e-Scope Security Services >  Vulnerability Assessment and Penetration Testing
Firewall Management

e-SCOPE VULNERABILITY ASSESSMENT SERVICES DEFINED

ECCT's e-SCOPE Vulnerability Assessment Services provide comprehensive network vulnerability assessment for measuring network security risks. ECCT uses best-in-breed technology to test all network devices including firewalls, routers, switches, servers, workstations, printers and print servers. These tests identify and locate vulnerabilities, categorize them by severity and provide detailed reports with standard vulnerability elimination procedures. Our experienced team of security engineers also works to identify false positives.

Regular use of our e-SCOPE Vulnerability Assessment Services provides an on-going analysis and control of network security, allowing administrators and executives to manage the credit union's security policy proactively. In addition, these services comply with all NCUA and FFIEC guidelines.

INTERNAL / EXTERNAL VULNERABILITY ASSESSMENTS

An Internal Vulnerability Assessment will perform a complete scan of the internal network and detect all known vulnerabilities, it will analyze every device IP address by IP address to identify the device, its operating system, firmware, service packs and/or patches. It will then generate a report describing known vulnerabilities for each device.

An external vulnerability assessment will be performed remotely from ECCT's e-SCOPE Security Operations Center in order to analyze the integrity of the credit union's perimeter security. The assessment will validate the configuration of the firewall and will determine if a possibility exists for attacks via the protocols currently allowed through the firewall. This service simulates attacks to determine if perimeter security devices can be bypassed or penetrated.

Vulnerability Assessment is an on-going process, as so testing should be performed on a regular basis. Since the ideal amount and frequency of vulnerability testing will vary according to the client's specific security policy, needs, size and NCUA requirements, ECCT offers many options to accommodate each client's individual needs. Below are samples of available programs:

  • INDIVIDUAL TEST - Single Internal or External Vulnerability Tests can be performed.
  • BI-ANNUAL TESTING A series of one (1) internal and one (1) external vulnerability test will be performed within the same time frame. After six (6) months, another series will be performed. This program can be renewed each year (Recommended Minimum).
  • QUARTERLY TESTING - A series of one (1) internal and one (1) external vulnerability test will be performed within the same time frame. Every three (3) months thereafter, another series will be performed. This program can be renewed each year.
  • MONTHLY TESTING - A series of one (1) internal and one (1) external vulnerability test will be performed each month. This program can be renewed each year.
  • REPORTING - ECCT provides a comprehensive report with all vulnerability findings delivered in both an Executive Summary and a Detailed Technical Report. The technical report includes descriptions of all detected vulnerabilities, their level of severity, what devices are affected and any known remediation procedures or recommendations.

ECCT provides a brief review of our reports as part of this service. This review does not include a line by line explanation of each vulnerability, since that is part of the remediation process.
HOME | SITE MAP | CONTACT
tel 800.398.2292 :: fax 631.924.1523 :: info@ecct.net :: © 2008 ECCT All rights reserved.
close

Need assistance?

Please provide your company name, your name and direct phone number (including area code) and/or extension and we will call you within the next 5 minutes during normal business hours EST. We cannot contact you without this information, and this information will be used for this call back only.