For many organizations, the exponential growth in systems, networks, and mobile devices in use across the enterprise creates a challenge in identifying, quantifying, ranking, and prioritizing vulnerabilities at an acceptable level and frequency demanded in today’s environment. As a result, these organizations are at risk to inside or outside attacks, data breaches, and other IT failures. In order to protect critical infrastructures as well as information, people, equipment, facilities, and operations, a comprehensive systematic evaluation of vulnerabilities and careful application of countermeasures is needed in order to improve overall security and reduce risk.
Patriot is able to perform an extensive assessment of these vulnerabilities by performing the following steps:
- Cataloging and classification of information resources (systems, networks, applications, devices, etc.)
- Assigning value and importance to these resources
- Identifying the vulnerabilities and potential threats to each resource
- Ranking the level of risk to these resources by the likelihood and impact of compromise Patriot’s comprehensive approach to a Vulnerability Assessment takes into consideration vulnerabilities across all information assets, including, but not limited to:
- Network assets, such as routers, switches, VPN concentrators, PBXs, VoIP devices, and wireless access points
- Computing assets, such as desktops, laptops, mobile devices, and servers
- Security assets, such as IDS/IPS, firewalls, anti-virus, and SEIM services
- Web assets, such as eCommerce, Web 2.0, DNS, web sites, and cloud services
- Application assets, such as databases, transaction processing services, and messaging
In addition, the Patriot Vulnerability Assessment can include a review of an organization’s Situational Awareness and Incident Response (SAIR) capabilities, operational protocols, policies and procedures, and other compensating controls to determine the level of risk that exists.
Through the use of state-of-the-art network, application, and database scanning tools―combined with rigorous scheduling and project management protocols and a unique risk-based perspective―Patriot provides a timely and effective assessment methodology that can improve an organization’s risk posture on an on-going basis.
Patriot’s deep experience in security software and hardware allows us to bring broad subject matter expertise across a number of vendor platforms. For example, we have current, extensive experience and certifications in the following solutions: