Kriston Technology will deploy our advanced vulnerability management agent to all your devices. We help you complete a simple questionnaire to determine your external assets and network ranges, and we’ll start to collect data on the vulnerabilities on your devices and in your network.

Once we’ve identified the vulnerabilities, we’ll prioritise them, and focus on your critical assets. The prioritisation is based on the Common Vulnerability Scoring System (CVSS), a rating method form 0 to 10, where 10 is the highest severity.

Notes on EPSS

We’ll assess the vulnerabilities, identifying those most likely to be exploited, this goes beyond the CVSS and uses EPSS…..

Add more text.

We’ll report our findings to stakeholders and provide recommendations for remediation to be agreed upon.

Kriston Technology will either take sole responsibility for the remediation, or work with your Internal IT or your external IT support team to remediate the vulnerabilities.

Our advanced vulnerability management agent tool has the ability to automate many of the remediations.

Finally, with our advanced vulnerability management agent, we can verify the remediations have been applied correctly, and track vulnerability trends over time. 

Automatically perform egress filtering to ensure that your organisation is effectively restricting unnecessary outbound traffic. Unrestricted outbound access can allow a malicious actor to exfiltrate data from your organisation’s environment using traditional methods and unmonitored ports.

Upon the discovery of user account credentials, vPenTest will automatically attempt to validate those credentials and determine where they are most useful. This is a common process executed by both malicious attackers and penetration testers and is performed during privilege escalation.

Using a valid set of credentials, vPenTest will attempt to identify valuable areas within your organization. This is conducted through a variety of methods, including the use of Vonahi’s Leprechaun tool which assists in identifying where sensitive targets are.

Critical data leaving your organisation is an extremely serious concern. If access to confidential and/or sensitive data can be attained, vPenTest will simulate and log this activity to help your organisation tighten areas that should restrict data exfiltration.

With elevated access, we will attempt to upload malicious code onto remote systems in an attempt to test the organisation’s end-point anti-malware controls.

We’ll generate an executive summary, technical and vulnerability report within 48 hours after the penetration test is complete. Our detailed deliverables will allow your network staff to cross reference our activities with monitoring and alerting controls.