Clearing Up Confusion
The IT Security industry as a whole has confused the definition of the term Vulnerability Assessment. In most cases security vendors inaccurately define Vulnerability Assessments by using descriptions of methodology. This is problematic because different vendors use different methodologies and so the definition appears to change between vendors. What is even more problematic is that many vendors confuse Vulnerability Assessments with Penetration Tests when in fact the two services are entirely different.
The term Vulnerability Assessment is defined as a best guess as to how susceptible something is to risk or harm. Vulnerability Assessments are not specific to IT security and are used by a wide range of other industries. When applied to IT Security vulnerability assessments are used to assess, or provide a best guess as to how susceptible a target is to risk or harm. Unlike Penetration Tests, Vulnerability Assessments do not validate vulnerabilities though exploitation and so their reports often contain false positives.
Our Vulnerability Assessment Services
Netragard’s Network Vulnerability Assessment services are ideal for performing periodic security checks between Network Penetration Testing services. They can also be used to perform a cursory review of an entire IT infrastructure or just a single target. Network Vulnerability Assessment services are not a replacement for and are not interchangeable with Network Penetration Testing services.
Step 1: Logistics and Controls
Logistics and controls is an important yet often overlooked component of delivering quality penetration tests. The purpose of this step is to reduce the rate of false positives and false negatives by assuring proper adjustments are made to all testing modules prior to launch. This module is perpetual in that it continues to run during the entire course of testing. Its purpose is to identify any issues that may exist before testing, or to identify network or system state changes during testing.
Step 2: Advanced Reconnaissance
Netragard begins all vulnerability assessments with a combination of Social and Technical reconnaissance. Social reconnaissance, not to be confused with Social Engineering, is focused on extracting information from personal websites, social networking sites like linkedin and Facebook, technical forums, internet relay chat rooms, company job opportunities, documents that have been leaked or published, etc. The goal of social reconnaissance is to identify information that might pose risk to the target. Historically this information has included source code, confidential files, passwords, troubleshooting questions about IT issues, etc.
Technical reconnaissance focuses on the discovery of hosts, service fingerprinting, configuration analysis, web server directory enumeration, the identification of administrative portals, the identification of customer portals, the identification of hidden endpoints such as cable modems or DLS lines, the use of third party services provided by hosting providers, managed security service providers, and much more. Technical reconnaissance may or may not use port scanners, web application scanners, vulnerability scanners, etc. depending on the threat and intensity levels of the service being provided.
Step 3: Vulnerability Matrix
Once the initial reconnaissance stages are complete we begin the assessment process. Because Vulnerability Assessments provide a best guess as to how susceptible a target is to attack or damage, we do not validate vulnerabilities through exploitation. Instead, we use a light-weight research process, to attempt to determine validity. This process may or may not include the use of automation.
Vulnerability Assessments do not exploit vulnerabilities and as such cannot verify the vulnerabilities that they discover. Vulnerability Assessments only provide a best guess as to how susceptible a target is to attack or damage. Because of these limitations Vulnerability Assessments are technically limited and lesser quality when compared to Penetration Tests.
The safety of a service depends on the expertise of the team delivering the services, and on the state and stability of the target(s). Netragard’s services are driven by its SNOsoft Research Team. Most members of the SNOsoft Research Team are required to be well versed in Vulnerability Research and Exploit Development. This advanced level of expertise is uncommon in the Network Penetration Testing industry and is one of Netragard’s primary differentiating factors. Because our experts understand vulnerabilities at the lowest possible levels they are much less likely to cause an outage as the result of a mistake.