Vulnerability Assessments and Penetration Testing
Identify which type of engagement is right for your organization
From checking compliance boxes for annual Vulnerability Scans and Penetration Testing, to developing a deep understanding of your security program, our assessments and tests have you covered.
A quick security assessment of your business’ assets
A vulnerability scan provides a quick IT security assessment of your business’ external or internal assets or web applications to determine if there are flaws in their design or configuration that negatively affect their security. Businesses that are actively developing or changing the configurations of their networks or the designs of their web apps should consider running vulnerability scans before launching major changes or updates to their networks or web apps. If development is outsourced to a third-party, running a vulnerability scan is a good way to quickly check if the product was developed with security in mind.
Scan combined with recommendations and analysis
Vulnerability assessments are vulnerability scans combined with a detailed analysis of the results with recommendations on how to fix the vulnerabilities and the recommended priority that should be placed on addressing the identified vulnerabilities. Vulnerability assessment will provide a report that includes the results of the vulnerability scan, the order in which the results should be addressed, and the recommended action that should be taken to address each vulnerability identified.
Discovers how your vulnerabilities can be exploited
Penetration tests expand on the work completed in vulnerability assessments and provide additional insight into how the vulnerabilities identified in your network could be exploited. Understand the amount and type of information a hacker could feasibly extract from your business as a result of exploiting the existing vulnerabilities in your network. Receive insight on the true level of risk your web-facing assets are posing to your business, your vendors, and your customers.
Test your IT response team’s ability to identify and defend against attacks
In a purple team engagement Soteria will perform controlled, Red Team actions on specified assets and assess the effectiveness of your Blue team’s reaction to the security events. Soteria will propose and develop testing scenarios and desired outcomes, then execute the exercises. The process leading up to the actual tests will include the planning and development of defined tasks designed to effectively evaluate Blue Team actions and remediation efforts against a security attack, while not disrupting services.