Vulnerability Scanning

What the purpose of a vulnerability Scan?

A vulnerability scan will search the systems to look for any weaknesses that could be exploited, and could result in a system being compromised.

How is a vulnerability scan carried out?

The scan will use a variety of automated tools to test for any vulnerabilities.  These will include out of date software, unpatched operating systems, antivirus that is not updated or renewed and malware.  This will be followed by a manual verification of items found to rank these in order of importance. The scans will be carried out both inside the organisation and externally, outside the organisation.

The results will then be collated in a report, and ranked in order of importance according to the organisations risk profile. From this an action plan is then created.

How often should vulnerability Scan be carried out.

Ideally they should be carried out quarterly or after making any significant changes to your systems, to ensure that your systems are not open to exploitation.