Vulnerability & Likelihood (V&L) Assessment

Our client for this engagement is an iconic digital brand who has built their reputation protecting sensitive information

Background

Organisations who operate digitally realise the need to maintain a level of cyber security hygiene. One key aspect of this hygiene is vulnerability scanning, where a security scanner is pointed at a digital asset to determine if there are any know vulnerabilities that could be exploited.

What we have started to see however, is that some companies are buying automated services who produce a technical summary, or they are running scanners inhouse. In both cases we have found there to be little subject matter expertise to interpret the findings to determine the real-world likelihood of those vulnerabilities being exploited and by whom.

To support our clients in this area we developed a Vulnerability & Likelihood (V&L) Assessment. Through this assessment, highly skilled practitioners carry out the scanning and then map the results to the leading threat intelligence resources to highlight what bad actors are using these vulnerabilities and therefore how likely you are of attack.

Our role

Engaged by the client to deliver a V&L assessment we worked with key stakeholders to agree scope, reporting hierarchy and timing.

Through the execution of the assessment, it was noted that there were a number of vulnerabilities identified that were actively being exploited by threat campaigns against the client’s industry sector. This allowed us to elevate the observations to critical status within the business and saw the vulnerabilities patched the same week.

What we did

Through this assessment we carried out the following activities:

  • Scoped with assessment with key stakeholders
  • Agreed reporting hierarchy and timelines
  • Conducted technical reconnaissance
  • Scanned the client’s assets
  • Mapped the outputs to threat sources
  • Developed and presented a plain English report outlining results