Vulnerability assessments are designed to meet specific needs such as: lowering risk of loss to the organization; identifying vulnerabilities and improving security; documenting compliance and identifying gaps; and meeting corporate requirements for confidentiality, integrity and availability of information, applications, systems, networks and facilities.
Each service deploys proven people, processes and tools to effectively assess security controls though interviews, inspection testing and data analysis. This approach provides the most value to companies performing assessments by providing more in-depth and accurate discovery of real vulnerabilities.
Spohn services are unique:
- Deploys a combination of people, process and tools – automated tools alone do not assess security controls as effectively as creative security engineers can
- Goes beyond the “Tell-me, show-me” interview – conversations alone won’t tell you how effectively your security controls are working, inspection and testing will.
- Utilizes multiple best-of-breed commercial, proprietary and open-source tools – one-tool services only provide a single-minded view of vulnerabilities
- Processes are designed to assess the largest and most complex security controls yet are scalable to meet medium and small organizations
- Performs complete discovery of devices – statistical sampling of devices for vulnerabilities only provides a partial finding and does not support remediation
- Services are delivered with minimal impact to the organization by performing pre- and post-assessment work off-site and compressing on-site assessment work
- Reports include executive business-focused “report cards” and in-depth technical findings and are provided in print and electronic form
- Remediation Database of technical findings greatly assists IT in planning and implementing remediation efforts saving the organization additional time and money
