Infrastructure Vulnerability Assessment
Cyber Intelligence
DESCRIPTION:
The vulnerability assessment service is designed to identify, quantify, and evaluate the risk level of weaknesses in the infrastructure before they are discovered by a potential attacker. By using automated tools and manual techniques, it can identify insecure configurations, missing security patches, end-of-support versions, and systems with multiple vulnerabilities, among others. This service provides "CLIENTE" with information on the risk level of each identified vulnerability, along with recommendations to mitigate them. This enables better decision-making when prioritizing or executing a Vulnerability Management plan, with the goal of reducing the organization’s exposure to an attack. The service is delivered from a gray-box perspective: scans are performed from a node within the internal network or through VPN access. Discovery can be performed, or specific network segments can be assigned for validation.
DELIVERABLES:
Executive summary (executive presentation):
• Scope of the analysis
• Summary of findings by risk level
• Most vulnerable assets
• Root-cause recommendations
Vulnerability matrix:
• CVE related to the vulnerability (when applicable)
• Risk classification
• Vulnerable asset
• Vulnerable service
• Vulnerability
• Vulnerability description
• Mitigation recommendation
CODE
AVI
BUSINESS LINE
Cibersecurity
CATEGORY
Cyber Intelligence
RESPONSIBLE:
Eduardo Salmerón
METHODOLOGY:
Penetration Testing Methodology
SCOPE:
The service includes security assessment of technology assets by IP address
EXECUTION TIME
Withoutcredentials:
• From 01 to 50 assets – 04 business days
• From 51 to 100 assets – 08 business days
• From 101 to 150 assets – 12 business days
With credentials:
• From 01 to 50 assets – 06 business days
• From 51 to 100 assets – 12 business days
• From 101 to 150 assets – 18 business days