Young & Associates offers network vulnerability assessment and penetration testing to identify gaps in your financial institution’s cybersecurity. This ensures that your organization is prepared to defend against threats and vulnerabilities.
During the External Vulnerability Assessment, our consultants will scan any internet-facing devices managed by your institution for potential security vulnerabilities that might be used to penetrate your information systems.
We will also scan the institution’s website for potential security vulnerabilities that may be used by attackers to deface the website or insert code to perform malicious activities. With this vulnerability analysis, we will look for publicly accessible information about the institution that may be helpful to an attacker gathering information in preparation for a targeted attack.
During the Internal Network Vulnerability Assessment, our consultants will scan all devices on the institution’s internal network for potential security vulnerabilities that might be used to penetrate your information systems. In addition to the vulnerability scan, we will also perform tests to identify the existence of default credentials on network devices. The results of our assessment will include details about the identified vulnerabilities and recommendations for remediation.
During this assessment, we can perform either an uncredentialed scan or a credentialed scan. An uncredentialed scan assesses the vulnerabilities that can be detected without network credentials. It identifies the vulnerabilities that an attacker may find if a rogue wireless device or laptop is connected to your internal network without any known network credentials.
A credentialed scan assesses the vulnerabilities that can be detected by a user that can log onto the network. The credentialed scan is more comprehensive than an uncredentialed scan, and requires the provision of an administrator-level network account for our consultant.
Penetration Testing (Pen Testing)
“Pen testing” is used to identify whether data breaches and other failures are possible with your institution’s existing security. This method of risk management provides a more comprehensive assessment of technical weaknesses than an internal or external vulnerability scan alone, which has inherent limitations and may provide false positives. A manual penetration test goes beyond automated vulnerability scanning by assessing the exploitability and impact of identified vulnerabilities. It is designed to identify weaknesses in the institution’s security controls that may allow an attacker to access sensitive information or perform malicious activities using the institution’s information systems. A penetration test is a simulated attack, the results of which provide valuable data as to your network security.
External Network Penetration Test: To perform an External Network Penetration Test, the institution will provide a list of the public IP addresses that will be included within the scope of the engagement.
Internal Network Penetration Test: To perform an Internal Network Penetration Test, the institution will provide a list of internal IP addresses that will be included within the scope of the engagement, and we will ship a device that will need to be connected to the institution’s internal network.
With vulnerability assessments by Young & Associates, you can ensure that your institution is protected. Contact us to learn more about our IT consulting services for banks and credit unions.