Every day, the threats to your enterprise systems grow more dangerous, more complex, and more widespread. Malicious hackers, identity thieves, and other attackers are constantly at work, looking for any weakness in your infrastructure, network, and data security. New viruses continue to emerge, the most virulent capable of taking down your entire operation. Risk intelligent executives know that vulnerability management is a multifaceted effort.

Amid these growing dangers, vulnerability management is an essential element of any enterprise security program. Effective vulnerability management means your organization is equipped to identify system exposures quickly and take the appropriate actions to correct insufficiencies.

Vulnerability Management services from Deloitte & Touche LLP (“Deloitte & Touche”) can help you combat today’s growing array of system threats. We assist you in assessing your infrastructure, networks and application environments to identify vulnerabilities and control weaknesses. We can then work with your team to develop and deploy the technical and architectural improvements necessary to reduce attack exposure.

By understanding and addressing system vulnerabilities, your organization can reduce the risks inherent in remote and Internet access. You can increase the confidence among your customers and business partners that their data is secure. You can reduce the potential for compliance and liability problems in today’s increasingly regulated marketplace.

Addressing the Full Range of Threats
The rapid development of new applications is compelling organizations to be more diligent than ever in testing code for potential weaknesses and monitoring multiple fronts in real-time. Further, the ever-present internal threat from a disgruntled employee, vendor, or trusted partner continues to present considerable risk for organizations. Weaknesses in network ports and services, as well as programming and logic weaknesses within applications, must be monitored constantly to ensure that security baselines are being maintained and proper change management processes are followed. Comprehensive patch management programs must be in place to update systems in a cost effective and timely manner.

Deloitte & Touche’s vulnerability management services can help you identify the specific technical and architectural improvements needed to minimize exposure to attacks. With our customized methodology, we can assess the many aspects of risk to support identification of both internal and external facing threats. Using both commercial and proprietary tools, we conduct the following vulnerability assessments:

• External penetration testing
• Internal penetration testing
• Wireless penetration testing
• Web application testing
• System, application and network security diagnostic assessments
• Social engineering vulnerability assessments

We can test your entire infrastructure in a controlled manner. Our team can assess your critical systems and devices, including Internet firewalls, routers, Web servers, application servers, email servers, middleware, file servers, database servers, and wireless access points to help you assess the security effectiveness of these systems.

Building a Sustainable, Practical Response
Once vulnerabilities have been identified and prioritized, it is important to find sustainable solutions for resolving them. A comprehensive vulnerability management program should include four core components in addition to vulnerability assessment and testing:

• Threat modelling for monitoring sources that identify vulnerabilities and threats.
• Remediation management, such as configuration and patch management, for developing common security configuration baselines, testing, and applying vendor security patches, fixes, or service packages.
• Incident response for containment and correction.
• Security event monitoring and logging for detecting potential threats to assets that are targeted for infection or intrusion.

Our vulnerability specialists have the experience, knowledge, and tools to help you address the complex components necessary for building a sustainable response to infrastructure and application environment vulnerabilities. Based on our experience in technology implementations, we understand it is critical to select solutions and processes not only based on technical superiority but also focusing on the long-term benefit to your organization from a cost and operational perspective.

We have developed a methodology that has proven effective for strategy development, design, and implementation of an overall vulnerability management program. This methodology provides a security snapshot of your current vulnerability management mechanisms and processes, and it helps to clearly identify areas of improvement.