Vulnerability Assessment

Home >> Products & Solutions >> IT Services >> Vulnerability Assessment

Vulnerability Management is a key competency in securing a business computing environment. The Term “Vulnerability” in this context is defined as a weakness in a technology component that allows an attacker to compromise the integrity, availability, or confidentiality of an asset. WaTech operates a hardware and software vulnerability scanning platform service which enables agency security teams to identify where vulnerabilities reside across their environment of network components, servers, workstations, databases, and installed Commercial off the Shelf Software (COTS) programs. 

There are two options for use of this service:

Option 1 – Unlimited Virtual License Model

Customers have unlimited access to software licenses to install and configure vulnerability scanners, central servers, and reporting engines in their own virtual environment or in the WaTech Private Cloud.

Option 2 – Central Shared Hardware Model

Customers have access to configure and schedule scans of their environments leveraging the central shared hardware platform.

*Web application code vulnerability scanning and configuration compliance scanning are not included in this service*

Features and Benefits: 

  • Provides the ability to discover devices attached to a network.
  • Automates vulnerability assessment by scanning workstations, servers, printers, network devices, and installed software to identify missing patch updates, insecure configurations, and other risk related intelligence.
  • The solution comes with pre-configured scan profiles that are maintained by the vendor as updates to technology occurs.
  • Weekly updates refresh the list of known vulnerabilities to ensure currency and situational awareness for managing new emerging threats.
  • Scan data provides valuable input to risk management, incident response and investigative processes to assist in threat analysis and prioritization of remediation activities.
  • Scan results are easily accessed in the scanning console and through out of the box reports and custom reports.
  • Customers are supported by the WaTech Infosec and vendor provider teams.
  • The service is designed for multi-tenant use, where each customer has the flexibility and access needed to control all aspects of their vulnerability scanning and reporting practice. 

Fees for Service: 

Fees for Service

Agencies paying into the State Network Allocation contribute to fund this service.

  1. Option 1

The allocation covers the entire expense for the unlimited virtual licenses for the scanning platform.  The scope of this software licensing covers the Vulnerability Assessment platform scanners, central servers, reporting servers, along with a license to scan an unlimited number of IP addresses. Please send a request to support@watech.wa.gov for Vulnerability Assessment service Option 1 platform component specifications.

  • Customers who choose to host the platform on their own infrastructure bear the burden of the costs for virtual servers and underlying operating system licensing costs where the software is installed.
  • Customers may also choose to host their platform in the WaTech Private Cloud. Private cloud rates can be found here – Private Cloud Service.
  1. Option 2

For agencies electing to use the Central Shared Hardware Model, there are no additional costs associated with this option beyond the agency’s contribution to the allocation.

Prerequisites: 

  • Master Service Agreement                 
  • The first step to becoming a Vulnerability Assessment Customer is to confirm that the basic requirements are met:

Basic Requirements for the Vulnerability Assessment Service

Option 1

✔ Contributor to the State Network Allocation

Option 2

✔ Connectivity to the State Government Network (SGN)

✔ Member of the Enterprise Active Directory Forest (EAD)

✔ Connectivity to the MPLS Wide Area Network (Agency VRF)

✔ Contributor to the State Network Allocation

How to Order: 

Contact the WaTech Support Center to schedule an overview of the service or to request the service.  The WaTech Infosec team will work with you to define your requirements and develop a plan for onboarding and implementation.

Terms of Service: 

Please select the link below to accept the Vulnerability Assessment Terms of Service (TOS):

Vulnerability Assessment (TOS)

Contact Information: 

WaTech Support Center | support@watech.wa.gov | 855.WaTech1 or 360.586.1000

Or

infosec@watech.wa.gov