Identify the vulnerabilities that open your business up to cyber threats.
Prioritise your cyber security response and budget according to the weaknesses you have and how easily they could be exploited by attackers.
What is an Enhanced Vulnerability Assessment (EVA)?
Vulnerabilities are defects that require some sort of remedial action. Once a vulnerability is discovered it is only a matter of time before attackers can take advantage of it. The Enhanced Vulnerability Assessment (EVA) looks at your technical and human security to hunt for vulnerabilities that could be exploited. It ranks each vulnerability found according to a matrix of factors including whether any known exploits exist.
The EVA is a more comprehensive test than an automated vulnerability test but not as extensive as a full penetration test. It is therefore perfect for organisations wishing to identify and remedy security vulnerabilities but are not at a level suitable for a penetration test, or who wish to conduct enhanced assessments between penetration tests.
Why have an Enhanced Vulnerability Assessment?
Email attacks can be easy to spot or sophisticated & targeted. Email is the biggest attack vector being used. Can your staff spot them?
We test employees against 2 levels of phishing attack (an easy one with lots of clues & mistakes & a harder to spot spear phishing attack). This tells us what level of security awareness your staff have.
You can decide whether to use links, attachments or the input of login credentials for the test.
We work with your I.T team to measure the click rate and the reporting rate coming back from your staff. Both are used to calculate the final score for this part of the test.
Phone call attack to gather intelligence for another attack. Would your staff hand over valuable information over the phone?
Usually employed by attackers as a recon tool to gather sensitive information about your organisation before an attack is launched.
A log of the call is made and included in the final report.
Vishing can help test how well your staff follow policies & procedures.
The recon done during a vishing call often helps us set up our teams for the impersonation attacks later on in the test.
The security of your website is vital for your business reputation and operations. We perform a thorough vulnerability assessment of your website including checking the site against the OWASP top 10 security risks.
We scan your network looking for known vulnerabilities and security holes in your operating systems, ports and services. This can be done from both within your network and from outside, to see network vulnerabilities from a potential attackers perspective.
We review your current policies and procedures to check they meet national & international best practice.
What can we find out about you and your staff online? How would an attacker use this? Is your online footprint too large?
We collect & analyse Open Source Intelligence (OSINT) to mount a convincing attack.
Some of the sources we look at include:
• Corporate website & job adverts
• Document & photo metadata
• Reverse image searches
• Email addresses & enumeration
• Social media
• DNS records
• Geolocation data