Where a penetration test or risk assessment focuses on emulating specific threat actors and actions in order to seek out the resultant impact and risk, a vulnerability assessment does not.
Periodic vulnerability assessments are a very important component of an effective Information Security program. Vulnerabilities that may exist across your systems and applications can create an easy path for cyber attackers to gain access to and exploit your environment. With dozens and even hundreds of applications and systems across your environment with access to the Internet, maintaining and updating system operating systems and applications to eliminate vulnerabilities is paramount - especially when those applications and systems are tied to sensitive customer, patient or cardholder information.
359 Solutions use a combination of automated and manual testing. Automated tools can greatly assist in reducing work effort and costs associated with repetitive and time consuming tasks. Manual techniques and analysis also are performed in each step to achieve the greatest understanding of your environment. Manual validation of findings reduces false positives; manual vulnerability testing reduces false negatives. False positives on a report lead to wasted effort in remediation. False negatives can expose an organization to risk of intrusion.