Hundreds of different vulnerability assessments could be conducted, depending on your organization, your industry or niche, and the way you operate. However, most of them fall into these three broad categories:

Network-oriented assessments

This type of assessment looks at the vulnerabilities in your network infrastructure devices, like your firewalls, switches, and routers. Processes in a network-oriented vulnerability assessment typically include network mapping, scanning for vulnerabilities, password cracking attempts (pen testing), and port scanning. 

Application-based assessments

These look at your Layer 7 (software applications, APIs, mobile apps, websites, etc.). These applications are often tested for the OWASP Top 10 Vulnerabilities, including XSS and SQL injection. 

Social engineering vulnerability assessments

Vulnerability scanning may be only one piece of a security assessment, but it’s a vital piece. Typically, a scan involves an AI, ML, or otherwise semi-autonomous attempt to find the security weaknesses in your hardware, software, and actual business practices.

There are typically three steps to a scan:           

• Network identification and inventory: All the devices on your network are counted, identified, and mapped out.

• Vulnerability detection and analysis: This is a key part of a network-oriented assessment. Automated tools are set to work looking for poor system configurations, outdated or vulnerable software, and non-optimal network settings. 

• Remediation: Finally, vulnerabilities are assessed for the risk they present, and fixed, updated, or shut down depending on that risk and how easy they are to set right. A key resource that helps prioritize the vulnerabilities that need to be addressed for this kind of scanning is the CISA Known Exploited Vulnerabilities Catalog, which highlights bugs that threat actors are actively targeting. 

While a full vulnerability assessment is a rare and time-consuming practice, vulnerability scanning is usually fast and non-disruptive. The best enterprise security plans use continuous scanning and monitoring to catch vulnerabilities as they arise.

Like an upgrade or uplift of a simple network vulnerability scan, almost every enterprise vulnerability assessment includes most of these key phases:

Asset inventory

Each asset is mapped out just as you would for a vulnerability scan, but in greater detail.

Credentialed scanning

Here, a scan is conducted as above, but with elevated user privileges. This provides a great deal more information. However, the most important part is that it shows what your network looks like to the kind of unauthorized user who has acquired or faked the credentials needed for high-level access. This is who you really need to protect against.   

Passive scanning

Passive scanning is conducted at the packet layer. Because it sends few or no packets, it has a lower likelihood of causing instabilities in the systems being scanned. 

Agent-based scanning

In agent-based scanning, AI or ML tools are deployed to conduct non-credentialed, fully automated scans for vulnerabilities.

Vulnerability prioritization

Here, the severity of the vulnerabilities found by the scans listed above is judged. These results can be ranked by whichever category of risk the client is most interested in. Typical prioritization methods include:

• Ranking vulnerabilities in terms of their business impact

• Ranking vulnerabilities in terms of the risk to the company of a successful exploitation 

• Ranking vulnerabilities in terms of how easy it would be to exploit them in a meaningful way 

Remediation tracking

With remediation tracking, a kind of to-do list is created, with an entry for every single vulnerability or weakness found on the client's systems. This ensures that none of them fall through the cracks or are never addressed at all. 

Each of these steps is vital to conducting a thorough, exhaustive assessment, which can be used effectively for either software vulnerability management or enterprise vulnerability assessment in a broader sense.

We can help. Huntress Managed EDR and SIEM solutions are key parts of the process. And even if you don't have the resources for a full assessment right now, Huntress makes it possible to strengthen your security posture with expert-managed detection, investigation, and response. Book a demo and see the Huntress managed platform in action.