Network Vulnerability Assessment (VA)

Identify Network Security Gaps & Prioritize Remediation Efforts

An organization’s network is one of its most important tools—one that must deliver consistent performance, reliability and security for the business to remain operational.

To make sure their networks remain secure, organizations can run network vulnerability assessments (VAs) to identify configuration errors, missing patches, and unregistered assets in an automated and economical manner.

Organizations that leverage VAs on a regular basis understand the security gaps in their networks and have the information they need to prioritize remediation efforts. Further, conducting VAs and being able to prove you have a robust network security posture is a great way to show customers, prospects, business partners and other stakeholders that you are focused on security and can protect their sensitive data.

Process Overview

As its name implies, this level of testing focuses on identifying known vulnerabilities that could give attackers easy access to your network. The testing process begins with network scans using automated VA tools, followed by a manual review of any findings by a Network Security expert to eliminate “false positives.” These automated scans take up to several hours, and will search for tens of thousands of known vulnerabilities. This level of testing also offers a report that identifies the vulnerabilities found on your network and ranks them according to severity, so that you can take the best next steps to improve your security posture and reduce the risk of a data breach.

FAQs

Q: Does my business need to conduct network vulnerability assessments?

A: If you have a computer network that connects to the Internet, then yes. Regular VAs are a vital, basic part of “information security 101.” If you don’t find and patch the holes in your network, it’s only a matter of time before attackers find them for you.

Q: Are we required to have a vulnerability assessment for compliance?

A: PCI, HIPAA, Sarbanes-Oxley (SOX) and many other regulations mandate basic vulnerability management practices to ensure you have a minimum level of security required to conduct business. Network vulnerability assessments are part of these basic vulnerability management practices.

Q: If we do patch management why do we need vulnerability assessments?

A: VAs are a great way to monitor your patching program. Did you miss any critical patches or firmware updates? Are there any undocumented devices on your network? Have recent changes created any issues? VAs are the way to find out.

Q: We outsource most of our IT so why do we need vulnerability assessments?

A: Most IT service providers are focused on their service area (e.g., VoIP, backups, email)—not security. A network VA is a great way to check on their security performance and address any issues they’ve created. (And we can tell you from long experience, it’s very common for IT vendors to cause significant security issues.)

Q: How often should we run a VA?

A: At least once a year, and preferably once each quarter (four times per year). The more your network changes, and the more sensitive data you manage, the more often you should do it.

Q: Is there any danger to my IT environment, systems or data from a VA?

A: Unlike a network penetration test, which is a form of “ethical hacking” that simulates an actual malicious attack, a VA consists of passive scans that pose no threat to the stability of your environment.

Next Steps

Whether you have run hundreds of VAs, or are looking to run one for the first time, Pivot Point Security has helped many organizations like yours gain significant value from their VA results.

To find out more about the network VA process and how it can help your business, contact us to speak with a Network Security expert, who can help guide your best next steps.

Resources:

This Infographic is Free to Download

Thumbnail: Are you ready for a Pen Test?