Truly understanding your real-time exposure to risk is critically important to having the ability to correctly prioritize your patching and mitigation efforts that will limit this exposure most effectively.  Without an accurate means of visibility into data regarding system level (PC, Network Node, etc) potential vulnerabilities within your security domain, it is impossible to react effectively.  If you don't know the vulnerability is exposed and the risk exists, you cannot protect yourself against the associated threats. There are two ways to deal with this issue of vulnerability visibility:

1. Vulnerability Assessment: The ability to report upon potential risks that exist in your environment as a whole and on a per-system basis as well as the abilty to grade/rate each vulnerability such that an action plan for can be created to mitigate and patch the vulnerable systems.
2. Penetration Testing: The process of attempting to exploit a networks vulnerabilities to gain access to unauthorized systems through a pre-approved test.

Typically, Vulnerability Assessments are performed by automated scanners that provide predictable reports for ongoing vulnerability analysis and base-line risk security reporting. These assessment also commonly form the basis for ongoing remediation efforts within the InfoSec team based upon the vulnerability scoring process. In contrast, Penetration Testing is often performed on a far less-frequent basis and is used as a mechanism to prove the vulnerability assessment reports and action place are being followed and remediated as well as that other internal processes, change control, and training is being implemented effectively.

More Information:

For more information on Vulnerability Assessment Products, Solutions and Priveon Implementation Services, please contact us.