IT Security Vulnerability Services

Elevate offers both Internal and External Network Vulnerability testing that will identify the weaknesses in network security without the usual dangers of exploitation or more intrusive testing. The Internal Vulnerability Assessment examines the internal network systems for any weakness that could be used to disrupt the confidentiality, availability, or integrity of the network. Penetration tests are different from vulnerability assessments because they add manual exploitation of vulnerabilities to determine what information is exposed and for lateral movement through the network to identify additional weaknesses within your systems and networks.

Elevate follows a phased and methodical approach to effectively and efficiently perform the tests. The steps include:

This phase executed comprehensive discovery and enumeration procedures targeting pertinent internal address ranges identified for the assessment. This effort identified assets, listening services and applications providing a footprint of your internal network. Additionally, we seek to understand your network design to unmask with you additional areas that may need to be reviewed to ensure a thorough IT assessment of your internal network security infrastructure (e.g. IP addresses for split-tunnel connections etc.)
Based on the assets in scope as dictated by you, Elevate reviews the following:
– Servers – Elevate performs detailed vulnerability discovery and scanning using a comprehensive suite of commercial and open source tools targeting server-based systems.

– Workstations – In addition to the comprehensive security testing executed on the server based systems in the environment, this phase executed thorough vulnerability scanning, confirmation and manual testing techniques targeting a representative sampling or entire population as requested by you.

– IP Enabled Devices – In addition to the server and workstation testing, if requested Elevate will perform the vulnerability scanning across additional IP-enabled devices (e.g. printers, phones, cameras, network device management) within the address ranges specified.

Identified vulnerabilities are reviewed and validated internally and with you in an effort to eliminate false positives. Manual testing procedures are also executed to identify flaws not easily identifiable with automated tools and coordinated and controlled exploitation of targeted issues were performed to demonstrate impact and allow for further vulnerability exploitation exercises.

It is during this phase, that Elevate summarizes and provide concise and meaningful information to be shared with Executives and a separate report to technical staff.