CONTACT
CONTACT
RISK AND HIGH VALUE ASSET VULNERABILITY ASSESSMENTS
OUR BATTLE-TESTED STRATEGY
SparkC utilizes automated tools, visual observation and technical expertise to identify the accessibility from the general computing environment/infrastructure of a key process control environment at client locations. The goal of the External and Internal Vulnerability Assessment is to identify security risks and vulnerabilities that may exist in our clients external and internal network and systems, evaluate the risk associated with any identified vulnerabilities, and to develop strategies and recommendations to resolve these vulnerabilities/issues to reduce risk to an acceptable level.
This vulnerability assessment will evaluate MC’s publicly accessible (Internet) resources and access points supporting ingress and egress access to the Internet.
Specific goals of external assessment are:
-
Identify external points of access to the MC networks
-
Identify vulnerabilities in the externally accessible systems
-
Identify potential vulnerabilities in the network access controls, firewalls, routers, and the designed network topology, even if they do not immediately provide access the Internal Network
-
Determine, though analysis, if it might be possible to compromise the identified vulnerabilities and the network design and topology to gain access to the internal network from the Internet
SCANNING FOR UNSEEN VULNERABILITIES
The assessment will be accomplished across the Internet from our internal offices/test labs which are protected from intrusion by a combination of firewalls, router filters, and systems level controls, such as host-level firewalls with intrusion detection and encrypted logins. Vulnerabilities of multiple components will be combined with the gateway architecture to determine if multiple minor weaknesses could be combined to provide stepping stones to create a much greater risk of intrusion.
Though the specific tests vary, based on the topology and exposed systems making up a gateway network, the overall methodology is described in the paragraph below:
-
Information Gathering and Research
-
Passive Information Gathering
-
Active Network and System Services Discovery
-
Vulnerability assessment of Exposed Systems
-
Vulnerable Versions of Software
-
Anonymous Access
-
Weak Protocols
-
Manual Vulnerability Validation
-
Penetration of Gateway Network
-
Initial penetration of Exposed Systems
-
Administrative Access of Compromised Systems
-
Expanding the Scope of Access
![AdobeStock_488978998 [Converted].png](https://static.wixstatic.com/media/d8c6d1_cd65cbd3207f4ca19afcd6b898ff937a~mv2.png/v1/fill/w_465,h_327,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/AdobeStock_488978998%20%5BConverted%5D.png)
The ultimate goal is to determine if the identified external vulnerabilities can be leveraged into access to critical assets of our clients. Our external and internal vulnerability assessment will evaluate customers internal accessible resources and access points to determine the ability to identify potential network service level vulnerabilities that may expose systems to elevated levels of risk, in the case of an external network perimeter breach, or through the occurrence of a malicious insider incident.
WE MEASURE & FILL IN THE GAPS.
![AdobeStock_455695925 [Converted].png](https://static.wixstatic.com/media/d8c6d1_f0a270382d4440ee9f9b8453764e0595~mv2.png/v1/fill/w_90,h_29,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_auto/AdobeStock_455695925%20%5BConverted%5D.png)
SparkC will request the latest scan results of our IT environment (if available) as standard procedure to begin measuring the state of the network through this assessment. Our analyst will probe identified active services to uncover data such as software versions and configurations information, such as available authentication types.
Once the information gathering phase is complete, SparkC will analyze data gathered in order to execute appropriate, controlled vulnerability scanning against identified in-scope systems. Vulnerabilities identified, generally fall into eight categories, as follows:
-
Authentication Functionality
-
Account Management
-
Service Level Software
-
Web Application
-
Core Operating System
-
Configuration Related Items
-
Network Level
-
Trust Domain
PARTNERING WITH INDUSTRY LEADERS.
To continually meet quality and service excellence, we collaborate with industry leaders to deliver the highest quality of cybersecurity management services.
.png)
![AdobeStock_87809351 [Converted].png](https://static.wixstatic.com/media/d8c6d1_ecfbbcf4de8c4b89b0c89f597d344f93~mv2.png/v1/fill/w_56,h_36,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_auto/AdobeStock_87809351%20%5BConverted%5D.png)
MULTI-LAYERED REPORTING
SparkC will deliver a multi-layered report that includes the following:
(1) Executive Summary
(2) Detailed Technical Improvements
(3) Continuous Improvement Recommendations
Based on our past experience, we provide various levels of reporting —including an executive summary, remediation, operational, and legacy reporting—that provides the full spectrum of solutions to maintaining improvements to clients network operations.
LATEST HIGHLIGHTS
Check out 2023 Qualyz TruRisk Research Report from the Qualys Threat Research Unit (TRU)
Vulnerability Prioritization vs. Patch
7 Critical Cloud Threats Facing
the Enterprise in 2023