SolarWinds MSP is becoming Read More

SolarWinds Risk IntelligenceNetwork Vulnerability Assessment

An assessment of your network security will make sure that the business you conduct and the data you store remains strictly between you and your customers, reducing the threat of third-party breach, data loss, or malware

Network Vulnerability Assessment

What is a Network Vulnerability Assessment?

Network Vulnerability Assessment 1

What is a Network Vulnerability Assessment?

A vulnerability assessment is the process of identifying and classifying any security holes in your network or communication systems. In analyzing vital aspects of your data management, you determine the effectiveness of your current security software and any additional measures that must be taken.

The key focus of a vulnerability analysis is to:

  • Define and classify network and/or system resources
  • Identify potential threats to these resources
  • Develop a strategy to tackle the most serious threats
  • Define and implement ways to minimize the likelihood of these threats becoming more serious, and the resulting consequences

As new viruses are created and technology changes, you must make sure that your security software is prepared to handle the latest threats.

Steps to Assess Your Network Security

Network Vulnerability Assessment 2

Steps to Assess Your Network Security

Step 1: Identify and understand the way your business is organized and operates - Most businesses rely on collaboration between representatives from their internal business units, legal teams, and finance departments to coordinate with IT professionals regarding their exact network needs. Consider issues such as client or customer privacy, regulatory compliance, business processes, and competitive positioning within your industry.

Step 2: Locate the applications and data that are used during the business process - Identify which of these are sensitive and what information is at risk in the event of a privacy breach.

Step 3: Search for hidden data sources that may allow easy access to secure information - This is especially important if there is cloud-based access to private data or access across multiple platforms, including smartphones and tablets.

Step 4: Identify both virtual and physical servers that run applications necessary for your business operations - These servers may not be protected and may allow access to sensitive information without you knowing it.

Step 5: Keep track of what security measures are already in place - Your network protection may already include specific policies, firewalls, virus detection, VPNs, disaster recovery, and encryption. It’s important to understand the capabilities of your current security measures in order to properly address any vulnerabilities.

Step 6: Scan your network for vulnerability - The results of this scan will give you confirmation of your network’s security. Should a virus or vulnerable area be identified, you will need to develop a network security strategy, possibly with the help of an MSP.

Internal Vulnerability Assessment

Network Vulnerability Assessment 3

Internal Vulnerability Assessment

Proactive MSPs should conduct internal vulnerability assessments to help clients secure their networks from the inside — especially if they are subject to PCI DSS requirements. External attacks and network breaches have become so publicized, many organizations may overlook the importance of internal security and risk analysis. 

Adding internal vulnerability assessments to your product portfolio allows you to identify where your clients are most vulnerable to insider attacks while bringing another revenue stream into your company.

The Importance of Internal Vulnerability Management

Unlike external vulnerability assessments, which focus on outside attackers trying to penetrate into a company, an internal vulnerability assessment evaluates IT security from the inside. It looks at ways that individuals located inside the company can exploit a company’s network and data assets.

Conducting an internal vulnerability assessment empowers companies to remediate vulnerabilities against:

  • Intentional inside attacks (for example, by disgruntled employees, partners, etc.).
  • Unintentional attacks (such as accidental deletion of sensitive data).
  • Viruses, malware, and other outside attacks that were able to breach the network security boundary.

Assessing Network Security

Network Vulnerability Assessment 4

Assessing Network Security

As an MSP, you need to the most robust solution available to safeguard your clients' networks. Data breaches are becoming more and more sophisticated, so you don't want to leave your network security solution to chance.

Take fast food giant Wendy's as a cautionary tale. Hackers were able to infiltrate the payment card systems of more than 1,000 restaurants and steal personally identifiable information of thousands of customers as a result of a malware attack in early 2016.

Make sure you're investing in the latest vulnerability assessment tools to stay out in front of such attacks. You need the ability to identify weaknesses in your clients' systems, respond to real threats and attacks, and be able to recover when the worst happens. 

Vulnerability Scanning: A Can’t-Miss Opportunity for MSPs

Network Vulnerability Assessment 5

Vulnerability Scanning: A Can’t-Miss Opportunity for MSPs

Offering internal vulnerability assessments can open a lucrative revenue stream for MSPs — so long as they choose the right solution. Choose the wrong tool and MSPs can encounter a tough road with a lot of hard selling to convince clients of the value associated with vulnerability scanning.

Sure, having a solution that identifies systems and data at risk, who has access to them and how much it will cost to fix vulnerabilities is powerful. But having an intelligent solution that not only fully identifies risk, but quantifies it in dollars, demonstrates the monetary value of the scan in terms of real risk reduction. Having such a significantly compelling aid strengthens your hand immeasurably when it comes to pitching internal vulnerability assessment services to clients.

MSP Risk Intelligence from SolarWinds MSP

Network Vulnerability Assessment 6

MSP Risk Intelligence from SolarWinds MSP

MSP Risk Intelligence from SolarWinds MSP allows MSPs to simulate the identity of someone with normal privileges within a client’s IT infrastructure. Using that persona, MSP Risk Intelligence actively tries to expose sensitive data, vulnerabilities and access permissions, and then exploits them in order to breach client systems and gain access to sensitive data.

Using the information collected from the scan, MSP Risk Intelligence calculates, balances, and prioritizes the clients’ financial risk. Then it generates a color-coded, dollar-based risk assessment report that shows, down to the dollar, the financial liability being carried by client systems. By putting risk in monetary terms, you can convince key stakeholders of the importance of investing in security.

With MSP Risk Intelligence, you can take advantage of

Vulnerability Scanning

MSP Risk Intelligence's thorough vulnerability scanning tools help you develop a comprehensive internal vulnerability assessment. Discover where the holes in client networks reside to stop exploits before they start.  

Scans are lightweight and host-based, so you don't run into permissions issues or eat up a lot of bandwidth. You can search across virtually any type of device, from servers down to mobile devices. And thanks to a nightly sync with the Common Vulnerability Scoring System (CVSS) database, you can rest assured that you'll always be on top of the newest threats.

With MSP Risk Intelligence, you'll find:

  • Unpatched software
  • Email vulnerabilities and threats
  • OS vulnerabilities
  • VPN connection threats

Risk Intelligence Reporting

MSP Risk Intelligence makes it easy to show key client stakeholders the financial impact of investing in security. With our reporting feature, you can clearly and powerfully make the case for your services and your value. It allows you to get as granular as you need to demonstrate improvement. And it puts a dollar figure on risk, so it's simple to understand.

With MSP Risk Intelligence, you can:

  • Discover how many vulnerabilities are out there and then track them over time, showing improvement or recognizing increases.
  • Figure out which devices are a risk for exposing credit card data and discover how much a breach would cost.
  • Show changes in risk liability over time to further signal improvement

Export reports as a CSV, PDF or Excel file. You can even brand them with the logo of your choosing.

Permissions Discovery

You don't want data falling into the wrong hands — even if that person happens to be a client's employee. Even if it's not malicious, allowing access to sensitive information can spell bad news. MSP Risk Intelligence allows to you find permissions issues before they become a headache.

Our permissions discovery solution:

  • Scans for sensitive data to root out permission mismatches and ensure the appropriate people can access that data.
  • Drills down to the file type so you know who has access to what.
  • Finds the types of permissions — read, write, etc. — employees have.

Payment Data Discovery

PCI DSS compliance is a must for client's handle credit card information. MAX Risk Intelligence helps by finding payment card information in hard-to-reach places. Search servers, workstations and mobile devices — it can handle all types of technologies, operating systems and file types.

It takes care of required PCI DSS scans (Primary Account Number and internal vulnerability scans). And all data in transit and at rest are encrypted with IPsec or SSL VPN tunnels.

PII/PHI Data Discovery

As with payment card information, personally identifiable information and protected health information must be safeguarded at all costs. A breach could tarnish your client's reputation and lead to potentially expensive consequences because of regulations like HIPAA. That's why our PII and PHI Data Discovery scans are invaluable.

MSP Risk Intelligence helps you find all kinds of PII — email addresses, Social Security numbers and more — in-transit and at-rest. It will even put a dollar figure on each piece. It also helps secure all kinds of PHI — medical records, insurance information, patient charts — to help you stay in compliance with HIPAA.

Keep Your Servers Secure with SolarWinds MSP

SolarWinds Risk Intelligence

  • Our solutions automatically scan, detect, and patch areas of your network
  • Take managed services to the next level with our extensive portfolio of leading-edge IT solutions and unique pricing model
  • Dedicated to protecting your clients’ networks from top to bottom, inside and out