Vulnerability Assessment Services
A vulnerability assessment is the process of uncovering risks and vulnerabilities in a network and can be used to identify, quantify, as well as prioritize the vulnerabilities in a system. A vulnerability scan probes your network and identifies the holes that an attacker may use to exploit and gain entry into the system. It would be similar to a burglar looking for available points of entry into your house, but not accessing them. If active exploitation is required, penetration tests can then be performed, but this is not the same thing as a vulnerability assessment.
There is usually a three step process involved in conducting a full vulnerability assessment:
- Conduct Assessment
- Identify Exposures
- Address Exposures
A vulnerability assessment gives an accurate depiction of an organization’s current security posture and should be conducted on a continual basis. During a vulnerability assessment, policies and procedures need to be reviewed by and approved by management, so that they become official organizational practices.
Vulnerability Assessments For Compliance
Many security frameworks, such as PCI DSS and the NYDFS NYCRR 500 cybersecurity regulation, require periodic vulnerability assessments for compliance. By conducting regular vulnerability assessments, a company will know potential security breaches and can address these issues before attackers have an opportunity to exploit them.