Vulnerability Assessment – WHAT is it?
A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately.
A vulnerability assessment identifies, quantifies and prioritises (or ranks) the vulnerabilities in a system, using both system and application vulnerability scans.
System vulnerabilities normally exist because of exploitable programming errors in the operating system, and vendors normally release patches when these errors are made public. Patching hundreds or thousands of systems is a tedious business, though, and can sometimes disable functioning applications. Consequently, it is often resisted by IT departments.
Vulnerability scans are semi-automated processes that can check whether patches or updates have been installed, bugs removed and systems securely configured. They report everything found. Our auditors then carefully review the results to ‘sift out’ false positives, and check whether a vulnerability exists and action needs to be taken.
WHY do I need Vulnerability Assessment?
Vulnerability scanning helps you identify systems that have not been updated properly or configured securely to prevent unauthorized access.
WHEN do I need it?
Vulnerability assessment should be a continuous process for every organisation exposed to the Internet.
We offer vulnerability scanning as a subscription service, usually on a monthly (recommended) or a quarterly or weekly basis. Scans run automatically, and the results are sent by email.