يحاول ذهب - حر
GETTING THE BEST VALUE OUT OF SECURITY ASSESSMENTS
September 2020
|Security Advisor Middle East
SANS CERTIFIED INSTRUCTOR AND CTO, INFIGO IS, DISCUSSES HOW ORGANISATIONS CAN CHOOSE THE RIGHT SECURITY ASSESSMENTS TO MAXIMISE THEIR SECURITY INVESTMENTS.
There are many aspects to managing vulnerabilities in today’s complex IT environments. Performing security assessments is a popular way of identifying existing vulnerabilities, which then allows for proper mitigation. In this article we look at the differences between vulnerability scanning, penetration testing and red teaming, three security assessments that are popular, but that should be performed with care, in order to achieve best results.
Deciding which security assessment to perform depends a lot on an organization’s security maturity level, and the best results will be achieved by performing them exactly in the order listed – let’s see why.
Vulnerability scanning (assessments) is something that every organisation should be doing on a regular basis. This is the first, and the most basic activity in managing vulnerabilities: the goal of a vulnerability scanner is to find lowhanging fruit and known vulnerabilities or misconfigurations. Vulnerability scanners will do a great job of enumerating installed patches, finding default accounts and misconfigurations. Modern scanners can also authenticate against target systems (log in), which will allow them to list installed patches and correlate such information with actively obtained data from a scan, thereby reducing false positive reports.
It is recommended that vulnerability scanning is performed regularly in every organisation, preferably with internal tools. The most popular network vulnerability scanners are Rapid7 Nexpose, Tenable Nessus and Qualys. Just keep in mind that these should be used for network scanning, while other, more specialized tools exist for application-level scanning (i.e. for web applications).
هذه القصة من طبعة September 2020 من Security Advisor Middle East.
اشترك في Magzter GOLD للوصول إلى آلاف القصص المتميزة المنسقة، وأكثر من 9000 مجلة وصحيفة.
هل أنت مشترك بالفعل؟ تسجيل الدخول
المزيد من القصص من Security Advisor Middle East
Security Advisor Middle East
CITRIX REDEFINES SECURE ACCESS FOR THE HYBRID ERA
FRANCOIS VAN DEVENTER, CTO AT MICLOUDSW, SHARES HOW CITRIX IS TRANSFORMING FROM A REMOTE-ACCESS PIONEER INTO A MODERN ACCESS SECURITY LEADER-EMPOWERING ENTERPRISES TO THRIVE IN AN AI-DRIVEN, ZERO-TRUST WORLD.
7 mins
October 2025
Security Advisor Middle East
KASPERSKY STRENGTHENS CLOUD PROTECTION WITH NEW CLOUD WORKLOAD SECURITY UPDATE
Kaspersky, together with Smart Africa and Africaines in Tech, has launched an innovative, science-backed career orientation test “Future You in Tech” created to promote professional development for young women in the cybersecurity industry and help remove potential entry barriers. The test is designed to help them discover which career paths best align with their interests, skills, and personality.
2 mins
October 2025
Security Advisor Middle East
SANS STRENGTHENS GULF CYBERSECURITY SKILLS THROUGH IMMERSIVE TRAINING, AI-DRIVEN LEARNING
NED BALTAGI OF SANS INSTITUTE OUTLINES HOW ADVANCED TRAINING, NATIONAL WORKFORCE ALIGNMENT, AND AI-FOCUSED FRAMEWORKS ARE SHAPING A MORE RESILIENT CYBERSECURITY LANDSCAPE ACROSS SAUDI ARABIA AND THE WIDER REGION.
4 mins
October 2025
Security Advisor Middle East
FORTINET SECURES DUBAI ENGLISH SPEAKING SCHOOL'S NEW ACADEMIC CITY CAMPUS WITH INTEGRATED NETWORKING AND SECURITY SOLUTIONS
DEPLOYMENT SUPPORTS GROWTH, DELIVERS CENTRALIZED NETWORK MANAGEMENT, AND STRENGTHENS CYBERSECURITY FOR HYBRID LEARNING IN THE EDUCATION SECTOR
2 mins
October 2025
Security Advisor Middle East
FROM CONTINUITY TO CONTINUOUS BUSINESS
COMMVAULT'S FADY RICHMANY OUTLINES HOW MULTI-CLOUD ADOPTION, AI DISRUPTION, AND RELENTLESS THREATS DEMAND A NEW RESILIENCE PLAYBOOK FOR THE UAE'S DIGITAL-FIRST FUTURE.
10 mins
October 2025
Security Advisor Middle East
SENTINELONE NAMED A LEADER IN THE 2025 IDC MARKETSCAPE FOR WORLDWIDE XDR SOFTWARE
SentinelOne, the leader in AI-native cybersecurity, announced that it has been recognised as a Leader in the IDC MarketScape: Worldwide Extended Detection and Response (XDR) Software 2025 Vendor Assessment. It is the latest third-party recognition of the company's Al-powered Singularity platform and its state-of-the-art approach to leveraging both native and third-party security data to stop attacks.
1 mins
October 2025
Security Advisor Middle East
RANSOMWARE PAYMENTS ARE DROPPING, BUT EMEA ORGANISATIONS ARE STILL UNPREPARED FOR ATTACKS
DESPITE THE NUMBER OF ORGANISATIONS PAYING RANSOMS DROPPING BY 22% YEAR-ON-YEAR, 63% WOULD STILL BE UNABLE TO RECOVER FROM A SITE-WIDE CRISIS DUE TO A LACK OF ALTERNATIVE INFRASTRUCTURE PLANS.
2 mins
October 2025
Security Advisor Middle East
FORTINET REPORT REVEALS CONTINUED RISE IN DATA LOSS DESPITE SMARTER DATA SECURITY PRACTICES AND RECORD CYBERSECURITY SPENDING
BUDGETS FOR DATA SECURITY ROSE AT 72% OF ORGANISATIONS LAST YEAR, YET 41% OF ORGANISATIONS STILL LOST MILLIONS TO INSIDER-DRIVEN DATA INCIDENTS
3 mins
October 2025
Security Advisor Middle East
VAD TECHNOLOGIES, CYBERX JOIN FORCES TO STRENGTHEN PEOPLE-CENTRIC CYBERSECURITY ACROSS GCC
THE NEW PARTNERSHIP AIMS TO EMPOWER ENTERPRISES TO BUILD CYBER-RESILIENT WORKFORCES AND DRIVE A CULTURE OF AWARENESS ACROSS THE REGION.
2 mins
October 2025
Security Advisor Middle East
FROM AWARENESS TO ACTION: THE UAE'S CYBERSECURITY FRONTLINES TAKE CENTRE STAGE AT GITEX 2025
OCTOBER BRINGS A POWERFUL CONVERGENCE FOR THE UAE'S DIGITAL LANDSCAPE—WHERE GITEX GLOBAL 2025 AND CYBERSECURITY AWARENESS MONTH UNITE TO SPOTLIGHT THE NATION'S LEADERSHIP IN RESILIENCE, INNOVATION, AND SECURE DIGITAL TRANSFORMATION.
8 mins
October 2025
Translate
Change font size