eScope Solutions' Vulnerability Assessment Services provide comprehensive network vulnerability assessment for measuring network security risks. eScope Solutions uses best-in- breed technology to test all network devices including firewalls, routers, switches, servers, workstations, printers and print servers. These tests identify and locate vulnerabilities, categorize them by severity and provide detailed reports with standard vulnerability elimination procedures. Our experienced team of security engineers also works to identify false positives.
Regular use of our Vulnerability Assessment Services provides an on-going analysis and control of network security, allowing administrators and executives to manage the financial institution's security policy proactively. In addition, these services comply with all FDIC, NCUA and FFIEC guidelines.
An Internal Vulnerability Assessment will perform a complete scan of the internal network and detect all known vulnerabilities; it will analyze every device IP address by IP address to identify the device, its operating system, firmware, service packs and/or patches. It will then generate a report describing known vulnerabilities for each device.
An external vulnerability assessment will be performed remotely from eScope Solutions' Security Operations Center in order to analyze the integrity of the client's perimeter security. The assessment will validate the configuration of the firewall and will determine if a possibility exists for attacks via the protocols currently allowed through the firewall. This service simulates attacks to determine if perimeter security devices can be bypassed or penetrated.
Vulnerability Assessment is an on-going process, as so testing should be performed on a regular basis. Since the ideal amount and frequency of vulnerability testing will vary according to the client's specific security policy, needs, size and FDIC / NCUA requirements, eScope Solutions offers many options to accommodate each client's individual needs. Both internal and external testing can be provided on a single event basis or performed bi-annually, quarterly or monthly over one to 3 years’ time periods.
Reporting - eScope Solutions provides a comprehensive report with all vulnerability findings delivered in both an Executive Summary and a Detailed Technical Report. The technical report includes descriptions of all detected vulnerabilities, their level of severity, what devices are affected and any known remediation procedures or recommendations.
eScope Solutions provides a brief overview of our reports as part of this service. If additional support assistance is needed eScope provides remediation services through our Network Support Agreements.