• Client Login
  • IT Services

    $1,495 Internal Vulnerability Assessment

    Superior Consulting has been engaged in the performance of IT review and security testing services for the banking industry since 2003. Our experienced personnel have worked with hundreds of financial institutions in the evaluation of their network security and internal control systems. Beginning in 2013, we began offering our IT security testing services to other industries, in part through our fixed price, non-exploitative $1,495 Internal Vulnerability Assessment service. Learn more about this great service offering below.
    Key Features
    $1,495 Fixed Price
    Test up to 256 Internal IP Addresses

    Why should you consider this service?

    Identify Security Vulnerabilities
    Assess the condition of your external network interface and monitor for patching issues, configuration errors, or other vulnerabilities.
    Satisfy Legal and Regulatory Requirements
    Let us assist in meeting your legal and regulatory obligations under GLBA, HIPAA, PCI-DSS, and consumer protection laws and regulations.
    Safeguard Corporate Reputation and Data
    Let us help maintain your reputation as cybersecurity, legal, or regulatory incidents have increasingly large reputational costs in addition to other penalties.
    Improve Oversight of IT Functions
    External consultants like Superior can help you provide greater accountability for both internal staff and outsourcing partners like managed service providers.
    Increase Business Continuity
    Technical security breaches are costly affairs and may not only expose sensitive data, but can also result in downtime for key systems.
    Monitor Security Strategy and Investment
    Our services provide a window of feedback to monitor the effectiveness of efforts to manage and remediate cybersecurity, compliance, and other risks.

    What are the deliverables from this service?

    Formal Report of Review, including:
    • Scope of Work Report
    • Technical Report of findings from our testing
    • Appendices detailing results for all designated IPs or URLs
    • Access to vendor knowledgebase for support for identified vulnerabilities

    Common Questions

    In order to clarify any questions you may have regarding this service, we have provided a series of common questions below. Also, Please be sure to read the Terms & Conditions of this advertisement for further information.
    Testing Process
    What does the vulnerability assessment cover and how will it be performed?
    This service is an off-site, non-exploitative test of up to 256 individual internal Internet Protocol (IP) addresses or nodes owned or controlled by your organization. To perform this service, you must designate the IP addresses you wish to be tested, and we will perform testing using our toolkit of automated testing solutions.
    The IT security industry has not yet developed consistent or standardized terms for describing the specific characteristics of penetration tests or vulnerability assessments. In many settings, the terms ‘penetration test’ and ‘vulnerability assessment’ may be used interchangeably, while in other settings a ‘penetration test’ may refer to more in-depth testing that seeks to actively exploit detected vulnerabilities in order to compromise (or demonstrate the ability to compromise) specific systems or assets. When we describe our testing as non-exploitative, we are referring to the fact that we will report on detected vulnerabilities or weaknesses but we will not attempt to actively exploit these findings. Within the context of this service, the terms penetration test and external vulnerability assessment are generally synonymous while internal vulnerability assessment refers to testing focused on devices ‘behind’ the firewall or logically located so that they are not directly Internet-facing and is similarly non-exploitative in nature.
    Our toolkit is constantly reviewed to ensure we are able to meet the challenges presented by a continuously evolving security environment. Representative tools we have used include Nessus, Nexpose, Metasploit, & Retina. The tool(s) selected for your engagement may vary based on our perception of the appropriate tool necessary to properly assess your environment. As a rule, we only utilize subscription-based tools in order to ensure we are using tools with updated definition files to facilitate testing for recently emerged exploits or vulnerabilities.
    We will work with your administrative personnel to determine the most effective manner in which to perform the internal vulnerability assessment. Generally, your test can be performed through allowing Superior a temporary Virtual Private Network (VPN) connection into your internal network. We will require domain-level administrative credentials in order to perform the test and we will require you to setup a dedicated account for this purpose, which we also encourage you to disable immediately after conclusion of testing. Testing is commonly performed through use of a dedicated Virtual Machine (VM), which will be the only device that fully authenticates to your network. We do not re-use VMs for testing and each test will be conducted using a ‘new’ VM instance created from a clean template optimized for this task. We strongly recommend our clients enable any necessary logging and adopt practices to ensure our administrative and VPN accounts are terminated or disabled after the completion of our testing. If you cannot deploy a VM in your network environment, we may be able to offer alternatives, but please Contact Us to discuss this issue.

    We’re a professional service firm that was founded in 2003 and has worked extensively in the banking industry in the midwestern United States. We value our reputation for competence and honesty and we’ll do everything in our power to deliver on our commitments to you. As an experience banking consultant, our CEO understands the obligations we have to our clients and that our reputation is our most valuable currency.

    One of the characteristics that set us apart from the competition is the manner in which we structure our IT audit teams. Many firms utilize individuals with a traditional audit background to perform testing services. Although these individuals may possess credentials such as the CISA or CEH, many do not have practical work experience as a network administrator, which diminishes their ability to understand the mechanics or results of a penetration test since they haven’t worked directly with the technologies or systems being audited. Instead of this approach, we have been fortunate to maintain blended teams that include personnel with experience in the administration of complex network environments and personnel with more traditional IT audit experience, as they generally have a better knowledge of internal control systems and audit practices. In practical terms, this approach yields more in-depth, technical IT assessments while ensuring that we fulfill all necessary audit functions and provide a comprehensive evaluation of your environment.

    For our vulnerability assessment services, you will work with one of our experienced technical IT auditors, which provides our firm with the ability to discuss – in detail – the findings of our review with your internal IT personnel or 3rd party network services providers or vendors. We actively attempt to filter false positives or errors generated by our automated tools before providing you with a report and our auditors are available to discuss your findings in detail after the conclusion of our testing.
    Your test will be performed by direct employees of Superior Consulting, LLC. At present, all of our employees are based in the United States, subject to extensive criminal and civil background checks, and have confidentiality agreements with our firm. We will not utilize 3rd party contractors to perform any of our testing without providing prior notice to you and, unless otherwise stated, all testing will be performed by our direct employees. We do not outsource any testing or assurance activities outside of the United States.
    Absolutely. We frequently performing testing services on systems hosted by Amazon Web Services, Microsoft Azure, and other cloud providers. Please note: these providers commonly require YOU to request and obtain permission from them prior to the start of any testing. It is your responsibility to obtain this permission and provide documentation to this effect to our personnel prior to the commencement of any testing.
    Timing & Cost
    When can the testing be performed?
    Performance of testing requires an executed engagement letter between Superior and your company. Once we have the appropriate contracts in place, testing can ordinarily be scheduled to commence within the next 72 – 96 hours; however, expedited testing may be available upon request. This assessment is dependent on your deployment of a VM or other device to perform this testing and, as a result, may require the cooperation of additional parties (e.g. managed service provider), which can place the timeline for testing, in part, outside our direct control.
    Our $1,495 service fee provides for the performance of a single test at a time of your choosing. We also offer more frequent testing intervals, which may or may not be further discounted depending on size and frequency. Many organizations perform testing on a predefined schedule, such as monthly, quarterly, or semi-annually. As a best practice, we strongly encourage all organizations to perform an internal vulnerability assessment at least annually or after any major changes in patching practices or solutions. An internal vulnerability assessment is one of the most effective means of validating that patch management practices are effective and that managed service providers, if utilized, are fulfilling contractual obligations. Periodic vulnerability assessments are also an excellent mechanism for demonstrating the effectiveness of your overall monitoring program to regulatory authorities, key customers and vendors, and other stakeholders.
    As with our $995 Penetration Test service, this is one of the easiest questions we receive – the answer remains simple: value and transparency. We decided to develop a competitive, value-based, fixed priced offering based on the needs of our clients. We believe our fixed $1,495 pricing represents a clear and equitable price for this service and when we say fixed, we mean it! As stated above and below, the $1,495 test covers 256 internal IP addresses or nodes and includes a formal report written by our personnel (not just a canned automated report). This price does not cover re-testing, more than 256 IP addresses, multiple testing reports, or services rendered outside the normal course of the engagement (e.g. depositions, regulatory responses, extensive post-engagement consultation). We’re happy to offer those services as well, but in order to deliver on our fixed $1,495 price, those are necessarily outside of the scope of our engagement.
    Unfortunately, we can’t control what other firms charge, but we can control our own prices and quality of work. Superior Consulting has been working with financial institutions throughout the Midwest since 2003. During that time, we have developed an excellent reputation as one of the leading providers of consulting services to banks and data centers in this region. We can certainly provide a list of bank or other industry references to you upon request. Our audit personnel are consummate professionals and have over 80 years of combined experience in the banking and IT industries.
    How are test results reported?
    We issue a formal report for all of our review services. This report will include an overview of the findings from our test (management report), as well as any recommendations regarding remediation. A copy of the full automated testing results will be included as an appendix to our report. To reiterate the above, the management report is written directly by our personnel and the results of any scanning are added as an addendum, with our goal being that the final deliverable from our engagement will be polished and understandable.
    We issue all of our reports in electronic format (PDF) via our proprietary secure website or via secure e-mail. Report turnaround time generally requires one to two weeks in order to process the report through our internal quality control function; however, expedited issuance of reports is available upon advance request.
    Absolutely, please Contact Us if you would like to obtain a sample internal vulnerability assessment report.
    Re-testing & What if?
    I have over 256 IP addresses to test – can Superior provide testing services for my organization?
    Certainly. Please Contact Us in order to receive a customized proposal specific to your environment and the volume of addresses you require to be tested. We commonly provide testing for organizations with more than 256 distinct internal IP addresses; however, we found this sizing to be a reasonable means of pricing this service while still accommodating small organizations with less than 256 internal IPs or nodes.
    Can you provide a rough estimate of the additional cost for IP addresses in excess of 256?
    Sure. As a rule, our testing is pricing works on a block basis, so each additional block of up to 256 IP addresses will result in an additional $1,495; however, we occasionally offer discounts in order to ensure our pricing is equitable. Please Contact Us to discuss the specifics of your situation.
    Is re-testing included in the $1,495 price and, if not, do you offer this service?
    Re-testing is not included in the $1,495 price. Our goal with the $1,495 price is to deliver a fair value to all our clients regardless of whether or not a given client requires re-testing services. In consequence, our service offering is not padded with additional time or margins that may or may not be justified depending on your decision to request re-testing. If re-testing is required, we do offer this service at a reasonable additional fixed fee of $1095 for a single re-test including the issuance of another formal report OR a discounted fee of $695 for a re-test without an additional formal report.
    Can you issue multiple reports for your $1,495 Internal Vulnerability Assessment? I have several wholly-owned subsidiaries in other countries that require separate formal reports, even though all IPs are owned by our parent company.
    Yes, we are able to issue additional formal reports that separate the results of our testing, but an additional cost may be incurred. As stated above, our $1,495 pricing is a fixed price for delivery of a very inclusive yet specific service offering. We don’t pad our pricing to cover deviations from the norm, so changes of this nature may result in an additional charge. We always commit to keep any additional costs fair and commensurate to the cost of the underlying engagement.
    Terms & Conditions

    This advertisement represents an ‘invitation to treat’ and any acceptance of the advertised terms will not be considered a binding contract, which requires the written execution of an engagement letter with Superior Consulting, LLC. This engagement letter includes additional restrictions and limitations regarding the advertised service and must be executed before the commencement of these services. The terms stated above, as well as through any mailings, brochures, or electronic advertisements, may be amended, or this advertisement may be revoked or cancelled, at any time by Superior Consulting, LLC, with or without notice.

    As advertised above, the stated service fee will cover the performance of off-site, non-exploitative testing services for up to 256 individual internal Internet Protocol (IP) addresses or nodes specified by the client. This testing will be conducted using automated tools of our choice and we will rely upon information provided to us by the client in the performance of this test. At the conclusion of our testing, we will issue a report to the client in electronic format via secure e-mail or our secure website. The terms advertised above are only available to formally organized business or non-profit entities located in the United States of America. Entities located outside the United States should contact us for further information regarding these services.

    Let’s work together. Become a Reseller of our IT Services.

    Augment your service offerings with our suite of fixed price IT security services and deliver the value your customers deserve.
    Branded Reports
    Dedicated Expert
    Consistent Quality
    Learn More or Ask a question
    Our Services

    Thank you! Your message has been sent successfully.

    We’re here for you. Say hi.

    Request a call back
    Please complete the contact form to request a call from our sales team. We always try to return your call back requests within one business day, but if you need immediate assistance, please don't hesitate to call us at:
    Please Note, our office hours are:
    Monday-Friday: 8:00 AM to 5:00 PM CST
    (Excluding federal banking holidays)

    Thank you! Your message has been sent successfully.

    (including callback preferences)
    Request a report sample
    Please complete this form to receive a sample report via e-mail.

    TThanks for your request! You should be receiving an e-mail with an attached sample report soon.

    (including a report preferences)