Assess Vulnerabilities

SpearTip’s Vulnerability Assessments help determine the overall risk to client assets and digital environments. Scoped assets will be probed with industry-standard cyber security vulnerability tools that are designed to identify outdated systems, services, and misconfigurations. These results are triaged by the risk engineers and communicated to effectively address risk and impact on the client environment.

External Vulnerability Assessment

Threat actors can access an organization’s digital environment through a variety of means. In an attempt to strengthen a client’s external facing cybersecurity controls, our team assesses posture by simulating attacks from the public internet. Our EVA is not simply a scan-and-send service; we probe for and validate vulnerabilities using advanced penetration testing techniques and provide analysis of the impact of these vulnerabilities on the client’s organization. At the clients’ discretion, our team will attempt to exploit discovered vulnerabilities to provide insight into critical risks that could cause significant damage if breached by a threat actor.

Internal Vulnerability Assessment

Malicious insider threats account for the most expensive data breaches to remediate, as well as take an average of 308 days to identify and contain. It is necessary for organizations to have high-level visibility as a remedy against internal vulnerabilities, including insider threats. SpearTip’s IVA simulates attacks from an internal perspective of the local network, probing all reachable internal systems for vulnerabilities. In addition, our team attempts to move laterally and escalate privileges inside the environment to simulate a threat actor’s behavior. This assessment allows clients to strengthen internal security controls and mitigate potential damage that could result from a severe compromise.

Web Application Vulnerability Assessment

Most companies utilize different applications and tools to make sure their business operates at full capacity. This creates many potential initial access points for threat actors in your environment. Our team initiates an extensive process to find these web application vulnerabilities and help protect your critical information. This assessment examines how an organization leverages its current technology. SpearTip’s team reviews application and operating system access controls, analyzes physical access to systems, and concludes with detailed recommendations to maintain compliance. 

Wireless Vulnerability Assessment

SpearTip engineers provide a comprehensive assessment of the client’s wireless environment. This assessment results in the identification of technical vulnerabilities in network configuration, access point signal, rogue access points, and network-level data. The ultimate goal of this assessment is to determine the security risk of a client’s wireless environment by identifying vulnerabilities and analyzing their impact on the organizational operations.

Cloud Vulnerability Assessment

Security challenges in the cloud are different from challenges with on-premises solutions. Our team’s vast experience and proven methodology provides our clients with a thorough picture of the risks present within their cloud infrastructure. We focus on security misconfigurations and deviations, including reviewing account privileges and analyzing current logging details from recommended cloud security architecture. As an approved Microsoft Azure and Preferred AWS partner, SpearTip’s capabilities extend deep into the cloud to defend you against threat actors. 

Firewall Vulnerability Assessment

To uncover any vulnerabilities within your firewalls, our team analyzes the configurations and interactions of your network infrastructure with the expertise of a skilled penetration tester. SpearTip discovers vulnerabilities in firewall systems and enables you to dedicate necessary resources to evaluate and prioritize fixes. This will provide visibility of actual network gaps, including existing false negatives. SpearTip provides clear remediation steps for all uncovered weaknesses to ensure a strengthened security posture.

*Deliverable: For all Vulnerability Assessments, we provide a detailed report consisting of Executive and Technical-level data. This holds an Executive Summary, Vulnerable Hosts, Remediation Recommendations, Impact Distribution, Security Assessment Artifacts, and Processes and Tools Used. 

Project Workflow

Phase 1 | Reconnaissance

SpearTip scans systems and networks related to your environment and examines for publicly available data to identify vulnerable systems or other potential targets.

Phase 2 | Exploitation

SpearTip leverages data discovered during the reconnaissance phase and, with client approval, attempts to exploit vulnerable services. Where relevant, SpearTip’s assessors also attempt to access the internal network leveraging an exploit or move laterally within the environment.

Phase 3 | Validation

SpearTip examines the technical data and validates all findings. This ensures that false positive findings are filtered out of the final reports. The analysis includes the discovery of compensating security controls that could affect the criticality rating of a discovered vulnerability.

Phase 4 | Deliverables

Finalized deliverables are presented to and reviewed with the client.

Phase 5 | Feedback

The client provides feedback and asks questions about the deliverables and findings of the engagement.

Phase 6 | Rescan

After the client has an opportunity to resolve relevant vulnerabilities and provide engagement feedback, SpearTip rescans the environment to provide evidence that discovered vulnerabilities have been remediated.
Risk Assessments
Security Program Development
Adversary Services
Threat Hunting

Currently Experiencing a Breach?

Please fill out our Information form
and SpearTip will contact you shortly.