When it comes to improving OT (operational technology) cybersecurity, a vulnerability assessment provides insightful information so businesses can have a better understanding of their infrastructure and security risks. A vulnerability assessment analyzes the environment to discover potential issues that might compromise security, overall business operations, compliance and/or network privacy. The purpose is to use this insight to address these issues before a malicious actor gains unauthorized access.


Vulnerability Assessments identify vulnerabilities, misconfigurations and gaps against OT security best practices. Each finding gets assigned a severity level along with direction on how to remediate or mitigate the issues so they can be fixed before it becomes an issue.

  • Identifies vulnerabilities and misconfiguration of ICS hardware, software, and networks
  • Identifies risks associated with existing processes, standards, and personnel
  • Identifies current capabilities to protect, detect, respond, and recover from attacks, security anomalies, or incidents


Red Trident’s Vulnerability Assessments are broken up into four modules: domain enumeration, workstation enumeration, network enumeration, and configuration analysis.


It is nearly impossible to enter an environment today that does not leverage Active Directory domain services somewhere within the environment. While Active Directory has many benefits to help improve security by controlling access to network resources from a centralized location, organizational capabilities offered in a way that aligns with the organizational structure and business needs, and centrally manage user identities and access privileges across the organization, helping simplify management and reduce operations expenses, there are oversights that can be abused by malicious actors.

The goal of domain enumeration by Red Trident is not to compromise the security of a network, but rather to assess its exposure to potential attacks, improving security measures, and assisting organizations with maintaining a well-organized network infrastructure.

Some examples of findings commonly associated with domain enumeration activities consist of how elevated privileges are handled on a domain, if there are any user, service, or computer objects with overly excessive privileges, if there are any user, service, or computer objectives susceptible to kerberoasting, unconstrained or constrained delegation, as-rep roasting, and more.


As OT environments are generally referred to as a system of systems, there is a high likelihood that there is a large presence of Microsoft Windows-based systems in the environment. Workstation enumeration plays a crucial role in maintaining a secure and well-managed network environment. By analyzing workstations operating systems, software applications, and security configurations, Red Trident is able to assess the security posture of the endpoints directly. This effort results in identifying vulnerabilities, misconfigurations, and potential risks that could be exploited by a malicious actor.

Some examples of findings commonly associated with workstation enumeration activities consist of how the local administrator accounts are managed on the workstations, if there are any services or applications present on the workstations that offer an opportunity for privilege escalation and/or lateral movement, and more.


As mentioned, enumerating a network safely in an OT environment requires careful planning and considerations of the unique characteristics of OT systems. The primary goal of this module is to gather information about the network’s assets, topology, and configurations without causing disruptions to the operational processes. Red Trident starts this module by obtaining proper authorization from the relevant stakeholders to ensure that the team has the necessary permissions to conduct the activities. The Red Trident team will walk the team through the plans, how it is done, and ensure that the effort is coordinated to respond to any adverse impacts.

Red Trident also uses non-intrusive methods for network enumeration to avoid disrupting the operational processes. Some of these methods consist of passive techniques such as network sniffing and passive DNS analysis as these can provide insights without generating network traffic.

Some examples of findings commonly associated with network enumeration activities consist of devices being configured with default or common credentials, devices communicating (or attempting to communicate) to the internet, insecure protocols in use, and more.


Configuration analysis refers to the process of evaluating and analyzing the settings and parameters of hardware, software, and network components within an OT environment. The goal of configuration analysis is to ensure that these components are properly configured according to the established best practices, security guidelines, industry standards, and organizational policies. This module also helps identify any deviations or vulnerabilities that might expose the environment to security risks or operational issues.

Red Trident reviews customer-provided firewall and/or switch configurations and other network-related artifacts to accomplish this module.

Some examples of findings commonly associated with configuration analysis consist of overly permissive firewall rules, firewall management best practices, overly exposed services, and more.

Find Vulnerabilities Others Overlook

OT vulnerability assessment

There are many cybersecurity companies that offer vulnerability assessments, but very few focus on ICS environments and OT security. The Red Trident Team has decades of experience across multiple ICS environments and verticals. We understand that production environments are sensitive and often very complex. We recognize that even potential small interruptions to the operation can have a profound impact on the outputs.

Increase your security posture & reduce your risk of a cyberattack

Protect your data and your clients’ data

Meet regulatory compliance standards and/or requirements

Meet cyber insurance requirements

Understand types of attacks which may be targeted at your OT assets so you can learn how to protect them

Red Trident’s Vulnerability Assessment Scoping Process

We understand that common mitigation controls, such as patching, might not be possible due to the sensitivities of solutions and technology commonly found within ICS environments. For reasons like this, our vulnerability assessment process includes collaboration and working with your team to make sure we’re addressing your concerns and unique business environments.


We work directly with you to determine a scope for the vulnerability assessment. This includes gaining an understanding of your business, your system(s), and your particular concerns


Once we understand the environment and concerns, we will custom tailor a suggested approach to verify it aligns with your expectations and requirements


Once the scope and approach are agreed upon, we work directly with you to develop strict rules of engagement to align expectations and ensure we are operating within the purview of your organizational policies and constraints


We run the vulnerability assessment, while maintaining collaboration throughout the process, and then send you a report of the findings


We set up a time to discuss the findings of the report, answer any questions as well as go over remediation services if needed

What’s Included in the Vulnerability Assessment

Once the assessment is concluded, customers can expect to receive a report consisting of the following components:

Summary for executive and senior level management

Potential attack vectors section to visually represent how the attack path can be exploited illustrating what can be done, how it can be done, etc.

Technical details with each finding that also includes steps to replicate as well as tactical recommendations

A fact-based analysis of each finding which lays out how the risk rating was determined

Strategic overall recommendations at the people, process, and technology levels to address potential systematic issues or challenges within the organization

A consultation where our OT Cybersecurity experts go over details and any questions you have. If there’s an interest in remediation support, we can discuss and provide further information

Why Red Trident

We work with you and do our best to be your cybersecurity partner. We listen to your concerns and make sure that we’re aligned with your business priorities. We don’t just come in, sell a service, write a report and walk away. We’re here for you. We explain our findings, answer any questions you might have and work with you to help where needed.

Unlike most vulnerability assessment companies, we have the expertise to offer remediation services, especially when it comes to critical infrastructure. And if you have your own team, that’s great! We’re happy to take a step back as your team handles the remediation (or parts of it). We can also provide training to your team if they need some assistance. We’re flexible.

Our team consists of leaders in the ICS field with decades of combined experience in the public sector, private sector, and military. We’ve presented at major security conferences such as DEF CON, BlackHat, various ISAC’s, SANS ICS Summits, etc. We also understand how to communicate in a way that is easy to understand so you don’t end up feeling overwhelmed or confused.

Where are the vulnerability assessments conducted?

We can conduct network vulnerability assessments either onsite or remotely. We typically recommend remote but in rare cases that involve very complex environments, an onsite visit can be arranged. Remote also lets us do the assessment with less set-up time and is more cost effective, while still providing vital insight into the threat landscape of your organization.

How will this affect operations?

We work with you to develop rules of engagement such as respecting windows of time where the assessment should not be performed, not using tools that may result in high volume network traffic or could cause denial of service situations, etc. Our goal is to discover your vulnerabilities without negatively impacting your operations. We’re happy to work with whatever constraints you have.

Do you offer remediation services?

Yes, we offer many options. We can take care of remediation for you or work together with your team to handle components that are outside their expertise. We also offer training options if that’s something that you’re interested in.

What happens after the vulnerability assessment and remediation?

Once remediation is complete, you can send the assessment back over to Red Trident to now conduct penetration testing of the environment to test the validity of the implemented controls and remediations. Once complete, you will receive a report referencing the network vulnerability assessment report and findings associated with the engagement. Security is an ongoing matter… we recommend you continue with maintaining security updates, regular scans and incorporate security best practices. It’s also great to schedule ahead for your next assessment.

How often do you recommend getting a vulnerability assessment?

The minimum recommended interval is once per year or after significant changes to infrastructure or business operations have been made. However, depending on the business criticality of the systems being tested, some businesses opt for quarterly or monthly testing. Organizations with high-security requirements may also be required to complete a vulnerability assessment at specific intervals for compliance or when a merger or acquisition (M&A) is being considered.

Schedule a Call

ot penetration test example

Schedule a brief call to learn more about Red Trident’s vulnerability assessment to see if it’s a good fit for you

One of our OT Cybersecurity Professionals will walk you through an example vulnerability assessment so you can get an idea of what to expect.

Get your questions answered and learn more about our process

Related Content

pen test vs vulnerability assessmentAssessCyber SecurityPenetration TestingVulnerability Assessments
October 25, 2023

Vulnerability Assessment vs Penetration Test

Vulnerability assessments and penetration tests both provide valuable insight on vulnerabilities found within organizations and are important proactive tactics to help reduce the risk of a cyberattack. Because of these…
penetration testing how oftenAssessCyber SecurityPenetration Testing
August 25, 2023

OT Penetration Testing: How Often Should I Get a Pen Test

Building a functional ICS cybersecurity program is not a sprint, but rather a marathon. It can be challenging, and admittedly daunting, especially when trying to determine the foundation for establishing…
penetration testing companies 1AssessCyber SecurityPenetration Testing
August 25, 2023

Penetration Testing Companies: What to Look For

Penetration tests (also known as pentests) are vital to helping companies discover where they’re most likely to face an attack. By understanding vulnerabilities before they’re exploited, businesses have a chance…