Vulnerability Assessment

Enumerating and correcting the issues that directly lead to a breach.

One of the most critical areas of risk is technical vulnerabilities. Unpatched operating systems, third-party application flaws, open ports and configuration errors can all lead to a breach.
Regular scans help identify the vulnerabilities that allow attackers to infiltrate and own your network. Our security experts will help your organization locate these vulnerabilities and recommend the best course of action to address them.
Start A Conversation

Penetration Tests vs. Vulnerability Assessments

The terms “vulnerability assessments” and “penetration tests” are often incorrectly used interchangeably. While it is true that a penetration test requires a much greater level of skill to perform, it is not inherently “better” than a vulnerability scan. In reality, the best test for an organization will depend all on the end goal.

Vulnerability assessments utilize automated jobs to systematically scan networked devices for known vulnerabilities, typically compiled from CVE (common vulnerability and exposures) along with default/open credentials. Simple scripts can also be loaded to perform brute force password guessing attempts. The goal is to assess critical security risks and vulnerabilities and report findings.

Penetration tests are performed by highly skilled information security experts who emulate real-world tactics to determine whether or not a security posture could withstand a prolonged attack by a dedicated and skilled perpetrator. The goal is to leverage this assessment to correct critical security risks and vulnerabilities.

Vulnerability Assessments:
Discover all of the vulnerabilities that could be exploited in an attack.

Penetration Tests:
Find out what damage could be done by exploiting some of the existing vulnerabilities

Vulnerability Assessments:
Checking all exterior and interior doors to determine if they are locked and secured properly.

Penetration Tests:
Entering through the first available open door and searching the interior.

Vulnerability Assessments:
BREADTH OVER DEPTH: All in-scope devices are considered and all known vulnerabilities will be categorized.

Penetration Tests:
DEPTH OVER BREADTH: Few devices may be touched and many vulnerabilities that may exist may not make the final report, which will consist of greater detail on fewer vulnerabilities.

Vulnerability Assessments:
LOUD AND FAST: Scans make no attempt to hide what they are doing and are very noisy and obvious.

Penetration Tests:
LOW AND SLOW: Stealthy and attempt to evade defense protocols.

Vulnerability Assessments:
LOW TO MODERATE: An organization that does not regularly scan or does not have the capability to perform scans on their own, or organizations which consistently have unmitigated critical or high vulnerabilities.

Penetration Tests:
MATURE: Better suited for organizations that have undergone and passed routine vulnerability scans and are looking to take the next step.

Vulnerability Assessments:
Preventative controls which prevent unauthorized system access and control.

Penetration Tests:
Detective and reactive controls which detect and respond to a malicious presence.

Types of Vulnerability Scans

EXTERNAL VULNERABILITY SCAN

Focuses on your organization’s technology perimeter. Scanning tools are used to enumerate and assess your vulnerabilities.

INTERNAL VULNERABILITY SCANNING

Focuses on your organization’s internal networks. Scanning tools are used to assess your internal systems and infrastructure devices.

WEB APPLICATION SCANNING

Utilizes automated tools to evaluate web applications for vulnerabilities such as Cross-site scripting, SQL Injection, Command Injection, Path Traversal and insecure server configurations.