SME, Inc.

By

Vulnerability Assessment

What is a Vulnerability Assessment?

A vulnerability assessment is a systematic process intended to assist in the identification, classification, and prioritization of risks, potential threats, and vulnerabilities in computer systems, networks, hardware, applications, and other parts of your I.T. infrastructure. Vulnerability assessments are essential in order to locate the systems that may be susceptible to any known vulnerabilities, assign severity levels to those vulnerabilities, and then recommends possible remediation or mitigation techniques.

Types of vulnerability Assessments

There are several different types of vulnerability assessments that can be performed in order to strengthen your IT systems and infrastructure:

  • Host based Assessment – used in order to identify vulnerabilities in servers, workstations and other networked hosts. This type of scan offers greater visibility into the configuration settings and patch history of the canned systems.
  • Network and Wireless Assessment – identifies polices and practices to prevent unauthorized access to private or public networks, and networked resources.
  • Database Assessment – database and big data systems are evaluated for weak points, misconfigurations, identifying insecure dev or test environments, and classifying sensitive data across an organizations IT systems and infrastructure in order to prevent malicious attacks.
  • Application Assessment – used to identify security vulnerabilities and misconfigurations in software, and web application front-ends source code.

Threats that can be prevented by vulnerability assessment

Some examples of the types of threats that can be mitigated by a vulnerability assessment:

  • Code Injection Attacks (SQL Injection, XSS attacks)
  • Insecure, faulty authentication mechanisms
  • Possible privilege escalation
  • Factory defaults, most software and hardware ships with insecure default settings, such as admin passwords that are easily discoverable online.

2019 saw the highest number of Ransomware attacks ever, according to the Emsisoft report. The ransomware attacks at least 966 government agencies, educational establishments and healthcare providers. To be more specific:
– 113 state and municipal governments and agencies
– 764 healthcare providers
– 89 universities, colleges and school districts.
This means that up to 1,233 individual schools were affected.

Source: https://www.cpomagazine.com/cyber-security/ransomware-costs-in-2019/

Do I need a vulnerability assessment?

Ransomware, data breaches, phishing, covid-19 scams, as technology changes, so do the tactics, techniques, and procedures of the hackers. The threat landscape is constantly changing along with the pace of technology itself. The threats and risks of 2019 may not be the same ones we’ve seen thus far in 2020, or the ones we will see in the upcoming year.

With more than 5 billion records compromised in 2019, breaches cost US organizations more than $1.2 trillion

Source: https://www.techrepublic.com/article/data-breaches-cost-us-companies-more-than-1-2-trillion-lastyear/#:~:text=With%20more%20than%205%20billion,organizations%20more%20than%20%241.2%20trillion. 20more%20than%205%20billion,organizations%20more%20than%20%241.2%20trillion
  • Average ransomware fees paid out in 2019 was $111,605; with 205,280 organization being affected by ransomware in 2019.
  • Increased risks, threats, vulnerabilities, and exploits and being discovered and targeted by hackers every day.
  • Without an assessment, IT Management, and stakeholders are left guessing as to how to best spend budgeted resources. IT budgets are limited, knowing which assets to protect ensures that focus can be put on protecting the most business-critical systems.
  • Many government contractors are required to have a vulnerability assessment done in order to stay within compliance of government regulation.

How often do I need a vulnerability assessment?

Many are under the impression that a vulnerability assessment should be done annually, however a vulnerability assessment is only a snapshot of that specific time period and leaves the next 365 days until the next vulnerability assessment without any knowledge of new vulnerabilities that may exist internally or externally.

The threat landscape is continuously changing, with new treats appearing almost daily. Continuous vulnerability assessments are crucial in order to fully keep systems as secure as possible.

Here at SME, we provide all types of comprehensive vulnerability assessments, and vulnerability management depending on your needs. These assessments range from annual, quarterly, monthly, and continuous vulnerability management. Our services can be tailored to your needs, or budget!

To find out more about our vulnerability assessment and vulnerability management services, or any other IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

Recent Post

Government contractors play a critical role in supporting various agencies and handling sensitive information. To … More »

What Our Clients Say

"SME handles all of our internet hosting needs, providing a reliable, high-performance, secure and cost-effective platform for us to host web-based systems for biotech companies. We have been consistently impressed with the responsive, knowledgeable and professional service we receive."