into the digital footprint of an organization; including available personal and company data should an intruder gain access through one of the user accounts.

3. ZeroRisk scans

The ZeroRisk scans take the Standard scans as a starting point. This is complemented by organizational aspects.

The goal is identifying low-hanging fruit based on relevant governance frameworks like BIO (Dutch), NIS2, ISO27001 and GDPR. This includes things like:

  • social engineering,
  • various forms of access controls and
  • disaster recovery plans.

Afterwards you know where your vulnerabilities and risks are; both organizational and technically. This can be made more tangible by running our Cyber Crisis Simulation.

A more then essential part of a safe, digital workplace with a healthy balance between risks and controls.

ITV360: best-practices and cost-effective

Interested?

Contact us and we are happy to explain how we work.