Vulnerability scans of your internal or Internet-facing infrastructure provides you with a cost-effective solution to quickly identify vulnerabilities that may be present. Typical vulnerabilities include missing operating system patches, outdated software, obsolete operating systems, default credentials and many other cyber-security weaknesses that may be very quickly identified by malware or an attacker who has already gained physical access to your network.
Not all companies require a penetration test to successfully evaluate their security posture. Regular vulnerability assessments are often an alternative. A consultant performs vulnerability scanning to search systems for known vulnerabilities without exploitation attempts with an end goal of providing a remediation report prioritised on risk.
As with all vulnerability assessments, there is a possibility that “false positive” results may be present in the assessment findings. Furthermore, some vulnerabilities that would only be identified during a manual penetration test may not be identified, as very often, identifying these vulnerabilities is only possible through manual testing. If you require a security assessment of your environment which is representative of a real-life attack, we would strongly recommend considering a manual penetration test, as this will provide you with a more accurate set of test results.