ASA’s Vulnerability Scanning Service detects and classifies possible weaknesses in computers, networks and communications equipment that may be exploited by hackers. Some examples of the identified vulnerabilities would be missing patches, vulnerable services, and insecure configurations. Vulnerability scans may be performed on laptops, desktops, servers, and network devices as approved by each client.
ASA will provide internal and external authenticated and unauthenticated scans. In the unauthenticated method, ASA performs the scan as an intruder would, without credentialed access to the network. Such a scan reveals vulnerabilities that could possbily be accessed without logging into the client network. In an authenticated scan, ASA logs in as a network user, revealing the vulnerabilities that are accessible to a trusted user, or an intruder that has gained access as a trusted user.
ASA’s Vulnerability Scanning Service does not include penetration testing where identified vulnerabilities are probed to determine what can be exploited.
- What is required by the client:
- The client will provide ASA with systems specifically documented by DNS recrods or IP address to be included in the agreement.
- What is required by ASA:
- Provide a pre-engagement briefing to review the process and assist in developing the scope of the engagement.
- Transform information provided by the Client, such as network subnets, asset IP addresses, and asset type definitions, into asset groups to enable scan prioritizing and scheduling.
- Coordinate closely with Client Points of Contact to determine the most accommodating and effective vulnerability scan schedules for individual asset groups.
- Provide both a detailed list of discovered vulnerabilities within the Client’s IT infrastructure as well as an easily understood and actionable report for the repair and mitigation of these risks.
- Provide a post-engagement briefing which will include suggestions for addressing the discovered vulnerabilities.
If you would like to inquire about how ASA can help meet your vulnerability scanning needs, please Contact Us.
More information about the services that ASA offers can be found in our Service Catalog.
