Vulnerability Management

VAPT & Remediation

Vulnerability Management?

A vulnerability is a weakness and/or error in code, an application or a device that makes your business’s data vulnerable to both cyber and internal threats.

Vulnerability management is the process of identifying, classifying, prioritizing, and eliminating or minimizing these vulnerabilities. Its primary focus is the protection of the confidentiality, integrity, and availability of that data (also known as the CIA triad) while maintaining a focus on efficient policy implementation, all without hampering an organization’s productivity.

This is largely achieved through a structured risk management process that involves:

   Vulnerability Assessment & Penetration Testing (VAPT), and
   Remediation

We discuss these two processes in more detail below.

    VAPT

The vulnerability management process begins with vulnerability assessment & penetration testing (VAPT). Vulnerability assessment (VA) involves the use of both manual methods and high-tech scanners to identify the security vulnerabilities found within an organization’s servers, applications and network devices. Penetration testing (PT) differentiates between which of those vulnerabilities are exploitable and non-exploitable.

A VAPT is not something you do once and then forget about. A VAPT shows the state of your system for a point in time, and therefore, should be conducted regularly. Any organization that digitally stores consumer data should conduct a VAPT regularly. Additionally, any business that accepts & stores credit card information is required to be PCI-DSS compliant and part of that process includes performing an annual VAPT.

Identify. Test. Exploit.

The main objective of a VAPT is to identify, test and exploit the security vulnerabilities within your system from a black hat perspective (i.e., simulating a person who could hack into your computer network system with malicious or criminal intent). KG Hawes will test the following areas: web applications, mobile applications, network(s) & server(s).

   Remediation

Remediation is a separate service we offer after the VAPT process is completed. As part of the VAPT process,  KG Hawes will provide your company with a full report containing a listing of all found vulnerabilities, proof of concept (POC), and the vulnerabilities’ level of severity (critical, high, medium, low). Your team will want to address these found vulnerabilities as soon as possible. Alternatively,  KG Hawes is available to follow through with any remediation for your business as a separate service. 

Remediation Methods

There are two methods of remediation:

  • Remediated: Vulnerability can be removed, or
  • Mitigated: Vulnerability can be minimized.

How to address a vulnerability depends on the type of vulnerability. The preferred method is to remediate (remove) it. This can be as simple as applying a patch, or as complex as replacing network servers. However, not all vulnerabilities can be (or need to be) remediated. Mitigation is generally employed when: a vendor patch/update is not yet available, a vulnerability is not exploitable, software compatibility issues exist and/or down time is not feasible.

Some of Our Team Certifications

KG Hawes - Certification: CEH (Certified Ethical Hacker)
KG Hawes - Certification: CISSP (Certified Information Systems Security Professional)
KG Hawes - Certification: RedHat Certified
KG Hawes - Certification: RedHat Certified Engineer
KG Hawes - Certification: ISO 27001
KG Hawes - Certification: ITIL

Looking for a Trusted Partner?