Network vulnerability assessments and penetration tests help customers to audit the foundations of their computing infrastructures. VSR's network assessments come in a variety of forms and can be highly customized to a client's network architecture and business needs. When determining the scope of a network assessment, clients should start by considering:
- Will the assessment be internal or external? External assessments help to establish a secure perimeter while internal assessments can help a client establish defense-in-depth.
- Will the testing be informed or blind? Providing analysts with architecture and configuration information helps to ensure a complete and cost-effective assessment of controls while blind assessments help to simulate more realistic attack scenarios.
- Should analysts attempt to exploit vulnerabilities? A full penetration test can help IT managers to better prioritize remediation of specific issues while simple vulnerability assessments provide a quick, low-risk snapshot of a network's security posture.
All of VSR's assessments involve a large degree of manual verification and testing. While automated tools are often used in early stages of testing, each finding is carefully reviewed to ensure a high quality final product.