What is a Vulnerability Assessment?
A vulnerability assessment is a network scanning service that gives moment-in-time visibility to system weaknesses. The value in this basic service is that it identifies low-hanging fruit for priority remediation. This assessment is targeted at computer systems, networking devices, or web applications within an environment, and can seek either internal or external-facing vulnerabilities. Typically recommended on a quarterly to yearly basis, it is a critical underpinning for any security program.
When is a Vulnerability Assessment Needed?
If you are just beginning to consider your company’s cyber security, vulnerability assessment is a smart starting point. Otherwise, both vulnerability assessments and penetration tests are required for PCI compliance, and should be done to meet the spirit of HIPAA requirements for healthcare organizations interacting with patient data as well. Whether combined with another service or as a standalone initiative, we recommend ongoing threat vulnerability assessments for most businesses between a quarterly and annual basis.
The Value of an Expert Assessment
Or, if you’re a Ghostbuster’s fan, “We have the tools. We have the talent.” There are several reasons companies trust GMI to assist with cyber vulnerability assessments. Our analysts come loaded with both resources and valuable expertise. With access to open source and paid vulnerability scanner tools, we choose the best one for each job. And when a result should be questioned, we are equipped to doublecheck, minimizing false positives.
As specialists, our clients appreciate the third-party validation. They feel good knowing that scans were correctly configured so that results can be trusted. And they appreciate that findings are provided in a vulnerability assessment report with expert interpretation that helps guide next steps.