Vulnerability Scanning

In the ever-changing world of cybersecurity, it’s incredibly important to  have all your bases covered at all times. To cover those bases, you should have penetration testing and vulnerability scanning done regularly.

Unlike penetration testing, vulnerability testing does not try to actively exploit holes in your security setup; it simply probes for the holes before hackers find them first. Vulnerability tests also cover different bases than penetrations tests do, so you need both to keep yourself completely safe. Read more about the different vulnerability tests we conduct to ensure your security:

Outside-the-firewall vulnerabilities

All office networks have a router behind a firewall. A firewall is meant to protect you and your network from the lawless Wild West that is the internet outside. You can’t control what goes on out there, but you can control how your network reacts to what’s out there.

Generally, when someone is talking about “hacking,” they’re talking about outside-the-firewall attacks. These attacks come in a variety of ways, some of which you may be familiar with:

  • Social engineering and phishing by email, over the phone or in person
  • Sending malware like ransomware, Trojan horses and zombies (no, not the undead)
  • Click and registration fraud (e.g., “Click/register here to claim your free prize!”)
  • Domain and top-level domain hijacking
  • Denial-of-service attacks
    • Distributed denial of service (DDoS)
    • User Datagram Packets (UDP) floods
    • Slow/low denial-of-service attacks
    • SYN floods

These threats exist outside of your office network, and they try to infiltrate your network by any of the means above. When you’re properly protected from outside attackers, you can focus on your business and the bottom line, not on malicious hackers.

Lock down your network properly from the inside the firewall and you won’t have to worry about the threats coming from the outside. It seems easy enough, but there are a lot of vulnerabilities to protect, and they require constant monitoring and upkeep.

Our comprehensive vulnerability assessment will determine whether you’re adequately protected both inside and outside of your firewall.

Inside-the-firewall vulnerabilities

So you’re protected from outside the firewall, but what about inside the firewall. Not all threats come from outside, and many businesses fall victim to cyberattacks from within. We’ll call these attacks inside-the-firewall attacks.

Whether it’s employees downloading unauthorized software or opening infected files, hacked instant messaging (IM) sessions, VPN/remote access infiltration, new hire mistakes and disgruntled-employee revenge, your business is at risk to several internal threats.

Vulnerabilities don’t just happen at work, either. If your employees work with their personal device (BYOD), they’re at risk outside of the office. If a machine is infected outside of the office and then comes back to your office network, then the firewall is useless and the virus will spread internally.

You need to have your internal network assessed for proper security measures to prevent these types of internal attacks. With robust security measures and a sensible information policy, you and your business will be protected from anything that can happen inside the firewall of your network.

As part of your comprehensive assessment, we will conduct an in-depth scan inside the firewall to make sure you’re protected inside and out.

Website injection vulnerabilities

Websites can be susceptible to hackers in two main ways: Search Query Language (SQL) injection and cross-site scripting (XSS). Both can truly ruin your day—if not worse.

SQL injections use SQL code “injected” into an entry field. They allow hackers to alter, destroy or release your sensitive data, spoof a legitimate network identity, void transactions and more. They’re serious business, to say the least.

XSS involves injecting a client-side script into a page and sending malicious code to another end user on the same page. The end-user victim is none the wiser as their browser executes the malicious script, and the hacker can access all sorts of useful information.

A secure website means your critical data is safe from sneaky coding and the prying eyes of hackers. Lock down your page and protect it from hackers trying to use SQL injection and XSS techniques to access your sensitive information. With a secure site, you won’t have to worry about your information—or your customers’ and visitors’ information—falling into the wrong hands.

Once again, we’ve got you covered on all fronts. Our security assessment will ensure that your website is protected from both SQL injection and XSS attacks, and you won’t have to worry about your data getting loose.

Email security filter vulnerabilities

There’s no way around it: email is one of the most important forms of communication we have. There’s no way around this, either: email in and of itself is severely lacking in security, and your business can take a major hit if you’re not careful with your inbox and outbox.

Besides social engineering, hackers utilize email to send malicious files and links to unsuspecting business owners and their employees. These malicious files can be any one of many different viruses and malware. Here are just a few of the most common types:

  • Spam that will bog down your computer and network with trash

  • Spyware and keylogging software that let hackers see what you’re doing
  • Trojan horse software that let hackers control your computer
  • Ransomware that hold your computer hostage until you pay up (and sometimes even after you pay up)

Once infected with these malicious files, a hacker can cause anything from headaches to major catastrophes simply by sending an email.

You can’t just stop accepting emails, but you can start protecting yourself from malicious ones. With spam firewalls, email filters, web and security gateways, you’ll stand a much better chance of keeping your email safe.

Luckily, there are many protective measures available when it comes to protecting your email inbox. Locked24 utilizes Barracuda Advanced Threat Protection (ATP) to keep its clients’ and its own email servers secure. Barracuda ATP protects all major threat vectors with numerous tools and security features:

  • Email
  • Web browsing
  • Remote users
  • Mobile devices
  • Network perimeter

When it comes to assess your security coverage, we’ll check everything email-related and make sure you’re set up for success with the best monitoring and alert tools available to keep your email server safe.

3rd-party vendor vulnerabilities

How many vendors do you have for products, supplies and services? And how much do they know about your business? They probably know a good deal. If not, knowing your banking and payment information could be bad enough if it got out.

How do your vendors keep your information safe for you? Not all vendors can be completely trusted to keep their security measures in place. You have enough to worry about with your own security. You can’t keep up on theirs, too.

Keeping yourself safe with vendors comes down to two things: making sure your vendors are reputable and established and managing the information that you give to them. For example, don’t cut them checks with your bank account and routing number on them; use a secure payment method instead.

Keeping your information close is the key to protecting yourself from 3rd-party vendor vulnerabilities. Protecting yourself always brings peace of mind, and you can focus on what’s important.

Our comprehensive vulnerability assessment will determine if you’re keeping your information safe enough when it comes to dealing with vendors, and we’ll make appropriate recommendations to keep you protected.

Internet exposure vulnerabilities

What does the internet know about you and your business? If a hacker were to scan your IP address, what would they find? Did you even realize they could do that? They can, and they could be releasing your information to the Dark Web.

If your personal or business information is available online, it could open you up to all sorts of identity and fraud issues. When one person has access to your information, it’s bad. When an entire network of hackers has access to it, it can be disastrous. The Dark Web is a nasty place, and the people with access to that kind of information are not the people you want having your data.

Active Dark Web monitoring tools are available, and you can check if your information is floating around the dark web here. If it has indeed been “pwned,” we recommend updating passwords for all your accounts.

With sensible information policies in place, you won’t have to worry about your data being leaked or hackers finding your sensitive information. We understand how hackers work and where they like to hide. Our full vulnerability assessment will make sure you’re well prepared and protected.

Cloud scanning vulnerabilities

Cloud storage is everywhere these days. It’s handy and secure, as far as you know. But just because it’s on the cloud doesn’t mean it’s safe. Cloud storage is flawed because you can’t fully control your data—or who potentially has access to it.

Can your employees access the cloud? If so, they could lose or leak the information. What if the cloud storage itself is hacked due to oversight from the cloud service provider? You’re entrusting a lot of personal information to a faceless entity that can technically do whatever it wants with your data.

If you’re going to utilize cloud services, you had better do it the right way. Limit access as much as you possibly can. If you’re really keen on cloud storage, you can even set up your own personal cloud network. Then you don’t have to worry about someone else leaking your information.

Secured cloud storage is a blessing. You can pick up and drop files and access them from anywhere without worrying about hackers stealing or intercepting them. We understand how the cloud works—we even have our own cloud network set up—and we’ll help you keep your data safe.