Why do I need a Vulnerability Assessment?
Vulnerability scanning has become a cybersecurity staple. Utilizing one or more "scanning" tools, your entire infrastructure(s) can be scanned for technical vulnerabilities. There are many reasons to do this:
- To match up critical vulnerabilities with critical assets
- To generate a list of the patches or other remediation that need to be applied
- To identify (through the assessment process) all of the false-positives and false-negatives that exist
- To satisfy PCI, HIPAA and NERC-CEP regulatory requirements
What if I need more than scanning?
We at GreyCastle Security give you the option of taking several additional steps, including:
- Assessing the risk of individual applications, servers and networks based on standards and recommended practices
- Defining standard configurations, called "baselines", for applications, servers and networks
- Comparing standard configurations to what exists today
- Applying changes to applications, servers and networks
How is this different than a Penetration Test?
There are important differences between a Vulnerability Assessment and a Penetration Test. Put simply:
Which one should you do? The answer is probably "both", depending on the problem you're trying to solve, the maturity of your cybersecurity controls and your regulatory requirements.