Internal Vulnerability Assessments


We will ship a custom-configured machine to your location that will give our consultants persistent access to your organization’s internal network. We will provide a comprehensive patch management scan which includes Windows patches and major third-party applications as well. Additionally, we will perform an internal vulnerability scan over all in-scope internal assets.

We do offer an option to come onsite and perform our testing if warranted and requested by our clients.

Upon completion of our testing, we deliver a full report which includes:

  • High-level executive summary of the most critical vulnerabilities and missing patches
  • General best practices recommendations for vulnerability remediation
  • Application generated reports from the patch management software
  • Raw output from the patch management software
  • Raw output from the vulnerability scanning application

The results obtained from the Internal Vulnerability Assessment should give management solid insight into the risk levels associated with the vulnerabilities and missing patches on their internal network. In addition to providing an excellent snapshot, this test can also be used to satisfy goals such as the ones listed below:

  • Monitor Remediation Efforts
    When performed regularly, Internal Vulnerability Assessments can help you determine if your organization’s remediation efforts are being performed in a timely and efficient manner. Results from this test can also be used to generate remediation plans.
  • Monitor your Third-Party
    Many organizations now outsource their vulnerability and patch management functions to an outside third-party. However, how many actually verify they are getting what they are paying for?
  • Independence
    Financial institutions, PCI-Compliant retailers, insurance agencies… and the list goes on. Many more organizations are now being required to conduct independent, third-party testing to satisfy regulatory requirements.

If you are uncomfortable with answering some of the above questions or prefer a more in-depth picture of your organization’s external footprint, we recommend an External Penetration Test.

Quarterly Internal Vulnerability Assessment

With this service, we’ll leave the workstation on site at the client location to allow for quarterly scans.  In addition to the Internal Threat Assessments, we’ll also work with clients to review analysis and evaluate performance to ensure positive trending.

This service, combined with Social Engineering and Penetration Testing services can provide a very comprehensive quarterly security program.

For more information or to get a quote on our Internal Vulnerability Assessment Services, click here to submit a request.