Overview
Internal Risk Assessments for IT environments are pivotal in identifying and mitigating vulnerabilities from within an organization’s network. This comprehensive service is tailored to strengthen internal defenses, spotlight security gaps, and ensure that internal controls are effective against potential insider threats or system failures. It is designed for a range of asset scales, and we offer customized solutions for larger asset inventories.
Included in our assessments are a Comprehensive Vulnerability Assessment, credentialed vulnerability scanning using various methods such as Windows Credentials, WMI, SSH, and Sudo. A significant part of our service includes the review of patches to ensure that all software and systems are up-to-date with the latest security patches, reducing the risk of exploitation. We also perform Open Source Intelligence (OSINT) gathering, and an optional Web Application Assessment based on OWASP standards. Our focused efforts aim to address both high and medium vulnerabilities with high confidence, and our findings are correlated with the OWASP top 20 risk factors. The assessment extends to SSL reviews and an in-depth Attack Surface Discovery, which includes a detailed DNS review.
A vital element of our offering is the detailed report we provide, which translates complex technical data into easily understandable terms. This report is crucial for aiding management in strategic decision-making, offering a clear perspective on urgent vulnerabilities and recommending the top ten mitigation strategies. By equipping decision-makers with this information, our service facilitates proactive security measures and supports continuous improvement in cybersecurity posture.
This service is essential for any organization aiming to thoroughly assess and enhance its internal IT security measures, safeguard critical data, and maintain compliance with relevant security standards.
Pricing
| Asset Range | Est. Duration | Price |
|---|---|---|
| Less than 100 | 3 days | $7,200 |
| 101 – 500 | 4 days | $9,600 |
| 501 – 1000 | 7 days | $16,800 |
| More than 1000 | Ask for quote |
Scope of Service:
Asset Coverage:
The assessment will cover up to the specified number of assets based on the chosen pricing tier:
Less than 100 assets
101 – 500 assets
501 – 1000 assets
More than 1000 assets (requires a custom quote)
Assessment Duration:
The duration of the assessment is tailored based on the asset range:
3 days for less than 100 assets
4 days for 101 to 500 assets
7 days for 501 to 1000 assets
Extensions or additional days are subject to separate negotiation and billing.
Services Included:
- Comprehensive Vulnerability Assessment: Thorough evaluation of the IT environment to identify security vulnerabilities.
- Review of Active Directory: Detailed inspection of Active Directory configurations and security settings.
- Credentialed Vulnerability Scanning: Uses Windows Credentials, WMI, SSH, and Sudo for deeper access to systems to uncover vulnerabilities that are not detectable with non-credentialed scans.
- Open Source Intelligence (OSINT): Analysis of publicly available data to identify potential security exposures.
- Web Application Assessment (optional): Detailed security assessment of web applications to identify vulnerabilities, with an emphasis on OWASP standards.
- OWASP Top 20 Risk Analysis: Evaluation of vulnerabilities in the context of the OWASP Top 20 most critical web application security risks.
- SSL Review: Examination of SSL/TLS configurations and certificates for security compliance.
- Attack Surface Discovery with DNS Review: Comprehensive mapping of the organization’s digital footprint through DNS configurations.
Reporting:
- Detailed Vulnerability Report: A comprehensive report detailing all identified vulnerabilities along with their potential impacts and the context within the IT environment.
- Top Ten Suggested Mitigation Activities: Strategies prioritized to address the most critical vulnerabilities identified during the assessment.
- Executive Summary: A high-level overview suitable for senior executives, summarizing key findings and urgent priorities.
- Risk Scoring and Prioritization: Each vulnerability is scored based on severity, impact, and exploitation complexity to aid in prioritization.
- Actionable Recommendations: Specific suggestions for immediate fixes and strategic enhancements to security policies and systems.
- Graphical Representations and Analytics: Charts, graphs, and visual aids to depict the severity and distribution of vulnerabilities.
- Raw Evidence and Methodology: Transparency in methodologies used and raw evidence provided to validate the assessment results.
Exclusions:
Does not include remediation of vulnerabilities.
Does not cover physical security assessments or social engineering attempts.
On-site visits are not included but can be arranged for an additional fee.
Additional Costs:
Work outside the predefined scope will be quoted and approved separately.
Travel and accommodation expenses for any required on-site work will be billed additionally, with prior approval from the client.