VULNERABILITY SCANNING & PENETRATION TESTS
Use vulnerability scanning and penetration testing to keep your systems secure
In an increasingly uncertain world that is relying more on communication and information, organisations need to be more careful than ever that their cybersecurity is up to the task of protecting their assets and also their customers, suppliers and the general public.
Vulnerability scanning solutions allow organisations to determine if they have any security risks in their infrastructure setup. For instance, this may be a configuration error in a certain application or could be a known vulnerability in an unpatched device. Scans can be conducted regularly and after changes are made, to reduce vulnerabilities, they are generally none intrusive.
Penetration testing can be performed either external from outside the organisation’s network or inside the network. Once the vulnerability has been identified the penetration tester tries to exploit that vulnerability to see what the risk may be. It is this exploitation by a person that differentiates Penetration tests from vulnerability scans. Many auditors require a penetration test for their assessment.
Different Types of Vulnerability and Penetration Testing
External Vulnerability Scanning
Nearly all organisations will have at least one internet connection, with the rise of cloud services and remote access we are relying more and more on being connected online. This does, however open the door to security threats and hackers.
Apstorms external vulnerability scanning services find vulnerabilities in public facing services and network devices to see where the system could be exploited and threatened. The work is done by a trained security consultant that uses a methodology and produces a report so the business can rectify any issues.
External Penetration Testing
External penetration testing takes vulnerability to the next level. A penetration test looks for the flaws in systems like a vulnerability scan, but a highly trained penetration tester will then look to exploit the vulnerability using a number of different techniques, the same way a hacker would work, however, using a prescribed methodology and with agreed permissions and boundaries in place as not to disrupt the organisation being tested.
Internal Penetration Testing
Internal penetration testing is designed to emulate the risk of an attacker that is inside the network, either accessing through the WIFI siting outside the building, or like a malicious insider working around the network to see what they can take and if they can elevate their privileges to get in to systems that are off limits.
Download the Datasheet
Apstorm also provides Web Application Security Testing for any public-facing web servers.
If you are looking for Cyber Essentials or Cyber Essentials Plus, we can also offer those services, please get in touch.