Internal Vulnerability Scanning skips the unwanted elements of things like social engineering. An “Assumed Breach” scenario is created by planting our scanning PC on the network. Vulnerability scanning and exploitation is performed from there. GlobeTech LLC can audit the attack surface of an organization’s internal assets to review the risks and vulnerabilities that an attacker would take advantage of.
The Internal Attack Paths
Internal network assessments usually uncover simple flaws that can be chained together. Often, this full “Kill Chain” of attacks shows a significantly higher impact than the vulnerability itself might show.
Discovered assets will be scanned for vulnerabilities and assessed for risk or impact. The Vulnerability assessment and scan report becomes one of the report deliverables at the end of an internal engagement.
Each potential attack vector is reviewed and pen tested to attempt to gain access to the systems. By combining various sources of information along with vulnerability reports, exploitation of internal systems can be more fully assessed.
Internal Vulnerability Assessment Reporting
The reporting is the most important part of the assessment. This is what provides value to your business. Each independently reported vulnerable system or scenario is highlighted with a severity score, general attack narrative or description, Proof of Concept code or commands, and mitigation recommendations.
The Internal Assessment comes with Vulnerability Scan Reports as well as supporting discovery data and manual Penetration Testing of exposed assets. While GlobeTech LLC will make recommendations, the business ultimately decides what the right option is for them, so together we’ll spend time determining the actions that are right for you.
Contact
For more information, feel free to fill out the contact form where GlobeTech LLC can respond and schedule a discovery call.