Results can be used to prioritize security improvements, ensuring that the target system complies with security best practices and regulations, while also providing evidence of the target system’s security posture.
Depending on your industry and the relevant regulations, an authenticated vulnerability scan may be required for compliance purposes.
Authenticated scans provide a more comprehensive and accurate assessment of your system's security posture, as it accesses patch levels and other configurations of the system.
When running an authenticated vulnerability scan, we customize profiles for accuracy and efficiency ahead of careful planning and coordination between our scanning team. For any hosts that the scanner cannot log into, they will still be scanned from an unauthenticated perspective.
Schellman does perform authenticated vulnerability scans—our Penetration Testing Team continues to grow and is currently comprised of individuals from different backgrounds including former developers, system administrators, and lifelong security professionals. Our team is incredibly experienced, and collectively holds the following professional certifications, among others:
We find that an authenticated vulnerability scan can take as little as 1 week, but more time will be necessary as the total number of in-scope hosts increases.
You can expect to pay no less than $12,500 for a standalone authenticated vulnerability scan with us, though your scope will determine your final price.
Let us know which hosts have a history if issues from vulnerability scanning. We like to avoid network printers as well as older telephony devices. For other sensitive hosts, we can throttle the scan speed and perform scanning during non-business hours.
Many organizations perform vulnerability scanning during the day. While others choose to only run them after hours. When performing any type of scanning after hours, please have someone designated as a point-of-contract to escalate issues to if needed.
In most cases, a service account with access to all devices to be scanned. However, Schellman can also utilize other credentials such as password vaults, private keys or client certificates.