Vulnerability assessments are similar to penetration tests, but are automated and aim to give you a high-level view of risks over a much larger area of your network, in a shorter amount of time. Penetration tests typically use the same vulnerability scanning engine as the vulnerability assessment, however additional manual scripts, port scans, and manual testing are then conducted to avoid false positives and where applicable combine and chain issues to give the full picture of the risk to the environment.
Vulnerability assessments are typically conducted when a full penetration test may not be required, or as a ongoing monthly or quarterly scan in between any manual penetration testing to ensure no changes or vulnerabilities have been introduced to the environment since the previous penetration test.
Vulnerability tests can sometimes produce what is known as “false positives” where the software assumes certain issues or vulnerabilities based on criteria, but these may be incorrect. However vulnerability assessments can be very useful for preparation before penetration testing, or to sweep larger network areas on a more regular basis.
We also offer fully automated monthly external vulnerability assessments as a scan between your manual penetration testing.