Vulnerability Assessments

It’s vital that you know your strengths and weaknesses.  Today’s ever-changing landscape of cloud, hybrid, and on-premise environments make security an everyday challenge.  Vulnerability assessments, testing, and remediation are integral to a strong security program and a well-functioning vulnerability management system.  We will manage the research and testing so you can focus on your core business.

Frequently Asked Questions

What is a vulnerability?

Vulnerabilities are security weakness which can be exploited by a threat actor to perform unauthorized actions within a computer system. These may include passwordless access, privilege escalation, remote code execution and the leaking of information. Vulnerabilities are often identified by a CVE number, and some high-profile vulnerabilities have been given names. Examples include “Poodle”, “Heartbleed”, “Meltdown” and “Specter”.

What is the potential cost?

The risks and costs of not adequately identifying and remediating vulnerabilities continue to increase.  The Ponemon Institute estimates that ineffective endpoint security strategies are costing organizations $6 million in detection, response, and wasted time.1 When breaches occur, Ponemon estimates that the average data breach costs $3.62M.

Why should I undergo regular Vulnerability Assessments?

Every day, new weaknesses in applications and equipment are disclosed by white-hat hackers, security analysts and vendors. While making these public is a great service to consumers and IT professionals, it also alerts attackers to their existence and use. This leaves many unpatched systems even more vulnerable to attackers scanning the Internet for easy targets. Identifying and managing vulnerabilities is a never-ending / “always on” activity.  In 2018 alone, 18,097 new vulnerabilities and exploits were disclosed. 3

Identifying & Patching Vulnerabilities were two of the top four most pressing tasks identified by almost 1/3 of cybersecurity professionals in 2018.  Regular vulnerability assessments are required by many regulations including PCI DSS and HIPAA and organizations seeking to, or required to, align with the NIST Cybersecurity Framework. In recent years, Vulnerability Assessments have also become a requirement for Business to Business (B2B) relationships and loans from banks.

What’s the difference between a Vulnerability Assessment and a Penetration Test?

In a vulnerability assessment, specialized software is leveraged to perform a network scan of infrastructure for known vulnerabilities. Care is taken to not harm or disrupt the network. The goal is to identify issues so that they can be remediated.

A Penetration Test may include vulnerability scanning (since attackers will also look for obvious and easy methods of entry) but goes further in actively performing these exploits and attacks with a goal of compromising a system, exfiltrating data, or causing business disruption.

 

Want to Learn More – Additional Resources

MITRE disclosures of vulnerabilities

The MITRE CVE Database

The NIST CyberSecurity Framework

 
1 The Cost of Insecure Endpoints, Ponemon Institute LLC, Publication Date: June 2017
2 2017 Ponemon Cost of Data Breach Study, https://www.ibm.com/security/data-breach
3 https://sonicwall.com (2019 SonicWall Cyber Threat Report)
4 https://www.pcmag.com/article/366121/how-to-succeed-at-patch-management-while-staying-sane

We Can Help

Pathfinders from Candoris can help prepare and protect your cloud, on-premise, and hybrid environments. Let our expert security engineers help increase your security with Vulnerability Assessments, On-Premise Scanning, and Penetration Testing.

Trusted Pathfinders

We're that and much more!

Stay in touch for the newest in Candoris thought leadership, mission and culture, and company news.