Vulnerability Assessment
Wherever you are on the journey to cybersecurity, undetected vulnerabilities can open the door to cyber criminals. Vulnerabilities can come from a variety of sources including outdated software, patches that have not been applied, and system misconfiguration. These vulnerabilities are invisible to administrators because they are not causing systems to malfunction, so they may linger in your environment for years. It is critical to have a process in place to help your network administration team find potential vulnerabilities before it’s too late.
What is a Vulnerability Assessment?
A vulnerability assessment is performed using an automated tool that scans for thousands of known vulnerabilities in its database. The process can be run on an internal network to identify vulnerabilities that can be exploited from the inside, or it can be run externally on public facing systems. The tool will generate a report of discovered vulnerabilities and rank them by the risk they represent. This report is an excellent guide to prioritize remediation efforts and also as a benchmark to measure progress when future vulnerability assessments are run.
Why do I need a Vulnerability Assessment?
The most obvious vulnerabilities are related to End-of-Life operating systems and security patches that have not been applied. Many organizations do a good job of keeping up with these items and may wonder why a vulnerability assessment is important for them. Many of the vulnerabilities picked up by the scanning tool are not so obvious. Some are configurations that are setup on your servers or workstations and then not touched again for years. Your Windows servers may be running outdated and insecure protocols like TLS 1.0. Former administrators may have setup telnet or opened ports on your servers that make them vulnerable. There are literally tens of thousands of items to be checked and this is a case where an automated tool does a much better job than any system administrator.
How often should I perform a Vulnerability Assessment?
This depends upon your security posture. We recommend an annual vulnerability assessment for small businesses. For financial institutions and larger firms where cybersecurity is a priority, a more frequent schedule is recommended. Contact our sales team to learn more.