Contact Support

If you are an existing client to get support call us on:

+44 (0)1483 412 042

OR

Login to the portal

Support portal

If you've been given a 6-digit support code

click here

Not an existing customer?

Contact us

How to Perform A Vulnerability Assessment

What is a vulnerability assessment?

Vulnerability assessments are an essential part in understanding the strengths and limits of your business’s cybersecurity. Performing a vulnerability assessment makes use of automated testing tools to identify threats and risks. Once complete, the results of the assessment are compiled into a report, along with recommendations for improving your security.

Organisations of any size face the risk of a cyber-attack. Small businesses in the UK are hacked every 19 seconds, at an average cost to SMEs of £25,700 in aftermath clear up. Fortunately, a comprehensive vulnerability assessment can help companies just like yours improve the security of their systems.

The importance of vulnerability assessments

The most important thing a vulnerability assessment gives you is clarity. A vulnerability assessment provides  you with a clear picture of your IT’s defences, while providing a roadmap for how to assess the risks associated with any weaknesses and potential threats.

At the end of the assessment, you will have a better understanding of your IT assets, security flaws and potential risks. Armed with this understanding, you can reduce the likelihood that a cybercriminal will breach your systems and catch you off guard. You can have all the gates to your castle covered before invaders ever start attacking.

It’s important that you undertake vulnerability testing on a regular basis to ensure the security of their networks. Especially when changes are made to your system, such as when you introduce new services or install new equipment.

Perform your own vulnerability assessment

If you want to do a vulnerability assessment on your system, follow these steps:

1. Identify and understand the way your business is organised and operates

The first step is in understanding how your business works, how people manage data and the relationships between departments. This will help you understand issues like privacy, accessibility and compliance within your business sector.

Once you have a true understanding of how your stakeholders use your IT infrastructure, establish goals for your assessment. What do you need to know? What do you need to protect?

2. Perform an asset assessment

Identify the assets and define the risk and critical value for each device on your network. For each device, apply a level of risk based on its vulnerability and business impact. Then, detail countermeasures and mitigation practices and policies in the event of a breach.

Gather a list of approved drivers and software installed on each device and log the basic configuration of each device.

3. Identify potential access points

In addition to your list of assets, consider other potential access points, including your WiFi and any cloud-based access. If your company opts for a Bring Your Own Device policy, consider the potential for smartphones and tablets that aren’t on your list.

4. Review your security measures

Assess the capabilities of your current security measures. Your network protection may already include defences like firewalls, virus detection, VPNs, disaster recovery and encryption.

These steps will help you establish a baseline against which to judge your assessment. Once you have a baseline established, you should know what you have, where your access points are and, most importantly, what information is accessible and what isn’t.

5. Perform the vulnerability scan

Using your vulnerability scanning tools, examine the systems you want to assess. How long this takes will be determined by the tools you use and the scale of your infrastructure. Once you have completed your scan, collate the data and refer back to your baseline.

6. Pull your assessment together

The most important part of your vulnerability assessment is the report. This will help create the roadmap you need to make your business safer. To get real value from the final report, add recommendations based on your initial assessment goals.

Based on your scan, you should be able to identify clear issues. Detail them like so:

  • The name of vulnerability
  • The date of discovery
  • The level of risk (high, medium, low)
  • A detailed description of the vulnerability
  • Details regarding the affected systems
  • A demonstration of the vulnerability
  • Details of how the vulnerability could be corrected

Armed with this basic list, you will be able to see your vulnerabilities, as well as a means to correct them. This in turn will help push your business to becoming a safer, more secure operation.

If you’re looking for help understanding the vulnerabilities in your business, get in touch with us. Our friendly team can help guide you through the risks in easy, jargon-free language.

Vulnerability assessments vs. penetration tests

A vulnerability assessment aims to uncover vulnerabilities in a network and recommend the appropriate mitigation or remediation to reduce or remove the risks.

Penetration testing is different. Unlike vulnerability assessments, penetration testing is more invasive (as the name suggests). Penetration tests are all about identifying vulnerabilities in a network and trying to exploit them. The goal of a penetration test is to check whether a vulnerability really exists and to prove that exploiting it can damage the application or network.

A vulnerability assessment often uses automated network security scanning tools. The data is collated into a report, which focuses on providing businesses with a list of vulnerabilities that need to be fixed.

While a vulnerability assessment is usually automated to cover a wide variety of unpatched vulnerabilities, penetration testing generally combines automated and manual techniques to help testers delve further into the vulnerabilities and exploit them to gain access to the network in a controlled environment.

A penetration test targets and exposes specific vulnerabilities, while a vulnerability assessment provides a road map for improvements across your entire IT infrastructure.

Types of vulnerability assessments

Vulnerability assessments are different, depending on your unique system or network vulnerabilities. Some of the different types of vulnerability assessment scans include:

  • Network Scans
  • Hosting Assessments
  • WiFi Scans
  • Application Scans
  • Database Vulnerability Assessments

Network-based scans are used to identify network security attacks. This type of scan can also detect vulnerable systems on wired or wireless networks. To identify server-based vulnerabilities, host-based assessments locate and identify server, workstation or other network host vulnerabilities.

64% of people believe that their data is safe on WiFi networks. Wireless network scans put that to the test. In addition to identifying rogue access points (places where hackers can easily get onto your system), a wireless network scan can also validate the secure configuration of your WiFi.

Application scans can be used to test your company websites to detect software vulnerabilities and erroneous configurations in network or web applications. Finally, database scans can be used to identify the weak points in a database so as to prevent malicious attacks, such as SQL injection attacks.

A comprehensive vulnerability assessment  will cover all aspects of your IT infrastructure in order to give you the best possible picture.

Speak to us today
Registration No. 26980136
Terms and Conditions | Privacy Notice
Richard Renson
Richard Renson
16:54 10 Dec 18
Great, helpful IT Kings and Queens
Andrew Worth
Andrew Worth
12:37 30 Aug 18
fine bunch
Colin Warner
Colin Warner
08:46 06 Dec 17
Excellent managed service provider.
Selom B
Selom B
11:58 10 Dec 16
First Class!! Responsive, knowledgeable, professional and very easy to work with - Ramsac have been a fantastic strategic IT partner for the last few years and I'm sure will continue to be for many years going forward. I would highly recommend them!
Ian Windle - Inspiring Leadership
Ian Windle - Inspiring Leadership
08:53 04 Jul 16
Great IT business, with a powerful management team. Could not recommend them more highly.
Patrick O'Luanaigh
Patrick O'Luanaigh
10:55 01 Jul 16
A truly fantastic IT support company - I can't speak highly enough about them.
Sarah Whitemore
Sarah Whitemore
11:59 20 Jun 16
I have known Dan May and Ramsac for 5 or 6 years now. Dan is such a great guy and really helpful with strategic advice and input on all things IT. He's so approachable and doesn't baffle you with IT jargon. If you are looking to outsource your IT or you have a problem you need help with Dan is definitely the one to ask.
Jonathan Richards
Jonathan Richards
12:14 31 May 16
I've worked with Ramsac for many years and whole heartedly recommend their services. They are always professional, approachable and have the rare skill of making IT understandable. Their can do attitude leaves you feeling that you are in safe hands.
See All Reviews
© 2019 ramsac. All rights reserved.