• Skip to main content
  • Skip to footer

Commonwealth Sentinel

Cyber Security for local government, non-profits and small business

MENUMENU
  • Home
  • About Us
    • Sheri Donahue
    • Leo Haggerty
    • Careers
  • Services
    • Vulnerability and Threat Evaluation
    • Transformation Management
    • CISO Management Services
    • Incident Response Management
  • News
  • Blog
  • FAQs
  • Contact Us

Terry Davis / July 22, 2022

Why do I Need a Vulnerability Scan?

Relax…Vulnerability Scans and Penetration Tests (PenTests) don’t hurt. There’s no “prep” like with a colonoscopy. But they are just as important.
Sometimes people want to skip the vulnerability scan and add on their security controls (e.g., Endpoint Detection and Response, Network Monitoring, Firewall, Anti-Virus, etc.).
Sometimes they think that they are protected since they already have a firewall. So why do a vulnerability scan?
When you add security to your system, a vulnerability scan is a critical step to know what it is you need to fix.
So what is the difference between a vulnerability scan and a penetration test?
A vulnerability scan looks for, well, vulnerabilities. The weak spots in your system where a breach could happen.
A penetration test simulates an attack on your system utilizing the vulnerabilities discovered in the scan.
In other words, if you were to find out that the lock on your front door was loose, you would check it to see if you could get in from the outside without a key.
Then, if you could, you would fix the lock.
Understanding the environment is an important first step in planning for how you will proceed with protecting the entire network, including the physical environment and personnel with access to the system.
Cyber security firms can conduct vulnerability assessments and should be able to do a penetration test. However, there are many types of vulnerability scans and just as many penetration tests. The type of penetration test used may depend on the vulnerability scan found, which will be determined by the scope of the vulnerability scan.
The more information you have, the better the design of the cyber security program.
A cyber security firm will perform some vulnerability assessments before implementing security measures. At least they should. You wouldn’t just put up a fence and assume your house is safe without putting locks on the doors. You need to fix all the weak spots in your system.
If your organization is a part of the critical infrastructure (county government, water facility, emergency management, etc.), the Cybersecurity and Infrastructure Security Agency (CISA) offers free assessments. They have several types and will work with you to determine which you should have. They will then provide a report informing you of their findings and what should be fixed to protect your organization. (Please note: CISA will not make any changes or add security to your system. They will only conduct the assessment.)
CYBER NEWS
Hackers impersonate cybersecurity firms in callback phishing attacks
Hackers impersonate cybersecurity firms in callback phishing attacks
Hackers are impersonating well-known cybersecurity companies, such as CrowdStrike, in callback phishing emails to gain initial access to corporate networks.
www.bleepingcomputer.com • Share
PayPal-themed phishing kit allows complete identity theft
PayPal-themed phishing kit allows complete identity theft
By misusing the PayPal logo and general design, the phishing kit is aimed at collecting info that can be used to steal the victims’ identity.
www.helpnetsecurity.com • Share
U.S. House Appropriators OK $15.6B in Cybersecurity Funding
U.S. House Appropriators OK $15.6B in Cybersecurity Funding
The majority of the federal funds, around $11.2 billion, will go to the Defense Department, while $2.9 billion will go to the Cybersecurity and Infrastructure Security Agency to bolster U.S. cyber defenses.
www.govtech.com • Share
TIP OF THE WEEK
Multi-State Information Sharing and Analysis Center (MS-ISAC)
The Multi-State ISAC is an information-sharing environment for state and local government and public agencies to share cyber security information, ideas, and collaboration.
They provide education and training, threat intelligence, webinars, incident response assistance, and more.
The stated mission of the MS-ISAC is:
To improve the overall cybersecurity posture of U.S. State, Local, Tribal, and Territorial (SLTT) government organizations through coordination, collaboration, cooperation, and increased communication.
It is free to join for employees or representatives of state and local governments, public school organizations, public institutions of higher education, authorities, and any other non-federal public entity in the US.
CYBER HUMOR

VOCABULARY WORD
Vulnerability Scan: Identifying security weaknesses in systems and their applications.
TWEET OF THE WEEK

Commonwealth Sentinel
Commonwealth Sentinel
@CwealthSentinel

Filed Under: Blog

Footer

CONTACT US

COMMONWEALTH SENTINEL

1230 US Highway 127 S
Suite #5
Frankfort KY 40601
(502) 320-9885

EMAIL US

ABOUT US

Cyber security consulting for local governments, non-profit organizations, and small businesses facing the threats of the cyber world.  At Commonwealth Sentinel, we are passionate about helping people be cyber-safe!

FOLLOW US

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • YouTube

Copyright © 2023 Commonwealth Sentinel

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT