Vulnerability Assessment

This week we discussed the listing of information technology assets with the purpose of prioritizing them.  This helps with the taking threat and vulnerability assessments and generating the risk analysis.  In doing so, I found an interesting company matching our topic of discussion this week. 


USA.NET, a Perimeter e-Security Company informs their future clientele with the following information on vulnerbilities:

Vulnerability Assessments are critical components of an organization's network security policy. With new vulnerabilities created daily, it's important that an organization keeps an updated view of its current security posture. Vulnerability Assessments have become such a standard best practice that many regulatory bodies strongly recommend or require institutions to have a policy that includes them. The PCI Security Council, publisher of the PCI-DSS set of requirements, is among these bodies now requiring organizations to perform assessments at least quarterly. With so many reasons to scan, it makes sense to consolidate all these scans inside one easily accessible location that includes scan scheduling, report review, and remediation recommendations. (USA.NET. 2012)

They then discuss the three types of scanning devices they are able to provide to help with this:

• External - this vulnerability assessment utilizes Perimeter's cloud-based scanners to perform scans on your externally facing devices. Performing scans from this perspective helps you understand what an individual trying to break into your network sees. The same web-based portal is included for easy service management and reporting with this service as is included in the Internal service. (USA.NET. 2012)

• Internal - this assessment performs scan from inside your network, revealing vulnerabilities that an individual would see once they are past the edge devices. The same web-based portal is included for easy service management and reporting with this service as is included in the External service. Scanner software is provided to you with this service that can be installed on a dedicated device or virtual machine, or can be loaded as needed on a shared device.(USA.NET. 2012)

• PCI- this external scan is customized to include the required Statement of Attestation and Self-Assessment Questionnaire mandated by the PCI-DSS set of requirements.. In addition to the management and reporting portal, this option provides additional reporting options including an overview of your PCI compliance status and more insight into any areas that are currently out of compliance. (USA.NET. 2012)

The information security of the organization is rests with its vulnerabilities and how they are handles. It is very important that threat and vulnerability assessments are thoroughly detailed and that risk analyses receive the appropriate amount of senior leaders' time and attention. We discuss so much that IT teams should be scrubbing the system for vulnerabilities and while that is true, companies like USA.NET are available to assist organizations with their vulnerabilities.

Cited:
USA.NET. (2012). Perimeter e-Security Company: Vulnerability Assets. Retrieved at: http://www.perimeterusa.com/services/network-security/vulnerability-assessments/