Penetration Testing vs. Vulnerability Assessments

Some think penetration testing and vulnerability assessments are one and the same. However, this isn’t true. A penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution.

A vulnerability assessment is the process of identifying and quantifying vulnerabilities in a system. The IT department submits the information regarding the system as opposed to an internal or external person hacking into the network. When a company hires us to do a vulnerability assessment, they have given the team specific parameters for the assessment.

Brent Huston, CEO for MSI says, “A penetration test cannot be expected to identify all possible security vulnerabilities, nor does it offer any guarantee that an organization’s information is secure. But penetration testing can serve as a start for pinpointing a system’s security vulnerabilities.”

So what are some of the areas a penetration tester might explore? An organization’s intranet is an attractive target. So is an internal phone system or database. What is becoming more vital than ever is a consistent schedule of testing. Penetration testing can no longer be done just once a year to give an accurate assessment of an organization’s vulnerabilities. There are new exploits released daily. Adding new services can also create the opportunity for a new breach. Let MSI help you arrange a subscription service for you!

Leave a Reply