A Vulnerability Assessment of your infrastructure provides you with a high-level overview of potential security weaknesses.

Vulnerability scans of your internal or Internet-facing infrastructure provides you with a cost-effective solution to quickly identify vulnerabilities that may be present. Typical vulnerabilities include missing operating system patches, outdated software, obsolete operating systems, default credentials and many other cyber-security weaknesses that may be very quickly identified by malware or an attacker who has already gained physical access to your network.

Not all companies require a penetration test to successfully evaluate their security posture.  Regular vulnerability assessments are often an alternative.  A consultant performs vulnerability scanning to search systems for known vulnerabilities without exploitation attempts with an end goal of providing a remediation report prioritised on risk.

As with all vulnerability assessments, there is a possibility that “false positive” results may be present in the assessment findings. Furthermore, some vulnerabilities that would only be identified during a manual penetration test may not be identified, as very often, identifying these vulnerabilities is only possible through manual testing. If you require a security assessment of your environment which is representative of a real-life attack, we would strongly recommend considering a manual penetration test, as this will provide you with a more accurate set of test results.