Vulnerability scans of your internal or Internet-facing infrastructure provides you with a cost-effective solution to quickly identify vulnerabilities that may be present. Typical vulnerabilities include missing operating system patches, outdated software, obsolete operating systems, default credentials and many other cyber-security weaknesses that may be very quickly identified by malware or an attacker who has already gained physical access to your network.
Not all companies require a penetration test to successfully evaluate their security posture. Regular vulnerability assessments are often an alternative. An engineer performs vulnerability scanning to search systems for known vulnerabilities without exploitation attempts with an end goal of providing a remediation report prioritized on risk.
As with all vulnerability assessments, there is a possibility that “false positive” results may be present in the assessment findings. Furthermore, some vulnerabilities that would only be identified during a manual penetration test may not be identified, as very often, identifying these vulnerabilities is only possible through manual testing. If you require a security assessment of your environment which is representative of a real-life attack, we would strongly recommend considering a manual penetration test, as this will provide you with a more accurate set of test results.