Network Vulnerability Assessment (VA)
Identify Network Security Gaps & Prioritize Remediation Efforts
An organization’s network is one of its most important tools—one that must deliver consistent performance, reliability and security for the business to remain operational.
To make sure their networks remain secure, organizations can run network vulnerability assessments (VAs) to identify configuration errors, missing patches, and unregistered assets in an automated and economical manner.
Organizations that leverage VAs on a regular basis understand the security gaps in their networks and have the information they need to prioritize remediation efforts. Further, conducting VAs and being able to prove you have a robust network security posture is a great way to show customers, prospects, business partners and other stakeholders that you are focused on security and can protect their sensitive data.
As its name implies, this level of testing focuses on identifying known vulnerabilities that could give attackers easy access to your network. The testing process begins with network scans using automated VA tools, followed by a manual review of any findings by a Network Security expert to eliminate “false positives.” These automated scans take up to several hours, and will search for tens of thousands of known vulnerabilities. This level of testing also offers a report that identifies the vulnerabilities found on your network and ranks them according to severity, so that you can take the best next steps to improve your security posture and reduce the risk of a data breach.
Q: Does my business need to conduct network vulnerability assessments?
A: If you have a computer network that connects to the Internet, then yes. Regular VAs are a vital, basic part of “information security 101.” If you don’t find and patch the holes in your network, it’s only a matter of time before attackers find them for you.
Q: Are regular vulnerability assessments required for compliance?
A: Many regulations/frameworks (e.g., PCI, HIPAA, CMMC) include specific requirements that necessitate the development of a vulnerability management program that includes regular vulnerability assessments.
Q: If we do patch management why do we need vulnerability assessments?
A: VAs are a great way to monitor your patching program. Did you miss any critical patches or firmware updates? Are there any undocumented devices on your network? Have recent changes created any issues? VAs are the way to find out.
Q: We outsource most of our IT so why do we need vulnerability assessments?
A: Most IT service providers are focused on their service area (e.g., VoIP, backups, email)—not security. A network VA is a great way to check on their security performance and address any issues they have created. (And we can tell you from long experience, it’s very common for IT vendors to cause significant security issues.)
Q: How often should we run a Vulnerability Assessment?
A: Frequency of scanning depends on applicable regulations, risk profile, complexity of the environment, stakeholder requirements, etc. It is generally considered good practice to conduct external vulnerability assessments on a quarterly basis, or more frequently. Most high-risk organizations run them much more frequently, often weekly. It is generally considered good practice to conduct internal vulnerability scans quarterly. It is also good practice to conduct vulnerability assessments after any major changes to key systems or networks to ensure that there were no unintended consequences to the changes made.
Q: Is there any danger to my IT environment, systems or data from a VA?
A: Unlike a network penetration test, which is a form of “ethical hacking” that simulates an actual malicious attack, a VA consists of passive scans that pose no threat to the stability of your environment.
Whether you have run hundreds of VAs, or are looking to run one for the first time, Pivot Point Security has helped many organizations like yours gain significant value from their VA results.
To find out more about the network VA process and how it can help your business, contact us to speak with a Network Security expert, who can help guide your best next steps.