Internal Network Configuration and Vulnerability Assessment (CAVA)

Exposing Weaknesses in Your Environment with Authorized Access

An Internal Configuration and Vulnerability Assessment (CAVA) is a hands-on, privileged security inspection consisting of two components. First, we look at the configuration of systems to evaluate the strengths and weaknesses of your information system’s design and technical / operational controls. Then we run a vulnerability scan on your internal network to identify vulnerabilities that are specific to your system and devices. We use the credentials of domain administrators, which allows us to look at things like domain registries and patches.

Through the Assessment, we will:

  • Document your global network security settings and configurations.
  • Document the relative strengths and weaknesses of your current technical and operational controls.
  • Assign compliance ratings of system configuration and settings in accordance with industry standard and regulatory best practices, including FFIEC, NCUA, and CMS guidelines, the National Security Agency Gold Standard, National Institute of Standards and Technology guidance, ISO 27002 standards, and relevant vendor recommendations.
  • Identify system/device-specific vulnerabilities using the Department of Homeland Security Common Vulnerabilities and Exposures (CVE) database.
  • Provide specific, detailed remediation recommendations.

The Tyler Cybersecurity Methodology

Data Collection

A Tyler Cybersecurity expert will meet you onsite at your location to perform data collection in person. We conduct the configuration review using automated and manual open source, commercial and proprietary tools, interviews, and observation techniques. Administrative credentials are required to perform the Configuration Assessment.

We conduct the Vulnerability Assessment using a licensed commercial vulnerability scanner that supports a wide range of network devices, operating systems, databases, and applications. While administrative credentials are optional for the vulnerability scans, we encourage using them to scan Microsoft Windows environments because the results will be more accurate, and will better expose the system’s vulnerabilities.

Data Analysis

Tyler Cybersecurity experts perform the Data Analysis Phase of the Assessment offsite by reviewing the data we’ve collected. In the Configuration Assessment Analysis, we compare each system and assign compliance ratings in accordance with industry standard and regulatory best practices. In the Vulnerability Assessment Analysis, we review the results of the vulnerability scans to ensure that the most relevant information is included in a clear and concise manner.

Reviewing our Findings

Once we have analyzed the data, we will schedule a meeting with you, generally via WebEx, to review the results with you step by step.

Reports and Recommendations

The Internal Configuration and Vulnerability Assessment (CAVA) report includes:

  • A summary of the findings presented in an executive report in PDF.
  • A corresponding interactive HTML report providing the details for each of the Assessment categories, as well as the device-specific vulnerabilities.
  • An action plan in Microsoft Word detailing our recommended remediation activities.

The Tyler Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

Cybersecurity Lifecycle

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More