Cyber Assessment Process

Foundational Assessment. Prioritized Protection.

The beginning of any advance in cybersecurity begins with a foundational vulnerability assessment. While other assessment technologies get extremely specific in finding unique aberrations in an operational context, CyVision takes a three-dimensional look to answer three critical questions while providing strategic direction and helping to identify your biggest cybersecurity challenges:

  • Where am I exposed
  • What do we do first?
  • How can I improve our overall Security profile?

Analyze

Using an open and agnostic architecture, CyVision gathers info box by box, aggregating disparate scan data, ACL data and log/big data to provide a thorough risk assessment. No integration required. No special software or devices to install. In fact, the CyVision service can be performed 100% remotely.

Visualize

Sophisticated analysis tools help us visualize your network and translate critical findings into simple, easy to understand illustrations.

PRIORITIZE

CyVision’s advance analytics tools will prioritize – out of thousands of potential threats – a hierarchy of cyber vulnerabilities. Most importantly, identifying whether a high-valued asset is directly or indirectly at risk. 

It’s a proprietary process that helps you REALIZE the peace of mind of knowing how to defend your organization against your most critical cyber security challenges. 

Analyze

Using an open and agnostic architecture, CyVision gathers info box by box, aggregating disparate scan data, ACL data and log/big data to provide a thorough risk assessment. No integration required. No special software or devises to install. In fact, the CyVision service can be performed 100% remotely.

Visualize

Sophisticated analysis tools help us visualize your network and translate critical findings into simple, easy to understand illustrations.

PRIORITIZE

CyVision’s advance analytics tools will prioritize – out of thousands of potential threats – a hierarchy of cyber vulnerabilities. Most importantly, identifying whether a high-valued asset is directly or indirectly at risk. 

It’s a proprietary process that helps you REALIZE the peace of mind of knowing how to defend your organization against your most critical cyber security challenges. 

The CyVision Enhanced Cyber Vulnerability Assessment Process

Utilizing a powerful, patented combination of data assessment tools, CyVision’s assessment services are far more comprehensive and accurate than combined single-application solutions. By merging data from best of breeds applications, cyber planning can be more accurate, more timely, and more affordable than other services. Our process will provide the client with a visual representation of the true state of its cybersecurity posture and a proposed prioritized remediation plan.

 

How It Works:

\

Data Gathering

CyVision analyzes Access Control Lists (ACLs) data, log data, and scan data – three types of cybersecurity data common to all networks – without the need for APIs, scripting or BAT file automation, regardless of hardware infrastructure. All data gathering and processing can be done via remote access with little investment of time on the part of management or IT teams.

\

Data Analysis

CyVision aggregates this disparate yet related data for comprehensive analysis and modeling. CyVision’s advanced analytics prioritize – out of thousands of potential threats – a hierarchy of cyber vulnerabilities that identify whether a high-value asset is directly or indirectly at risk. At this time we evaluate potential vulnerabilities according to the NIST Risk Equation – calculating Vulnerability x Threat x Consequence.

\

Report Generation

Upon completion of a comprehensive analysis, CyVision generates between six and 10 reports each customized and focused on the actionable requirements of the varied levels of cyber stakeholders – from senior management to network administrators. Reports allow stakeholders to visually prioritize assets through drag-and-drop. Here is an overview of the priority reports which CyVision can deliver:

  • Assessment Overview Report: this report is for the C-suite and senior management and includes visualizations that may be expanded and/or more targeted based upon the findings.
  • Dashboard Report: provides a dashboard and links to raw supporting data (organized by vlans). This report is typically for the vulnerability manager so they can search and organize by high-value asset.
  • Prioritization Report: this report has proven to be the most helpful. Delivered in a CSV and XLS formats, this report provides prioritization of the findings (viewed as “Top 10” and “All”. The report is designed to provide the most critical remediation events based upon consequence and is helpful, especially at the CIO/CISO levels. The remediation manager can also use this report to more easily review and organize ALL vulnerabilities based upon consequence.
  • Other Reports: A report highlighting potential vulnerabilities for the Pen Test results as well as a system-wide software and hardware inventory.

 Assessment Report

image of dashboard report Dashboard Report

Prioritization Report

\

Report Generation

Upon completion of a comprehensive analysis, CyVision generates between six and 10 reports each customized and focused on the actionable requirements of the varied levels of cyber stakeholders – from senior management to network administrators. Reports allow stakeholders to visually prioritize assets through drag-and-drop. Here is an overview of the priority reports which CyVision can deliver:

  • Assessment Overview Report: this report is for the C-suite and senior management and includes visualizations that may be expanded and/or more targeted based upon the findings.

  • Dashboard Report: provides a dashboard and links to raw supporting data (organized by vlans). This report is typically for the vulnerability manager so they can search and organize by high-value asset.
    image of dashboard report
  • Prioritization Report: this report has proven to be the most helpful. Delivered in a CSV and XLS formats, this report provides prioritization of the findings (viewed as “Top 10” and “All”. The report is designed to provide the most critical remediation events based upon consequence and is helpful, especially at the CIO/CISO levels. The remediation manager can also use this report to more easily review and organize ALL vulnerabilities based upon consequence.

  • Other Reports: A report highlighting potential vulnerabilities for the Pen Test results as well as a system-wide software and hardware inventory.
\

Client Presentation

CyVision presents an overview of key findings and prioritized vulnerabilities to key stakeholders. A remediation plan is also presented. Remediation approaches utilize standard CVSS priority, threat path based on host-to-host analysis, or threat path based upon connection-to-connection analysis. While the CSS approach is traditional, the threat path options provide remediation recommendations based on priority, and deliver a much better understanding of the cyber environment.

Schedule a CyVision Demonstration

We would welcome the opportunity to provide a 20-minute online demonstration of how CyVision can help you simply, powerfully, and affordably protect your cyber environment from a wide variety of attacks like no other tool can.