Skip to main content

Vulnerability Assessment

Scanning your network and systems for vulnerabilities which an attacker might use against you. 

The Vulnerability Assessment is one of the most common cyber security checks undertaken on systems and networks. They enable you to check your systems and identify ways which an attacker might use to break into your network.

A Vulnerability Assessment or Scan is a (mostly) automated test of computer systems which looks for vulnerabilities. Unlike a Penetration Test, it does not try to exploit any vulnerabilities found. Instead, it just reports on them. As they are mostly automated, many systems can be checked at a time, this makes Vulnerability Assessments extremely cost-effective.

We offer numerous vulnerability assessment (VA) services, whether just a one-off adhoc VA, or regular VAs as a managed service and then delving into more specialised VAs such as Web Application testing.

We offer comprehensive vulnerability assessments of your chosen environment to cover a multitude of common threats. Our scans are usually credentialed, which means that they not only look at what your systems are presenting to the outside world, but they also log onto each system and run thorough checks to identify any known issues and to check that the systems comply with a number of cyber security standards. To do this manually would take hours per host, however, our automated scans undertake the checks in a fraction of the time and without the risk of human error.

Vulnerability Assessment

For our adhoc vulnerability scans, choose from our 'Raw,' 'Lite Touch,' and 'Fully Analysed' service packages to find a competitively priced service level to meet your specific needs.

Raw: You receive the results directly from the scanning tool and have to interpret them yourselves, a level of cyber security expertise is required on your part.

Lite Touch: Our experts will go through the report and provide an overview of the findings, a level of IT knowledge is required on your part.

Fully Analysed: Our analysts will review the output and work with you to prioritise the results and any remediation which might be required.

Managed Vulnerability Assessment

A vulnerability assessment or penetration test will provide you with a snapshot of the vulnerabilities you are exposed to at the time the test was undertaken. If a new vulnerability is released or your equipment is misconfigured after the test, you will be exposed until your next test is performed. If your tests are only scheduled annually, this window of exposure could be extensive. Our Managed Vulnerability Assessment Service are usually performed weekly or monthly and will greatly reduce this exposure.

An extension to our service is the use of Vulnerability Assessment agents which can be installed on hosts and provide near real-time visibility of arising vulnerabilities. This is especially popular with clients who have remote or homeworking staff.

Web Application Scanning

Many websites now include interactive content which enables the visitor and the website host to derive maximum benefit from the visit through dynamic content. This is often achieved through the medium of a Website Application which runs in the browser that the visitor is using. In order to achieve the desired benefit, the Web App is given access to the backend of the website and, if this isn't handled correctly, could be exploited by an attacker. 

Our Webite Application Scanning (WAS) service utilises industry-leading tools to scan your web apps for vulnerabilities that hackers could leverage against you. The output is a report detailing any findings along with recommendations on how to remediate any issues that were found.

Our Managed Web App Scanning Service will check your web app monthly, or more regular if you prefer.

Cyber Profile Assessment

Have you ever considered what information you are inadvertently exposing online about you or your organisation, which could be exploited by an attacker? CND's Cyber Profile Assessment is a health check of your online presence, combining several cyber security checks into a one-day, thorough evaluation. We check how your business and your staff may look to an attacker and search for any weak spots. The output is a report detailing any findings and also recommending what could be done to rectify any problems found.

Our GCHQ trained Open Source Intelligence consultants will conduct external non-credentialed Vulnerability Assessments and Website Application Scanning of your website and boundary IP address and will search for hidden metadata which might have been inadvertently disclosed.

Our analysts will also examine your organisation's online presence for data leakage and risk. This will be performed not only on the "normal" Internet but also the Deep and Dark Web which isn't as accessible. Finally, a domain level search for any email addresses which have been exposed in public breaches will be undertaken.