External Vulnerability Scans are performed outside of your network. The function is to expose externally-accessible vulnerabilities that could result in a downed network. These scans search for your organization’s public IP addresses to illuminate vulnerabilities any hacker with an internet connection could target.

External vulnerability scans allow you to be proactive because you identify weaknesses and also have an opportunity to remedy any misconfigurations, such as ports that are opened unnecessarily. External Vulnerability Scans allow you to properly triage your efforts by highlighting the most important issues on your network from an outside point of view. Regularly running an External Vulnerability Scan will help to set and maintain a dynamic baseline to compare results to in-between scans.

We recommend getting an External Vulnerability Scan at least once per quarter. Depending on the specific needs for your organization, it may be best for monthly or even weekly scans. There is a delicate balance that we intend to help you find.

Internal Vulnerability Scans are performed from inside the network you’re assessing. In order to run this scan, the person scanning must be credentialed or in other words, scanning from a place of privilege to start. Because of this, Internal Vulnerability Scans are far greater detailed than what you’d see from an External Vulnerability Scan. You’re also exposed to the vulnerabilities inside all endpoints within your network, not just those public-facing.

Compliance Assessments look at the compliance standards of your industry and specific product and point out which ones you need to adhere to and how to do so. In this effort, closing compliance gaps translates into saved costs on compliance.

Internal Vulnerability Scans provide you the benefits delivered by the External Vulnerability Scans and applies them to all of the endpoints within your network. Acting on the flags generated by this scan can greatly increase the strength of your security posture against threats that manage to slip past your external defenses. In synthesizing data from these scans, we show you what your cyber defense team should be paying attention to, like what patches are missing and the top vulnerable machines in your network.

This answer varies by your industry and the specific business you conduct. For example, if your business is within the HIPPA supply chain you may need to conduct vulnerability assessments more frequently than a company that is not. We recommend getting an Internal Vulnerability Sans at least once per quarter.

The benefits of a Compliance Assessment includes knowing where to direct your attention to in order of importance. Often times there are a lot of requirements for your industry’s compliance standards, these scans help make sense of what is required of you.

We recommend getting a Compliance assessment at least once per year. We can work with you to identify the various submission requirements and deadlines for those corresponding Compliance Standards.