Vulnerability Scanning & Assessments

Vulnerability Scanning & Assessments


Vulnerability Scanning is a critical step in understanding the exposure of a Firewall or an internal Computing Device. To quote an old adage, “You cannot fix it until you know what’s broken”.

RSC’s Cyber Security Engineers, using our proven Scanning and Assessment procedures, do just that; They find what’s broke and help you, the Customer, to fix it!

RSC has developed and implemented the External and Internal Security Assessments. Our Cyber Security Engineers have designed Hardware/Software programs utilized in conjunction with these Assessments to provide our Customers with a focused and accurate Vulnerabilities Assessment.

Vulnerability scanning is more than just running a suite of tools. Our Cyber Security Engineers are highly talented and skilled in finding and accurately determining vulnerabilities in Network Perimeters and Internal Local Area Networks.

To find out more, please see the Technical Specifications that follow.

External Security Assessment - ESA

The ESA, also commonly referred to as Penetration Testing, accomplishes vulnerability testing against the External Perimeters of your Organization; your Web or Internet footprint. It's primary goal is to find any and all weaknesses that may allow a Hacker to penetrate an Organization's defenses.

ESA Specifications:

  1. Coordinate and Identity all key points of Contact. These include, but are not limited to: Internet Service Providers, Key Management Stakeholders, Information Security & Technology Staff.
  2. RSC Engineers will accomplish "Public Reconnaissance" of the Customer public prescence to determine any additional information that may help in the vulnerability scanning step.
  3. Given the information that was garnered from the previous step, RSC Engineers will begin discovery scans of the Customer's perimeter using a variety of manual and automated techniques.
  4. RSC Cyber Engineers will analyze the results from the previous step and begin active scans of the Customer's perimeter. These are targeted scans against possible weaknesses. Note: at NO time will RSC Engineers actively exploit a discovered vulnerability.
  5. All information on discovered weaknesses and vulnerabilites is gathered into a central repository for reporting to the Customer. All vulnerabilities are given a letter grade and a recommended list of actions to remediate them. RSC and the Customer will meet to go over the list and determine the appropriate course of action.
  6. RSC Cyber Security Engineers will conduct validation scans on all vulnerabilities resolved by the Customer. As these are found to be resolved, RSC will close any waiver that was opened during the previous step.
If your Organization has a Regulatory Compliance requirement or needs to determine that your External Perimeter Cyber Defenses are operational and effective, contact an RSC Sales Associate for a quote.

Internal Security Assessment - ISA

The Internet of Things (IoT) is dramatically changing the Corporate Cyber universe. All manner and types of Computing Devices are being attached to internal Local Area Networks and WiFi Hotspots. In addition, one of the greatest threats that an Organization's Internal Network can experience is... wait for it... from the inside!

As more Computing Devices are added to the internal network, so increases the chances of becoming vulnerable to Data breaches. Since these Computing Devices are located in the internal network, these Data breaches can become quite severe. An Internal Security Assessment (ISA) can spot these deficiencies. Another old quote, "You can't fight what you can't see!" An ISA can spotlight these areas so that they can be remedied.

ISA Technial Specifications

  1. Coordinate and Identify all internal network routers and switches (Network Segments). This is the target list for the ISA.
  2. RSC Cyber Engineers will implement Scanning Device Hardware and Software within each identified Network Segment. These devices will perform automated and manual Computing Device inventory and identification scans.
  3. Upon conclusion of the Identification Scans, RSC Cyber Security Engineers and the Customer will review and approve each Computing Device that has been discovered. The Customer will identify the purpose for each Computing Device and its importance to the Organizational mission.
  4. RSC Cyber Security Engineers will accomplish Vulnerability Scans for each identified Computing Device. All detected weaknesses will be validated to ensure the absolute minimum of false positives.
  5. Information from all of the previous steps will be gathered into a central repository for reporting to the Customer. All discovered vulnerabilities are given a letter grade and a recommended list of actions to remediate them. RSC and the Customer will review the report and determine the appropriate course of action.

An ISA can give your Organization the foundation it needs to determine the validity of all internal Computing Devices. This is invaluable information when determing Critical Resources that need to be protected and maintained.

If your Organization needs an on-going solution that is constantly monitoring and managing the Cyber Security profiles of your Internal Computing Devices, RSC's Cyberwar Shield products is the answer.


Social Media