Penetration Test vs Vulnerability Scans

Penetration Test vs Vulnerability Scans

It is quite common to hear a vulnerability scan labeled a pen (penetration) test. While both engagements are quite useful, they are not the same. When your organization is shopping for a vendor to provide these services, it is important to understand the complete scope of work.

A penetration test is labor intensive and should include a highly trained security expert and/or team of experts who seek to exploit flaws in the architecture of an organization’s IT network. If a flaw is uncovered, it will be exploited to determine its severity. This activity simulates the actions of a hacker if they entered your network. A vulnerability scan focus on known vulnerabilities and perform a scan of your network and report the potential exposures. A vulnerability scan does not attempt to exploit the exposures.

Vulnerability scans are relatively affordable when compared to a penetration test due to the level of service and number of hours that are required to thoroughly complete a penetration test. Vulnerability scans include a large amount of automation, thanks to tools such as Qualys, Rapid7 and Nessus. Penetration tests are manual processes conducted by a security professional.

Some vulnerability scans include a vulnerability assessment, which ranks or prioritizes the known vulnerabilities within your environment.

Would you like to determine which service is right for you? Reach out today and let us help you!