Risk & vulnerability assessments

The IT environment of companies is growing rapidly and constantly expanding with new systems and functions, and it can be difficult to keep up to date with what security gaps exist on your own. CoreIT offers risk and vulnerability analyses based on solutions from HOLM Security.

Get a holistic view of your company’s security through scheduled reports of your infrastructure and a detailed risk assessment of your IT security. The services provide all the features needed to easily and effectively detect, assess, prioritize and remediate vulnerabilities.

• Automated scans
• Risk-based prioritization
• Full coverage

Different types of set-up can be chosen to cover different types of risk exposures, the first two variants below refer to scanning from the inside while web scanning refers to identifying risks and vulnerabilities that can be accessed from the outside.

System and network scanning

The system automatically and continuously scans the company’s network and systems to identify vulnerabilities. The network scan detects vulnerabilities related to old software, exposed services and features, misconfigured systems and weak passwords, among others. The service also automatically maps your network for a clear overview of all your systems.

Agent scanning

Many companies have staff working remotely, which naturally makes security work more complex. With a system from HOLM Security, you gain visibility into your organization’s mobile devices, including laptops, and can identify vulnerabilities without the need for authentication. The agent requires minimal resources and communication is via proxy, which means that internet access is not required.

Agents are deployed via your GPOs or your current software deployment tool. Agent scanning is used to gain insight into risks among mobile devices and critical infrastructure. Even if a device changes IP address internally (DCHP), the device will be included in the scan.

Web application scanning

New security risks are constantly being discovered and in just one month thousands of new vulnerabilities are discovered. To keep web applications secure, HOLM Security has developed a system that automatically and continuously scans web applications and APIs for weak passwords, faulty code, misconfigured systems, exposed system information and personal data. The system handles all types of web applications, whether they are public, local or intranet.

Identified vulnerability

When a new vulnerability is discovered, or a change in the system occurs, a notification is immediately sent out. In the event that the system identifies a vulnerability, where CoreIT is also tasked with fixing the problem, an alarm is sent to CoreIT’s SOC (Security Operations Center) for further analysis. Depending on the severity of the vulnerability, CoreIT takes action as soon as possible or the customer is informed for further dialog regarding the type of action. The customer also receives regular reports on identified vulnerabilities and that at operational meetings / delivery meetings, the vulnerabilities identified are followed up for dialog on measures.