The DeepDive™ security vulnerability audit addresses the three pillars of vulnerability management:

1. security scanning,
2. patch management, and
3. network auditing.

By auditing your entire infrastructure,  DeepDive™ identifies all possible security issues and provides you with a comprehensive summary report and a recommended course of action.  Along with the summary report, you will receive details that highlight potential vulnerabilities. We can also perform an external network penetration test of your public IP addresses that will reveal where potential attacks could penetrate the network.

During the security audit, over 15,000 vulnerability assessments are made and networks are scanned device by device. The audit performs multi-platform scans including Windows NT, Windows XP, Windows Server, Windows Vista, Mac OS, and Linux. This ensures that you are able to identify and rectify any known threats before hackers manage to do so.

The DeepDive™ audit scans computers, and then identifies and categorizes security vulnerabilities. The audit also recommends a proactive course of action for vulnerabilities identified where appropriate.  In addition, we provide a weighted assessment of the vulnerability status of a scanned computer or group of computers.  This gives you a "real world" basis of comparison between your network and standard industry best practices and norms.  Wherever possible a web link or more information on a particular security issue is provided, such as a BugTraq ID or a Microsoft Knowledge Base article ID.

The DeepDive™ audit takes advantage of multiple enterprise class vulnerabilities databases, including standards such as OVAL (2,000+ checks) and SANS Top 20. The industrial-strength, security audit database is regularly updated with information from BugTraq, SANS Corporation, OVAL, CVE and several others. We update our database list and add new vulnerabilities as soon as they become available.

The audit can ensure that third party security applications such as anti-virus and anti-spyware offer optimum protection and also checks that standard supported security applications are updated with the latest definition files and are functioning correctly. For example, you can ensure that supported security applications have all key features (such as real-time scanning) enabled.

When an audit is complete, we have the capability to effectively install and manage patches on all machines across different Microsoft operating systems and products, providing effective remedies and solutions. Custom software can also be deployed. This results in a consistently configured environment that is secure against all vulnerabilities.

The DeepDive™ audit tells you critical information you need to know about your network, including: what USB devices are connected, what software is installed, any open shares, open ports and weak passwords in use. In-depth reports give you an important and real-time snapshot of your network’s status, enabling you to proactively secure the network by closing ports, deleting users or groups no longer in use or disabling wireless access points.

The audit can be done on a scheduled basis and can automatically compare results to previous scans. Any new security holes or security setup changes discovered on your network relative to previous audits can be identified. This enables you to quickly identify newly-created shares, installed services, installed applications, added users, newly-opened ports and more.

The DeepDive™ audit can also check if each Windows NT/2000/XP/VISTA machine has security auditing enabled. Security event auditing is highly recommended because it detects intruders in real-time. If you have a Linux system, the audit will scan and retrieve OS data from your Linux systems. The scan results are presented in the same way as for Windows-based computers. This means that both Linux and Windows-based computers can be analyzed in a single audit session. The audit includes numerous Linux security checks including rootkit detection.

DeepDive™ audit reports are designed to satisfy the requirements of both management and technical staff. These deliver a graphical snapshot of the security health status of your network, from trend reports for management (ROI) to drill-down reports for technical staff.

The audit is most effective when administrator-level domain or device-specific administrator credentials are provided for the devices to be included in the scan. The audit’s external network penetration testing examines all specified externally visible internet addresses for open ports and associated vulnerabilities. The audit can optionally examine public and internal websites for known security vulnerabilities.

What Is Involved?

We will deliver a security appliance (stand-alone server with custom software) to your facility. This appliance is connected to the network to be audited, and must remain powered on during the entire audit period. The appliance will remain at your facility for a period of 1 to 3 days, depending on the size and complexity of your network (e.g. number of elements, intervening firewalls, IDS technologies). Analysis of the data and report preparation is done by CCT. CCT will then schedule a meeting to review the results and recommended remediation work to resolve high-risk vulnerabilities. Any and all information associated with the DeepDive™ audit is maintained in strict confidentiality.