Such scan is performed by automated tools that collect information about your infrastructure components,
and compare them to databases
of known vulnerabilities. These vulnerabilities are not exploited during the test.
Regular scans are one of the recommended measures that lead to continuous security.
Upon scan completion, you will receive a clear vulnerability report along with an estimation of the
technical risk. For each identified vulnerability,
you'll receive a specific action that needs to be applied to fix the problem.
A test carried out from the external environment focuses on all systems and applications accessible from
verifying if they are adequately secured against intrusion into your organization's internal
The security of internal systems should not be neglected, and a test from the internal environment is as
important as a test from
the external environment (from the Internet). An internal environment scan identifies and classifies the
vulnerabilities of your
organization's internal assets.
The cost of an infrastructure security scan depends on the number of scanned devices and the frequency of
Advantages versus penetration testing:
- Shorter waiting time for results (a penetration test takes much longer)
- Results are available immediately after tests have been completed
Disadvantages over penetration testing:
- Reveals only known vulnerabilities
- More prone to false positives
- Not possible to verify if currently implemented security mechanisms cannot prevent an exploitation
- Not possible to verify the real technical risk, as vulnerabilities are not exploited