A vulnerability assessment reviews the configuration of a computer or group of computers to identify known vulnerabilities. Using industry-standard tools, a trained auditor reviews each machine, identifying all the services offered by the computer. He or she will then recommend changes wherever a vulnerability is discovered. For Internet visible computers, an assessment can be performed without traveling to your site. For internal systems, a consultant can visit your facility and review the state of computers that are not visible to the Internet.

Your vulnerability assessment can be a part of a more comprehensive security audit. ESTec has experience reviewing systems with widely ranging sensitivities, ranging from Internet Banking to e-commerce to proprietary internal systems.

Sample Case

Customer: A Mutual Fund Internet Sales Site
Services: Vulnerability Audit
Problem: Management wanted a third party review of the internet sales site before opening it to customers, since some of the computers were not visible to the internet, the review was done on-site.
Solution: An ESTec consultant was dispatched and performed on-site vulnerability reviews of all systems, internal and external, that would be involved in internet sales.
Results: Numerous vulnerabilities were discovered, some visible to the Internet. Patches were identified, and applied, unnecessary services were removed from the machines. After the changes were made, a second vulnerability assessment was performed to demonstrate that all of the known vulnerabilities had been identified and fixed. Management approved the project for release to its new internet clients.