Vulnerability Assessment & Pen Testing

Young & Associates offers network vulnerability assessment and penetration testing to identify gaps in your financial institution’s cybersecurity. This ensures that your organization is prepared to defend against threats and vulnerabilities.

External Vulnerability Assessment

During the External Vulnerability Assessment, our consultants will scan any internet-facing devices managed by your institution for potential security vulnerabilities that might be used to penetrate your information systems.

We will also scan the institution’s website for potential security vulnerabilities that may be used by attackers to deface the website or insert code to perform malicious activities. With this vulnerability analysis, we will look for publicly accessible information about the institution that may be helpful to an attacker gathering information in preparation for a targeted attack.

Internal Network Vulnerability Assessment

During the Internal Network Vulnerability Assessment, our consultants will scan all devices on the institution’s internal network for potential security vulnerabilities that might be used to penetrate your information systems. In addition to the vulnerability scan, we will also perform tests to identify the existence of default credentials on network devices. The results of our assessment will include details about the identified vulnerabilities and recommendations for remediation.

During this assessment, we can perform either an uncredentialed scan or a credentialed scan. An uncredentialed scan assesses the vulnerabilities that can be detected without network credentials. It identifies the vulnerabilities that an attacker may find if a rogue wireless device or laptop is connected to your internal network without any known network credentials.

A credentialed scan assesses the vulnerabilities that can be detected by a user that can log onto the network. The credentialed scan is more comprehensive than an uncredentialed scan, and requires the provision of an administrator-level network account for our consultant.

External Network Penetration Test

The External Network Penetration Test is designed to identify weaknesses in the institution’s security controls that may allow an attacker to access sensitive information or perform malicious activities using the institution’s information systems. It performs a simulated attack, the results of which provide valuable data as to your network security.

“Pen testing,” as these tests are often known, helps to identify whether data breaches and other failures are possible with your existing security.

In this case, the pen test is performed as a white box test. That means that the institution will provide a list of the public IP addresses that will be included within the scope of the engagement. This method of risk management provides a more comprehensive assessment of technical weaknesses than an automated external vulnerability scan alone, which has inherent limitations and may produce false positives.

Check your financial institution’s cybersecurity

With vulnerability assessments by Young & Associates, you can ensure that your institution is protected. Contact us to learn more about our IT consulting services for banks and credit unions.