are an essential component within any cyber security program. The process provides visibility into the state of an organization’s environment and drives appropriate steps for vulnerability exploit avoidance.
Today’s attacks are often designed around known software vulnerabilities and critical design flaws. Systems must be assessed from an external and internal perspective, on a regular basis, to seek out these software vulnerabilities in the form of unpatched and/or unhardened operating systems, and installed applications with known design flaws.
Essentially, a VA scan provides an audit on the effectiveness of your patch management process and delivers details around potential weaknesses within the environment. A Source 44 assessment goes well beyond a simple scan in order to define severity, actual relevance and resolution recommendations for each found vulnerability. This information becomes the basis of an action plan where the most critical weaknesses can be addressed quickly to mitigate system and business risk.
A VA scan is considered the first step in your audit process. A penetration test will delve further into the vulnerability by trying to compromise the system and gain access or control.