Vulnerability management

Prioritization and ongoing tracking

Discovery, prioritization, and ongoing tracking aligned to risk and compliance.

Vulnerability management

Discovery, prioritization, and ongoing tracking aligned to risk and compliance.

Infrastructure and perimeter analysis

Discovery and ongoing assessment of network assets and exposed perimeter.

Perimeter
Segmentation
Exposed assets

Inventory + periodic assessment

runbook · infra-perimeter

fortress@engagement:~$ perimeter_scan --ranges agreed_scope

assets: 128 · exposed_services: 6

inventory: updated + prioritized

cadence per SOW

Secuencia ilustrativa bajo alcance acordado

Coverage: IP ranges, firewalls, load balancers, and exposed services within agreed scope.
Typical deliverables: Updated inventory, exposure map, and prioritization for remediation.
Assumptions / modality: Combinable with ASM and infra pentest; cadence defined in the SOW.

Configuration baseline assessment

Compare actual configurations against hardened baselines and reference frameworks.

Hardening
Drift
Technical compliance

CIS baseline / hardening guides

runbook · config-baseline

fortress@engagement:~$ baseline_check --cis level=1

drift_detected: 23 hosts · critical: 4

report: alignment_plan attached

read-only configuration pull

Secuencia ilustrativa bajo alcance acordado

Coverage: Servers, endpoints, and network devices in scope; internal policies when available.
Typical deliverables: Deviation report, severity per asset, and alignment plan.
Assumptions / modality: Configuration read; no production changes.

Risk-based prioritization

Rank findings and vulnerabilities by business context, exploitability, and exposure.

Contextual CVSS
Critical assets
Remediation SLA

Agreed risk model

runbook · risk-prioritization

fortress@engagement:~$ risk_rank --sources scan,pentest,audit

backlog: 340 → top_20 by business_tier

matrix: sla_recommendations documented

workshop + existing data

Secuencia ilustrativa bajo alcance acordado

Coverage: Vulnerability or findings backlog from multiple sources (scan, pentest, audit).
Typical deliverables: Prioritized matrix, documented criteria, and SLA recommendations by tier.
Assumptions / modality: Workshop + existing data; updatable quarterly.

Regulatory compliance and ASV scans

ASV scans and validations aligned to regulatory frameworks (PCI DSS and similar).

PCI ASV
Compliance
Evidence

ASV + audit evidence

runbook · compliance-asv

fortress@engagement:~$ asv_scan --scope pci_perimeter

failures: 3 · asv_status: conditional

evidence_pack: audit_ready

regulatory cadence per SOW

Secuencia ilustrativa bajo alcance acordado

Coverage: Perimeter and systems within the agreed regulatory framework scope.
Typical deliverables: ASV report when applicable, remediation evidence, and audit support.
Assumptions / modality: Cadence per regulatory requirement; remediation retest included if in SOW.

Remediation validation and follow-up

Verify finding closure and maintain traceability through formal retest.

Retest
Closure evidence
Traceability

Validation + documented follow-up

runbook · remediation-validation

fortress@engagement:~$ validate_fix --finding F-2026-0142

status: CLOSED · evidence: attached

retest_slot: scheduled per SOW

traceability until formal retest

Secuencia ilustrativa bajo alcance acordado

Coverage: Agreed findings from prior pentest, scan, or audit; verification windows.
Typical deliverables: Status per finding, closure or persistence evidence, retest report when applicable.
Assumptions / modality: Coordinated with change windows; scope frozen per validation cycle.

Request a briefing

Manual depth Request a briefing