Our Next Generation Vulnerability Assessment (NGVA) service utilizes a hybrid approach for conducting vulnerability assessments.
Traditional security companies rely solely on automated tools for conducting assessments, which lead to unnecessary noise, false positives, and in many cases results in inaccurate assessments of the real-world exploitability of security vulnerabilities.
As opposed to traditional approaches, Cyber Citadel’s NGVA service does not rely on automated tools. Instead, our assessment uses automated tools together with our own custom, propriety toolsets, which are reviewed manually by our security team.
We eradicate false positives by verifying vulnerabilities independently, removing security issues with no real-world impact. Each vulnerability is given a risk assessment, outlining key recommendations and advice for threat remediation, before being incorporated into the final report. We also offer remediation support addressing identifiable vulnerabilities as part of our NGVA.
Our online portal makes managing vulnerability assessments a breeze for any of our clients.
Manage completed, on-going and pending vulnerability assessments from your personalised dashboard. Review the overall risk to your company with a chart displaying the total number of vulnerabilities found.
Visualise the Risk
Our NGVA breaks down vulnerabilities into real-world risk catagories. On our client portal, you can view these risks in order of severity.
- Findings grouped into critical, high, medium and low risk vulnerabilities.
- Each individual finding flagged as open or closed.
- Every finding comes with its own description, likelihood rating, business impact and recomended mitigation strategy.
Once we have completed our NGVA, your report will be waiting securely on your personalised portal.
- Every report created by Cyber Citadel will be listed by report type.
- An easy access .pdf will be provided.
- A quick-view list of the vulnerabilities found can be accessed on every completed assessment.
Vulnerability Integration into DevOps
Vulnerability assessments fall under the category of DAST (Dynamic Application Security Testing), a later stage of the DevSecOps process. The advantage of DAST as opposed to SAST (Static Application Security Testing) is that SAST does not capture configuration and infrastructure related vulnerabilities.
Our NGVA platform can also integrate into various organizational tracking systems and into the DevOps CI/CD (continuous integration/continuous deployment) toolchain.