What is a Vulnerability Assessment?
During a vulnerability assessment, the team seeks to identify vulnerabilities, assess the associated qualities and risks, and prioritize the threats posed to the system. The team will seek thorough understanding of the system from the inside as they look for possible security issues. Common issues might include anything from delays in updating and fixing security flaws in new software, to lapses in licensing for vulnerability identifiers, or even weak firewall passwords. As even the most minor issue can put a company’s entire network at risk, timely vulnerability assessments ensure that all security is up to date and forming cohesive system protection.
What is a Penetration Test?
During a penetration test, an “ethical hacker” or a penetration testing team will gather information about and evaluate the many complex layers of a company’s network security system from the outside. Using this information, the team will identify and attempt to exploit any potential vulnerabilities in network security. The team will then report these vulnerabilities to network administrators, who are able to fix them before malicious hackers are ever aware of their existence.
What is the difference between the two – and which one do I need?
While both vulnerability assessments and penetration testing can be vital parts of a safe and secure network protection plan, the two practices are helpful at different points in time. A vulnerability assessment is ideal for identifying the “what and where” of all possible security flaws from inside a security system. A penetration test may typically be chosen after a vulnerability assessment has been performed, or once a company is confident in their security system, to identify from the outside whether a break-in can occur and how much information can be retrieved. While a vulnerability assessment will look for all possible issues in a system, a penetration test simply identifies if an exploitation is possible and how much can be taken if so. Both tests are invaluable tools for evaluating a security system, keeping your system strong and your company’s network and information safe.
Highstreet has your Security Solution
Highstreet offers a comprehensive security suite of services delivered in a Security as a Service format, to continuously monitor and maintain effective security controls. Our security offerings work together as a coordinated security suite to reduce the risks associated with information security. As a bundle, our services provide the majority of the controls required for an organization to achieve regulatory compliance with standards such as PCI-DSS, HIPAA, and FERPA. Our Enterprise Security Services perform comprehensive testing and audits and provide the security solutions to protect your business-critical systems including:
- Vulnerability assessments
- Penetration testing
- Compliance audits
- Ethical hacking