Vulnerability is the technical omission (either due to an incorrect, incomplete configuration or due to an error in the production of software, equipment, operating system) that allows unauthorized and hidden intrusion, interception and / or infiltration into information systems.
Vulnerability scanning is a separate service that is the application of a technological process to identify vulnerabilities in operating systems, machines, devices and infrastructure using specialized tools for scanning and identifying security breaches without exploited them. The specificity of this service depends on the execution phases, namely:
The actual vulnerability-scanning phase;
Analysis phase of true and false vulnerabilities;The an
The phase of describing the gaps with potential impact;
The analysis phase of the ways to fix the vulnerabilities.
The process of vulnerability scanning is easily comparable with medical x-rays of a human body in order to detect potential health risks.
The beneficial result of the vulnerability scans materializes according to a technical report that will contain the list of detected vulnerabilities as well as the recommendations /ways to fix them.
Circumstances in which the permanent IT segment is in a continuous dynamic, information security standards recommend vulnerabilities scanning at least once every three months depending on the specifics and the risk of data compromise in an IT system or device.
In order to have control of the "pulse" of cyber security, it is recommended that the vulnerability scan needs to be run once a month or at any change or configuration of IT devices and equipment within your company's infrastructure and only by experts who know how to be identified.