Network vulnerability scanning provides companies with the opportunity to identify active IP addresses and scan them using industry-leading tools with the ultimate goal of discovering vulnerabilities in both internal and external networks—affordably.
All of our network vulnerability scans and assessments go beyond international standards – such as NIST – and your test will come with a detailed final report.
Your detailed final report will include an executive summary, a listing of risk ratings and remediation recommendations. A letter of accreditation can be provided upon your request.
Throughout the network vulnerability scanning and assessment process, comprehensive automated testing will be used to identify as many network related vulnerabilities as possible.
Identify Documented Vulnerabilities and Exposures
One of the most significant challenges in securing business environments is having the knowledge required to identify vulnerabilities, prioritize which are the greatest threats posed to your environment, and then remediate any discovered vulnerabilities.
This is where EHS vulnerability scanning services come into play.
Our industry-leading scanning tools enable you to perform an in-depth scan of all external and internal systems for vulnerability identification and verification.
A vulnerability assessment can verify the findings and ensure they are accurate, removing false positives.
The dynamic nature of today’s cloud and on-premise network environments requires persistent vulnerability scanning to defend against the evolving threat landscape and innovative malicious hackers. EHS network vulnerability scanning services allow you to accurately scan your network, servers, and desktops for security vulnerabilities with the overarching goal of improving your security posture and remediating network vulnerabilities with confidence.
The planning phase of the network vulnerability scanning and/or network vulnerability assessment process includes communicating about on- and off-limit IPs, peers, and systems, otherwise known as scoping, and the overall timeline of the network vulnerability scan or network vulnerability assessment.
Host discovery is the first official stage of the network vulnerability scanning and/or assessment process. At EHS, we utilize active scanning and agent scanning to interactively communicate with targets on the network. These methods are designed to craft and send packets to remote hosts—and detect active IP addresses or “live hosts”. During the host discovery phase, servers, appliances, and other devices on the network are identified.
Following host discovery, service enumeration is performed, where identification of open ports and services available to each discovered system, such as mail and web servers, is performed. Essentially, service enumeration is the process of extracting machine names, network resources, and other services from a system. All information gathered during this phase is used to identify the vulnerabilities during the network scanning phase.
During this core phase of the network vulnerability scanning and/or assessment process, EHS performs a port scan to determine what services are running on each active device. This helps determine what types of vulnerability checks to run against a particular port. Following the port scan, all live hosts are scanned with an industry-leading tool to identify vulnerabilities such as missed patches, server misconfigurations, and risky services. Note that vulnerability scanning performs a high-level look of known vulnerabilities, but does not constitute any exploits or intensive verification.
All vulnerabilities are ranked and identified using the Common Vulnerabilities and Exposures (CVE) dictionary and Common Vulnerability Scoring System (CVSS), which are industry standards for tracking and calculating vulnerability risks.
An optional Vulnerability Assessment may be added for a MainNerve cybersecurity specialist to perform a comprehensive review of the vulnerability scan results in order to verify or invalidate the findings. This will remove false positives.
At EHS, we consider the final phase (reporting) of the network vulnerability scanning and/or assessment process to be the most crucial and instrumental step. During this phase, we take great care to ensure we effectively communicate the value of our service and findings as thoroughly as possible. Our main goal is to ensure that all information from the vulnerability scan and/or assessment is clearly understood and that a roadmap toward remediation is well defined. A comprehensive final report detailing all testing information along with a vulnerability analysis is securely delivered during this step.